Infection

Résolu
toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   -  
toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour à tous,

Je pense avoir attrapé,une cochonnerie dont je n'arrive pas à me débarrasser. Depuis ce matin, j'ai beaucoup de mal à naviguer, des fenêtres windowsclick s'ouvrent depuis google. Je ne peux plus exécuter spybot, mon Mcafee à l'air d'être désactivé.
J'ai passé Spyware doctor qui semble avoir fait un peu de ménage puisqu'avant je ne pouvais démarrer qu'en mode sans échec mais maintenant il ne termine jamais son scan.

Si quelqu'un pouvait me donner un coup de main ça serait cool.

Merci d'avance,
Toast3r
Configuration: Windows XP
Internet Explorer 7.0

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Des signes de malware sur Windows XP provoquent des difficultés de navigation et des fenêtres indésirables s'ouvrant via le navigateur, avec un centre de sécurité et McAfee désactivés. Plusieurs outils ont été employés pour diagnostiquer, notamment Spybot, Spyware Doctor, Navilog et SDFix, avec des rapports affichant des processus et fichiers suspects et des messages d'alerte sur des menaces potentielles. Des précautions sont préconisées, notamment poster les rapports pour analyse et éviter toute désinfection sans avis d'un spécialiste, car certains résultats peuvent révéler des éléments légitimes et nécessiter prudence. En cas de trouble persistant, l'échange des logs avec les experts permet d'évaluer des signaux potentiels tels que Vundo ou des menaces adware, sans conclure prématurément.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    - Supprime Spyware Doctor >> cochonnerie

    - Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

    - Fermes toutes les applications en cours et double clic sur RSIT.exe
    - Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
    - Une fois l'analyse terminée, 2 rapports texte s'ouvrent, log.tx à l'écran et info.txt dans la barre des taches
    - Postes le contenu des 2 rapports
    0
  2. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    Voilà les rapports.

    Le log.txt:
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by d.pelletier at 2009-03-06 15:15:30
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 53 GB (52%) free of 104 GB
    Total RAM: 2038 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:16, on 06/03/09
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Tanagra\Memeo\MemeoService.exe
    C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Option\GlobeTrotter Mobility Manager\GtDetectSc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
    C:\WINDOWS\INCOPS3\ictray.exe
    C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
    C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
    C:\WINDOWS\System32\PCOUNTER.EXE
    C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe
    C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
    C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\FASOOD~1\fph.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Fasoo DRM\fpm.exe
    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\Program Files\SmarThru Office\BackUpSvr.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe
    C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    C:\WINDOWS\Twain_32\Samsung\CLX6200\Scan2pc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\MP4 Player\mp4Player.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Anoto\penDirector\penDirector.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
    C:\Program Files\Fichiers communs\Anoto\4.1\DockingEngine.exe
    C:\Documents and Settings\d.pelletier\Bureau\RSIT.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\HijackThis\d.pelletier.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.samsung.com/fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 106.10.1.2 single
    O1 - Hosts: 106.102.1.250 chronotic
    O1 - Hosts: 106.102.1.253 alea_nt
    O1 - Hosts: 106.102.1.254 nt-dhcp
    O1 - Hosts: 106.102.1.200 megateuf
    O1 - Hosts: 106.102.1.220 terateuf
    O1 - Hosts: 106.102.1.233 frontal
    O1 - Hosts: 106.102.1.229 7ici
    O1 - Hosts: 106.102.1.247 samsung_france
    O1 - Hosts: 106.102.1.238 nw-backup
    O1 - Hosts: 106.102.1.213 bc_prod
    O1 - Hosts: 106.102.1.252 gpadl360
    O1 - Hosts: 106.102.1.230 srvbdc1
    O1 - Hosts: 106.102.1.235 sef-dc
    O1 - Hosts: 165.213.249.10 gits
    O1 - Hosts: 165.213.248.113 seckm2
    O1 - Hosts: 165.213.251.170 secbk0
    O1 - Hosts: 165.213.251.172 secbk1
    O1 - Hosts: 168.219.175.8 secsw2
    O1 - Hosts: 165.213.251.151 singlekc0
    O1 - Hosts: 165.213.251.153 singlekc1
    O1 - Hosts: 165.213.249.246 singlekc2
    O1 - Hosts: 165.213.251.157 singlekc3
    O1 - Hosts: 165.213.251.159 singlekc4
    O1 - Hosts: 168.219.229.200 singlesw0
    O1 - Hosts: 168.219.229.201 singlesw1
    O1 - Hosts: 168.219.229.202 singlesw2
    O1 - Hosts: 168.219.229.203 singlesw3
    O1 - Hosts: 168.219.229.204 singlesw4
    O1 - Hosts: 168.219.229.205 singlesw5
    O1 - Hosts: 168.219.229.206 singlesw6
    O1 - Hosts: 168.219.229.207 singlesw7
    O1 - Hosts: 12.26.2.101 singlekh0
    O1 - Hosts: 12.26.2.103 singlekh1
    O1 - Hosts: 12.26.2.105 singlekh2
    O1 - Hosts: 12.26.2.107 singlekh3
    O1 - Hosts: 12.26.2.131 singlekh4
    O1 - Hosts: 12.26.2.133 singlekh5
    O1 - Hosts: 12.26.2.144 singlekh6
    O1 - Hosts: 165.213.249.210 singlekm0
    O1 - Hosts: 165.213.249.212 singlekm1
    O1 - Hosts: 165.213.249.214 singlekm2
    O1 - Hosts: 165.213.249.216 singlekm3
    O1 - Hosts: 165.213.249.240 singlekm4
    O1 - Hosts: 165.213.249.242 singlekm5
    O1 - Hosts: 165.213.249.244 singlekm6
    O1 - Hosts: 70.2.130.35 zircon.sds.co.kr zircon
    O1 - Hosts: 70.2.130.45 euclase.sds.co.kr euclase
    O1 - Hosts: 70.2.100.10 acube
    O1 - Hosts: 70.2.240.20 joseon2
    O1 - Hosts: 70.2.240.10 joseon
    O1 - Hosts: 106.10.1.2 samuro single
    O1 - Hosts: 106.10.1.195 euroixos
    O1 - Hosts: 106.101.6.10 ste.bz
    O1 - Hosts: 106.10.1.152 newprod
    O1 - Hosts: 106.10.1.25 eurodev
    O1 - Hosts: 210.118.76.142 eu.samsungvpn.com
    O1 - Hosts: 168.219.71.180 mdscm.sec.samsung.net
    O1 - Hosts: 210.118.57.133 www.samsunggrms.com
    O1 - Hosts: 203.254.199.140 w1.samsung.net
    O1 - Hosts: 106.102.1.25 Samsung_Print_Srv
    O2 - BHO: WebDC - {4aaa2f98-2d2f-4938-afb1-3ec1b51c41d9} - C:\Program Files\Fasoo DRM\f_webdc.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7D763236-738B-46BE-B828-8B3D7A1E29AD} - C:\WINDOWS\system32\opnLCtuT.dll (file missing)
    O2 - BHO: PMURLMObj Class - {922C022A-E97F-4FB6-890E-D167DA951D5E} - C:\WINDOWS\INCOPS3\PMURLMon.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [FPH Exe] "C:\PROGRA~1\FASOOD~1\fph.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [FPM Exe] "C:\Program Files\Fasoo DRM\fpm.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [STO Backup Service] C:\Program Files\SmarThru Office\BackUpSvr.exe
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
    O4 - HKLM\..\Run: [Logan_S2P] C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dc6da1b2] rundll32.exe "C:\WINDOWS\system32\leoevbjx.dll",b
    O4 - HKLM\..\Run: [6200 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX6200\Scan2pc.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Memeo Launcher.lnk = ?
    O4 - Global Startup: Anoto penDirector.lnk = ?
    O4 - Global Startup: Anoto_Router_dpelletier.jnlp
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Sélection par capture - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files\SmarThru Office\WebCapture.dll
    O9 - Extra 'Tools' menuitem: Sélection par capt - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files\SmarThru Office\WebCapture.dll
    O9 - Extra button: Enregistrer le texte sélectionné - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files\SmarThru Office\WebCapture.dll
    O9 - Extra 'Tools' menuitem: Enregistrer le text - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files\SmarThru Office\WebCapture.dll
    O9 - Extra button: Enregistrer au format HTML - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files\SmarThru Office\WebCapture.dll
    O9 - Extra 'Tools' menuitem: Enregistrer a - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files\SmarThru Office\WebCapture.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll
    O9 - Extra 'Tools' menuitem: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\anywall3.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\anywall3.dll
    O11 - Options group: [java_sun] Java (Sun)
    O15 - Trusted Zone: *.samsung-emp.com
    O15 - Trusted Zone: *.sec.samsung.com
    O15 - Trusted Zone: http://*.samsung.net
    O15 - Trusted Zone: *.samsunggsbn.com
    O15 - Trusted Zone: *.samsungportal.com
    O15 - Trusted Zone: http://*.samsungvpn.com
    O15 - Trusted Zone: *.samsungwireless.com
    O16 - DPF: {00B4EB57-5F54-4A6A-BC1A-DE9ABA26C0E2} (EPWrapsodyVersion Class) - http://drm.samsung.net/activex/EPDRM.fasoo.cab
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://210.118.63.201:8080/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://sso.sec.samsung.net/cabfiles/CM_CodeAx.cab
    O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://gppm.sec.samsung.net/SIMSV3_Manual/StreamNote2.cab
    O16 - DPF: {18C690F8-769B-4F07-A687-0FC0D45FFCC8} (ManCertCtrl Class) - https://partnerlogin.samsungelectronics.com/ko/secui/SecuiB2BIE-ko.cab
    O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - file:///C:/WINDOWS/Temp/MxLogicalTRU.cab
    O16 - DPF: {2FF8F8B7-1B3F-4E5F-93B1-FEF1D703C0F4} (LocalTree.LocalXMLTree) - http://w1.samsung.net/cabs/LocalFolder2004/Cab/mySingleLocal_U.cab
    O16 - DPF: {3042C30E-50B7-44EF-B4B6-C9AB391DEF78} (Manager Class) - http://eofficeeu.sec.samsung.net:8088/eoffice1/gauce/cabfiles/Manager.cab
    O16 - DPF: {3F3531B7-024F-48F5-A159-F45949473CFE} (SVPNSmartAgent Class) - http://eu.samsungvpn.com/english/data/cabFile/SVPNModule.cab
    O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6EA553AE-9B6D-4025-B3A9-CC3454F86E7B} (IssacSamNetCls Class) - file:///C:/DOCUME~1/D4C71~1.PEL/LOCALS~1/Temp/SamNetIssac.cab
    O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
    O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - file:///C:/WINDOWS/Temp/MxGridU.cab
    O16 - DPF: {7D73D9AC-9E28-47E7-B496-867A2341DD6F} (PdssRun Class) - http://eu.ghr.sec.samsung.net:8801/activex/pdss40.cab
    O16 - DPF: {88DDFD7D-14F7-4E89-8F85-737B90B1A0D0} (mySingleTrust.ClsMain) - http://w1.samsung.net/cabs/LocalFolder2004/Cab/mySingle_Trust.CAB
    O16 - DPF: {934CEFDC-E880-446F-880F-6560F613D8AA} (FCliVer Class) - http://drm.samsung.net/activex/fclient.cab
    O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - file:///C:/WINDOWS/Temp/MxReportU.cab
    O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/UniSSOCheck.cab
    O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - file:///C:/WINDOWS/Temp/MxImageSetU.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - file:///C:/DOCUME~1/D4C71~1.PEL/LOCALS~1/Temp/kdfense8.cab
    O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - file:///C:/WINDOWS/Temp/MxDataSetU.cab
    O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} (MultiDownload Control) - http://europe.samsungportal.com/km/htdocs/include/cabfiles/MultiDownload.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - file:///C:/WINDOWS/Temp/MxComboU.cab
    O16 - DPF: {BB783B43-D0E8-4EF2-A275-D147A4709E4E} (Treeview Control) - http://ecms.samsungelectronics.com/include/activex/treeview.cab
    O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - file:///C:/WINDOWS/Temp/MxMaskEditU.cab
    O16 - DPF: {DE6ABA6A-095B-43E3-BEBB-879868DC5C8A} (SSLinks Control) - http://mysingle5.samsung.net/portalWeb/cabs/messenger/SSLinks.cab
    O16 - DPF: {DF1AD5D9-977A-4A1F-9392-2AFFCCE6211F} (IxSheet Control) - http://edms-ab.sec.samsung.net/edms/lib/IxSheet_U.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://samsungepm.webex.com/client/T26L/webex/ieatgpc.cab
    O16 - DPF: {E1D1DACA-5BA2-4376-89AD-3A213B916779} (IBLeaders IBSheet For Unicode Control) - http://eu.ghr.sec.samsung.net:8801/activex/IBSheet4Unicode.CAB
    O16 - DPF: {E463DD62-1D07-425E-B82A-539FBA2F4162} (GSBN_Updater.UserControl1) - https://www.samsunggsbn.com/PSI3/Cab/GSBN_Updater.CAB
    O16 - DPF: {F2B7C894-49BD-4582-A142-0AE1C99460C2} (CodeAxNew Class) - http://stels.sec.samsung.com/common/cabfiles/CM_CodeAxNew.cab
    O16 - DPF: {F36BB72B-9876-4C6D-B22F-D68E480A39B5} (XFileUploadListDown.ListDownCTL) - http://www.samsungprins.com/F_Include/XFileUpload/XFileUpload_OnlyOne.CAB
    O16 - DPF: {F9C6BABD-843A-419E-996A-8FB7C8F77A78} (MakeProductKeyOCX Control) - http://www.samsungprins.com/f_product/Pims_download/productkey.cab
    O16 - DPF: {FEA96871-7BA4-496B-B020-6B078839891E} (SVPNEnvCheck Control) - file:///C:/DOCUME~1/D4C71~1.PEL/LOCALS~1/Temp/SVPNEnvModule.cab
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.xfinity.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sef_dms.lan
    O17 - HKLM\Software\..\Telephony: DomainName = sef_dms.lan
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sef_dms.lan
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sef_dms.lan
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sef_dms.lan
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: mnhbvp.dll
    O20 - Winlogon Notify: wlic3 - C:\WINDOWS\SYSTEM32\WLIC3Pk.dll
    O20 - Winlogon Notify: yayxvWQK - yayxvWQK.dll (file missing)
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Franson GpsGate 2.0 - Unknown owner - C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe
    O23 - Service: gateman - SDS - C:\WINDOWS\incops3\gateman.exe
    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Mobility Manager\GtDetectSc.exe
    O23 - Service: GTMM Device Service - Option nv - C:\Program Files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pcounter Data Server (PcounterData) - A.N.D. Technologies, Inc. - C:\WINDOWS\System32\PCNTDATA.EXE
    O23 - Service: Pcounter Printer Control (PcounterPrint) - A.N.D. Technologies, Inc. - C:\WINDOWS\System32\PCOUNTER.EXE
    O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe
    O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
    O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
    0
  3. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    fin du log.txtx
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-29 92792]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2006-02-14 221191]
    S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2006-06-08 29184]
    S4 winfil32;winfil32; C:\WINDOWS\system32\winfil32.exe [2006-09-14 77824]

    -----------------EOF-----------------
    0
  4. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    La fin du log.txt

    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-29 92792]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2006-02-14 221191]
    S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2006-06-08 29184]
    S4 winfil32;winfil32; C:\WINDOWS\system32\winfil32.exe [2006-09-14 77824]

    -----------------EOF-----------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    et l'info.txt
    info.txt logfile of random's system information tool 1.05 2009-03-06 15:16:30

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x40c anything
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    ACUBE UniSSOTray V1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{817DE62F-5787-43BB-8877-5F81FAE5A823}\Setup.exe" UNINSTALL
    Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
    Adobe Acrobat 6.0.1 Standard - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-BA7E-000000000001}
    Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
    Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
    Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
    Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    ALZip-->"C:\Program Files\ALZip\unins000.exe"
    Anoto penDirector 1.1.2.0-->MsiExec.exe /I{770E1C5A-8004-4875-BC53-C10142432392}
    Anoto penPresenter 1.0.0.0-->MsiExec.exe /I{90D69E02-3FE9-493D-B43F-B78FD3A02B72}
    Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Aspell French Dictionary-0.50-3-->"C:\Program Files\Aspell\unins001.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
    Atheros WLAN Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B18B7901-4025-4BFF-9DA2-BCC45F594DE2}\setup.exe" -l0x40c
    AVStation Premium 3.75-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{BA7AF70A-F81B-40EF-9268-741A7DE3D608} /l1036
    Bibliothèques GTK+ 2.12.12 rev a (supprimer uniquement)-->C:\Program Files\Fichiers communs\GTK\2.0\uninst.exe
    BtwMfcMM-->MsiExec.exe /I{D5B46D30-F054-4C64-9C0F-97C8451E7D04}
    CANAL WIDGET-->MsiExec.exe /X{09B6B322-325F-4A5F-9051-830ED194A1A7}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
    Centra Client-->C:\PROGRA~1\Centra\Client\bin\updater.exe -uninstall
    Connection Manager-->MsiExec.exe /I{1268E742-C02A-489F-A8A3-BAE48FCED6E9}
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    DisplayManager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
    DivX Author 1.5-->C:\Program Files\DivX\DivX Author 1.5\DivXAuthorUninstall.exe /DIVX_AUTHOR
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Documentation de PlanetPress Suite 6-->MsiExec.exe /X{CD53CCA4-83BA-4D0E-96E2-AF559B0AFF92}
    Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
    EudoSync-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Eudoweb\EudoSync\DeIsL1.isu" -c"C:\Program Files\Eudoweb\EudoSync\_ISREG32.DLL"
    Favorit-->"c:\documents and settings\d.pelletier\local settings\application data\cecedxtx.exe" -uninstall
    Favorit-->"c:\documents and settings\d.pelletier\local settings\application data\cqelbvd.exe" -uninstall
    FileZilla Client 3.1.5.1-->C:\Program Files\FileZilla Client\uninstall.exe
    Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
    Foxit PDF Suite-->C:\Program Files\Foxit Software\Uninstall.exe
    Franson GpsGate 2.6-->MsiExec.exe /I{8A0E9B9D-7E20-4B86-870D-70434207AD0B}
    GlobeTrotter Mobility Manager-->MsiExec.exe /X{427D8359-6D2E-4C9E-ACF9-CF595CED1DB6}
    GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
    GpsGate-->C:\Program Files\Microsoft ActiveSync\GpsGate\Uninstall.exe GpsGate
    GTK+ 2.10.13 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
    HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
    HttpWatch Basic 5.3.20-->C:\Program Files\HttpWatch\uninstall.exe
    IBE RegEditor for Pocket PC-->"C:\Program Files\IBE\Registry Editor for Pocket PC\unins000.exe"
    ImageMagick 6.3.6-3 Q16 (10/15/07)-->"C:\Program Files\ImageMagick-6.3.6-Q16\unins000.exe"
    J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    JScribe Software Development Kit 4.0-->MsiExec.exe /I{75587AC2-3EF2-4358-81F7-EC678723DF76}
    JScribe Software Development Kit 4.1-->MsiExec.exe /I{2A555B4D-1B72-4220-A9EF-3385EDD868A5}
    JTalk 4.0.1-->MsiExec.exe /I{C2575698-5709-4EF8-8912-FEDCCA931A9D}
    K-Defense8 Control - Űº¸µå º¸¾È-->C:\WINDOWS\system32\uninstallkdf8.exe
    K-Lite Codec Pack 3.2.5 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Korean Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
    LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Lizardtech DjVu Control (autoinstall)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DjVuLite.us.inf,DefaultUninstall,5
    Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
    Magic Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove
    Management Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CA6206-7109-4426-8EE0-1BD0BE54BCC9}\setup.exe" -l0x9 -removeonly
    McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}
    mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    Metro-->C:\Program Files\Microsoft ActiveSync\Metro\Uninstall.exe Metro
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2003 French User Interface Pack-->MsiExec.exe /I{901E040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
    Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual Basic 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - FRA\setup.exe
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
    MIS DecisionWare - Alea-->MsiExec.exe /I{D69D9D17-EF4B-45B5-B132-2A451C56DB59}
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox 3\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MP4 Player -->C:\Program Files\MP4 Player\uninst.exe
    MSDN Library for Microsoft Visual Studio 2008 Express Editions-->C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
    Network Fax Printer-->C:\Program Files\InstallShield Installation Information\{80078570-6C67-486C-8CF0-B0D778FC69B5}\setup.exe -runfromtemp -l0x0009 -removeonly
    Numérisation en réseau-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98357EB8-C10E-414A-A6EC-F3392EA97D35}\Setup.exe" -l0x40c
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    Orange Plug-in messagerie vocale 888-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
    palmOne-->MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
    PDM Version 4.1-->"C:\Program Files\PDM\unins000.exe"
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    Readiris Pro 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}\setup.exe" -l0x40c
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Registry Easy v4.2-->"C:\Program Files\Registry Easy\unins000.exe"
    Rose-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB45137-6282-4258-A200-4A7375B2E49C}\setup.exe" -l0x9 -removeonly
    Samsung Battery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x9 Remove
    Samsung CLP-660 Series-->C:\Program Files\Samsung\Samsung CLP-660 Series\Install\Setup.exe /R
    Samsung CLX-6200 Series-->C:\Program Files\Samsung\Samsung CLX-6200 Series\Install\Setup.exe /R
    SAMSUNG Dr. Printer -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DB87EAC-F695-4D59-9609-C93119AE6B35}\setup.exe" -l0x40c -removeonly
    Samsung Flash Form Solution-->C:\Program Files\Samsung\Samsung Flash Form Solution\Install\Setup.exe /R
    Samsung Media Studio 5-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung ML-2850 Series-->C:\Program Files\Samsung\Samsung ML-2850 Series\Install\Setup.exe /R
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{A620E308-2124-4A35-BA95-F1CAEF538CB9}
    SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung Network Manager 2.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} /l1036
    Samsung Network PC Fax-->C:\WINDOWS\prinst.exe /m"Samsung" /u"Samsung Network PC Fax"
    Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung SCX-4500 Series-->C:\Program Files\Samsung\Samsung SCX-4500 Series\Install\Setup.exe /R
    Samsung SCX-5x30 Series-->C:\Program Files\SAMSUNG\Samsung SCX-5x30 Series\Install\Setup.exe /R
    Samsung SCX-6x45 Series-->C:\Program Files\SAMSUNG\Samsung SCX-6x45 Series\Install\Setup.exe /R
    Samsung Update Plus-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1036
    SAP Front End-->"C:\Program Files\SAP\FrontEnd\setup\sapsetup.exe" /uninstall
    SciTE 1.57-->"C:\Program Files\SciTE Source Code Editor\unins000.exe"
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    SENS LT56ADW Modem-->agrsmdel
    SetIP-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C206015D-DAC5-407C-A54B-6D7776A0881C}\Setup.exe" -l0x40c
    Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8}
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
    SimsCsStart-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE1BA7AE-21A3-4B53-863D-0AA39D2E9D9B}\Setup.exe" -l0x9
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SmarThru 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x40c uninstall -l040c
    SmarThru Office PC Fax-->C:\WINDOWS\prinst.exe /m"Samsung" /u"SmarThru Office PC Fax"
    SmarThru Office-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}\Setup.exe" -l0x40c uninstall -l040c
    SmarThru PC Fax-->C:\WINDOWS\prinst.exe /m"Samsung" /u"SmarThru PC Fax"
    Smartione-->"C:\Program Files\Smartione\unins000.exe"
    SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
    Spamihilator-->"C:\Program Files\Spamihilator\uninstall.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    THE Rename 2.1.6-->"C:\Program Files\THE Rename\unins000.exe"
    Thunderbird-Tray-->C:\Program Files\Thunderbird-Tray\TBTray-Uninstall.exe
    Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
    Update for Windows Internet Explorer 7 (KB928089)-->"C:\WINDOWS\ie7updates\KB928089\spuninst\spuninst.exe"
    User's Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF99C14B-17C2-4994-B5C1-EB204A343A6F}\Setup.exe" Remove
    Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
    Visual C++ 8.0 MFC (x86) WinSXS MSM-->MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
    Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM-->MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
    Visual C++ CRT 8.0-->MsiExec.exe /I{B2395631-54D5-481E-B9A8-74B269546F40}
    Visual C++ CRT 9.0 SP1-->MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}
    Visual C++ CRT 9.0-->MsiExec.exe /I{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}
    Visual Studio 2005 Tools pour Office Second Edition Runtime-->C:\Program Files\Fichiers communs\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
    VisualGPSce-->C:\Program Files\Microsoft ActiveSync\VisualGPSce\Uninstall.exe VisualGPSce
    Visualizer Photo Resize-->MsiExec.exe /I{838F0053-8744-4B63-8819-CC44C06308AC}
    VLC media player 0.9.2-->C:\Program Files\VLC\uninstall.exe
    VMware Infrastructure Update-->MsiExec.exe /X{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}
    VPN Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
    WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
    WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinPcap 4.0.1-->C:\Program Files\WinPcap\uninstall.exe
    WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    Wireshark 0.99.6a-->"C:\Program Files\Wireshark\uninstall.exe"
    WorkgroupShare Client-->C:\Program Files\WorkgroupShare Client\UninstallWSClient.exe
    WOW XT and TSXT Filter Driver-->MsiExec.exe /X{A48A8684-A104-44DA-B3DF-0178A125D8D9}
    X11 VR Showroom-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C1842F45-BD7E-4BFD-9A81-40D1E35A59B4} /l1036

    =====HijackThis Backups=====

    O20 - Winlogon Notify: wlic3 - C:\WINDOWS\SYSTEM32\WLIC3Pk.dll
    O15 - Trusted IP range: 106.10.1.122
    O15 - Trusted IP range: 106.10.1.225
    O15 - Trusted IP range: 165.213.254.115
    O15 - Trusted IP range: 165.213.254.82
    O15 - Trusted IP range: 106.10.1.223
    O15 - Trusted IP range: 106.10.1.227
    O15 - Trusted IP range: 106.10.1.221
    O15 - Trusted IP range: 165.213.251.209
    O23 - Service: winfil32 - SDS - C:\WINDOWS\system32\winfil32.exe

    ======Hosts File======

    127.0.0.1 activate.adobe.com
    106.10.1.2 single
    106.102.1.250 chronotic
    106.102.1.253 alea_nt
    106.102.1.254 nt-dhcp
    106.102.1.200 megateuf
    106.102.1.220 terateuf
    106.102.1.233 frontal
    106.102.1.229 7ici
    106.102.1.247 samsung_france

    System event log

    Computer Name: PELLETIERX11
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 5
    Source Name: EventLog
    Time Written: 20090306104930.000000+060
    Event Type: Informations
    User:

    Computer Name: PELLETIERX11
    Event Code: 9
    Message: Broadcom NetXtreme Gigabit Ethernet: Network controller configured for 100Mb full-duplex link.

    Record Number: 4
    Source Name: b57w2k
    Time Written: 20090306104604.000000+060
    Event Type: Informations
    User:

    Computer Name: PELLETIERX11
    Event Code: 15
    Message: Broadcom NetXtreme Gigabit Ethernet: Driver initialized successfully.

    Record Number: 3
    Source Name: b57w2k
    Time Written: 20090306104604.000000+060
    Event Type: Informations
    User:

    Computer Name: PELLETIERX11
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20090306104556.000000+060
    Event Type: Informations
    User:

    Computer Name: PELLETIERX11
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20090306104556.000000+060
    Event Type: Informations
    User:

    Application event log

    Computer Name: PELLETIERX11
    Event Code: 35
    Message: Impossible de déterminer si la banque se trouve dans l'étendue d'analyse (erreur=0x8007043c).

    Record Number: 21799
    Source Name: Outlook
    Time Written: 20090306131615.000000+060
    Event Type: erreur
    User:

    Computer Name: PELLETIERX11
    Event Code: 35
    Message: Impossible de déterminer si la banque se trouve dans l'étendue d'analyse (erreur=0x8007043c).

    Record Number: 21798
    Source Name: Outlook
    Time Written: 20090306131615.000000+060
    Event Type: erreur
    User:

    Computer Name: PELLETIERX11
    Event Code: 35
    Message: Impossible de déterminer si la banque se trouve dans l'étendue d'analyse (erreur=0x8007043c).

    Record Number: 21797
    Source Name: Outlook
    Time Written: 20090306131615.000000+060
    Event Type: erreur
    User:

    Computer Name: PELLETIERX11
    Event Code: 35
    Message: Impossible de déterminer si la banque se trouve dans l'étendue d'analyse (erreur=0x8007043c).

    Record Number: 21796
    Source Name: Outlook
    Time Written: 20090306131615.000000+060
    Event Type: erreur
    User:

    Computer Name: PELLETIERX11
    Event Code: 35
    Message: Impossible de déterminer si la banque se trouve dans l'étendue d'analyse (erreur=0x8007043c).

    Record Number: 21795
    Source Name: Outlook
    Time Written: 20090306131615.000000+060
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=c:\program files\imagemagick-6.3.6-q16;C:\Program Files\Fichiers communs\Anoto\gs\gs8.61\lib;C:\Program Files\Fichiers communs\Anoto\gs\gs8.61\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung PC Studio 3;C:\Program Files\MIS\Alea\bin;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\ALZip\;C:\Program Files\MIS\Alea\bin\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
    "PROCESSOR_REVISION"=0f02
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "LANG"=fr
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

    -----------------EOF-----------------
    0
  7. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    Désolé pour le multi-post mais j'ai vraiment des soucis. J'espère que tu as tout.

    Merci de ton aide.
    0
  8. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Ok, je regardes toute de suite !
    0
  9. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Telecharges Ccleaner : https://filehippo.com/download_ccleaner/

    - Pendant l'installation, décoches la case proposant la barre Yahoo et celle proposant d'ajouter l'options des mises a jours..
    - Une fois installé, fermes toutes les applications en cours et lances Ccleaner
    - clic sur mode avancé et décoche la case " effacer les fichiers du....plus vieux que 48h, ne touches pas aux autres parametres
    - Clic sur "Nettoyeur " >> " analyse " >> et lances le nettoyage, puis refermes le programme
    telecharge SDFix sur ton bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    - Fermes toutes les applications en cours, puis double clic sur le raccourci de ton bureau
    - Clic sur " Install " pour l'extraire dans un dossier dedié

    - Redemarres ton pc en mode sans echec :
    - Au demarrage du pc, tapotes sur la touche F8 ou F5 du clavier juste aprés le bip du bios et avant le logo " windows "
    - Un ecran avec plusieurs choix apparaitra > selectionnes " mode sans echec " et valides par la touche " Entrée " de ton clavier

    - Une fois en " mode sans echec " , ouvres le fichier créé, puis double clic sur " Runthis.bat "
    - Une fenetre noir apparait, appuies sur la touche " Y " pour lancer le nettoyage
    - Le bureau va disparaitre, c'est normal
    - L'outil va travailler, patientes jusqu'à la fin du scan
    - Une fois terminé, Sdfix te signalera que l'ordi doit redemarrer, acceptes en pressant une touche..
    - Le pc va redemarrer en mode normal, une fois ton bureau en place, il va générer un rapport
    - Sauvegardes le et poste son contenu ( tu le trouveras aussi à c:\report.txt)
    0
  10. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    J'ai un gros soucis là. Je ne peux pas démarrer en mode sans échec. Lorsque j'essaie, il se met bien en sans échec , me demande mon mdp mais il reboote ensuite.

    Une autre idée?
    0
  11. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Telecharges Combofix et enregistres le sur ton bureau

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe -

    /!\ Desactives ton antivirus et la garde de ton antispyware ( si tu en as un) /!\

    - Deconnectes toi et fermes toutes les applications en cours
    - Double clic sur Combofix.exe >> un message apparait > réponds " oui "
    - ( Il est conseillé d'installer la console de recuperations)
    - Selectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

    /!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

    - A la fin du scan, Combofix aura besoin de redemarrer pour finir la desinfection, laisses le faire
    - Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt
    0
  12. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    Re...

    Alors comme je n'arrivais plus à rien, j'ai démonté mon disque, je l'ai mis dans un boitier externe et je l'ai scanné à partir d'un autre PC avec AVG Free. Il a trouvé pas moins de 5 infections différentes mais n'en a nettoyé que 3.

    Ça à l'air de marcher un peu mieux maintenant mais je ne sais pas si je dois reprendre la procédure là où on l'a laissée ou si tu veux que je recommence tout à zéro.

    Je ne suis pas là ce soir mais je devrais être assez dispo ce week-end. J'attends tes instructions en te remerciant encore une fois pour ton aide.

    Toast3r
    0
  13. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Essayes comme ceci, tu devrais y arriver :

    - Telecharges Malwarebytes' Anti-Malware :

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    - Installe le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour
    - Une fois installé, fermes toutes les applications en cours et lances Malwarebytes
    - Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)
    - A la fin du scan clic sur " Afficher les resultats ", si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "
    - Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes
    - Un rapport s'etablira, postes son contenu.
    0
  14. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    Voilà le rapport avant redémarrage, j'ai refait un scan après et il n'y avait plus rien:

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1825
    Windows 5.1.2600 Service Pack 3

    06/03/09 20:23:21
    mbam-log-2009-03-06 (20-23-21).txt

    Type de recherche: Examen rapide
    Eléments examinés: 97093
    Temps écoulé: 7 minute(s), 12 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 63
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 49

    Processus mémoire infecté(s):
    C:\Program Files\Fasoo DRM\fpm.exe (Trojan.BHO) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\Fasoo DRM\f_blksc.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_xlus.dll (Trojan.BHO) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\f_webdc.xwebdc (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{487b489f-95c2-44c1-b31f-f7fd71ffa5be} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3474531e-ccf0-494b-8ec5-254e93effaf9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4aaa2f98-2d2f-4938-afb1-3ec1b51c41d9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4aaa2f98-2d2f-4938-afb1-3ec1b51c41d9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4aaa2f98-2d2f-4938-afb1-3ec1b51c41d9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\f_webdc.xwebdc.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{1de3791c-e723-447a-a402-37fd2f133750} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d827611e-de82-4010-b6d6-1df3f63f5065} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{a7e8de60-4dea-11d6-a03d-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a7e8de6c-4dea-11d6-a03d-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5e705a09-557a-4ceb-8177-c94e0400c902} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b4c942e7-57d6-41fd-bb18-15c077179dcc} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{72917d60-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72917d6d-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{72917d6e-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{236cc5e0-d591-442b-a070-0e2bc4d707e8} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{80fb062c-3d5d-11d6-a031-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1687b15d-e5fd-47a7-8a3a-0ed326a54fa7} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1687b15d-e5fd-47a7-8a3a-0ed326a54fa7} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f7e4275d-81cb-4cc9-bf45-cc3b86eb9570} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{da74df6a-4b0b-4e42-9166-290b56239b69} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1773a6ae-93d3-4ce2-9965-ae29f1e59db1} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{49086551-9514-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dd846afe-9557-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dd846b02-9557-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3a48d2b8-2ea5-418a-a4d4-52b6bbfc7e95} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{81abbbb2-c869-4e35-ae7a-583b470d3ed9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{a77c1658-358a-484a-ac86-bcfc0ef1d216} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{979e5fcf-eb94-4532-adc7-dcbe57dc1203} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{da3144f1-fce0-4012-a289-e4ceada25ee6} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{d55001f0-20eb-11d6-a01a-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d55001fd-20eb-11d6-a01a-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e547fb26-f94d-4b3c-99cb-c65003542a0a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e9b499c0-539b-11d6-a044-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{94768d6c-32eb-4db4-ac31-a3b6181adef5} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4d4e0637-5d6e-4f4c-823d-82efc637541a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fde46f8c-d05c-43d3-81dd-06e17bb7060d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{952eb86c-14bf-4cff-bb1b-af65b473bc5d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{372b030e-ff2e-4c43-952f-fd02a5fbe1a9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b04a9325-39b1-414d-8923-0186fca1c40a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{30a39e90-1c8a-4ea4-8733-8c3dd0818281} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30a39e90-1c8a-4ea4-8733-8c3dd0818281} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{30a39e90-1c8a-4ea4-8733-8c3dd0818281} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{a82eed52-7466-4fb6-b8b5-1107c1828b4f} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e467ddd-f8a8-4845-acdf-775746a79725} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e4159d60-810b-4f8c-aaa0-7aa8aa18faac} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{087aac2c-6ce2-4518-9dc2-729244730629} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4feba4f2-1906-44bb-b269-7b5a4ae8cc6d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4feba4f2-1906-44bb-b269-7b5a4ae8cc6d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4feba4f2-1906-44bb-b269-7b5a4ae8cc6d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{26904ce0-3007-11d6-a025-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{26904ced-3007-11d6-a025-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{02443f1f-2ff1-11d6-a025-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fph exe (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpm exe (Trojan.BHO) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5ff32d71-2126-40b8-8737-021cecb9f3f2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14,85.255.112.62 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5ff32d71-2126-40b8-8737-021cecb9f3f2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14,85.255.112.62 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5ff32d71-2126-40b8-8737-021cecb9f3f2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14,85.255.112.62 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9355e87a-fe5c-4fe0-80da-12cd703923aa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.14,85.255.112.62 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\Fasoo DRM (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\Log (Trojan.BHO) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\d.pelletier\Local Settings\Application Data\cecedxtx_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\d.pelletier\Local Settings\Application Data\cecedxtx_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\d.pelletier\Local Settings\Application Data\cecedxtx.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\d.pelletier\Local Settings\Application Data\cqelbvd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\d.pelletier\Local Settings\Application Data\cqelbvd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\d.pelletier\Local Settings\Application Data\cqelbvd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Program Files\Fasoo DRM\f_webdc.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\hs3i7jdgfd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\TEMP\UACe49e.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\TEMP\UACefac.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Program Files\Fasoo DRM\FasooAcrobatManager4x.api (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\FasooAcrobatManager5x.api (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\fph.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\fpm.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\fsmLoader.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_agent.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_ai.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_blksc.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_cie.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_cie_ep_sso.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_cm.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_dc.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_diag.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_dm.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_dn.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_info.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_kcl(htmlviewer).fac (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_pm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Fasoo DRM\f_smgbd.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_sps.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_swv.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_ver.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_vh.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_vi.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_vt.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_webdm.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_websn.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\f_xlus.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\InstAcro.exe (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\SMGBD.dll (Trojan.BHO) -> Delete on reboot.
    C:\Program Files\Fasoo DRM\Log\101.log (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Fasoo DRM\Log\21.log (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Fasoo DRM\Log\70.log (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Fasoo DRM\Log\f_1507.log (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\UniSSOCheck.inf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-3-9-66-100030674-100016136-100029924-3256.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\UACestydmes.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\UAChbxlisrx.log (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  15. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Vides la quarantaine de Malwarebytes >> onglet quarantaine et supprimes tout

    - Ensuite,telecharge SDFix sur ton bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    - Fermes toutes les applications en cours, puis double clic sur le raccourci de ton bureau
    - Clic sur " Install " pour l'extraire dans un dossier dedié

    - Redemarres ton pc en mode sans echec :
    - Au demarrage du pc, tapotes sur la touche F8 ou F5 du clavier juste aprés le bip du bios et avant le logo " windows "
    - Un ecran avec plusieurs choix apparaitra > selectionnes " mode sans echec " et valides par la touche " Entrée " de ton clavier

    - Une fois en " mode sans echec " , ouvres le fichier créé, puis double clic sur " Runthis.bat "
    - Une fenetre noir apparait, appuies sur la touche " Y " pour lancer le nettoyage
    - Le bureau va disparaitre, c'est normal
    - L'outil va travailler, patientes jusqu'à la fin du scan
    - Une fois terminé, Sdfix te signalera que l'ordi doit redemarrer, acceptes en pressant une touche..
    - Le pc va redemarrer en mode normal, une fois ton bureau en place, il va générer un rapport
    - Sauvegardes le et poste son contenu ( tu le trouveras aussi à c:\report.txt)
    0
  16. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    voilà le rapport. Pour info, j'ai des fenêtres Firefox intempestives qui s'ouvrent et il me semble que mon centre de sécurité et mon McAfee (pas le choix c'est un pc pro) ne tournent plus:

    [b]SDFix: Version 1.240 [/b]
    Run by d.pelletier on 07/03/09 at 15:19

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\d.pelletier\Bureau\SDFix\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\-59679~1 - Deleted
    C:\DOCUME~1\D4C71~1.PEL\LOCALS~1\Temp\TMP4.tmp - Deleted
    C:\DOCUME~1\D4C71~1.PEL\LOCALS~1\Temp\TMP6.tmp - Deleted
    C:\DOCUME~1\D4C71~1.PEL\LOCALS~1\Temp\TMP70.tmp - Deleted
    C:\DOCUME~1\D4C71~1.PEL\LOCALS~1\Temp\TMPB.tmp - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:
    0
  17. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    - Le rapport n'est pas entier, tu pourrais l'envoyer entièrement stp ?

    .
    0
  18. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    Euh...c'est tout ce que j'ai dans report.txt mais il ne s'est pas ouvert tout seul, il a fallu que j'aille le chercher dans le dossier sdfix
    0
  19. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Télécharge Navilog1 (de IL-MAFIOSO) http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    enregistre ce fichier sur le bureau.
    - Desactives ton antivirus et la garde de ton antispyware, si tu en as un

    - Lances l'installation en executant le fichier téléchargé

    - Double clic sur navilog1 présent sur le bureau

    - Appuie sur F ou f valide par Entrée

    - Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

    - Choisis l'option 1 appuie sur la touche Entrée pour valider ton choix.

    - Patiente jusqu'au message : *** Analyse Termine le ..... ***

    - Le scan fini un rapport portant ce fixnavi.txt sera affiché poste le contenu de ce rapport.
    - Si le résultat du scan ne s'affiche pas tu le trouveras dans C:\fixnavi.txt.
    0
  20. toast3r Messages postés 84 Date d'inscription   Statut Membre Dernière intervention  
     
    voilà le rapport de navilog (exécuté en mode normal):

    Search Navipromo version 3.7.5 commencé le 07/03/09 à 16:37:08.50

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
    BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 21XI
    USER : d.pelletier ( Not Administrator ! )
    BOOT : Normal boot

    C:\ (Local Disk) - NTFS - Total:101 Go (Free:56 Go)
    D:\ (CD or DVD)
    Z:\ (Network Disk)

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\d.pelletier\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\admin\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\REMOTE~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\SEF\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\SEFAdmin\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\d.pelletier\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\admin\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\SEF\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\SEFAdmin\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\d.pelletier\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\admin\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\REMOTE~1\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\SEF\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\SEFAdmin\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\d.pelletier\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\admin\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\SEF\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\SEFAdmin\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!

    HKEY_CURRENT_USER\Software\Lanconfig

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\d.pelletier\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\admin\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\SEF\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\SEFAdmin\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :

    C:\WINDOWS\system32\blncivrc.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 07/03/09 à 16:45:58.93 ***
    0
  21. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Ok, si tu as telechargé combofix la 1ere fois, il faut que tu fasses ceci :

    Clique sur Démarrer puis Exécuter. Tapes combofix /u dans la zone de saisie puis OK. Il doit y avoir un espace avant /u"

    - Ensuite :Telecharges Combofix et enregistres le sur ton bureau

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe -

    /!\ Desactives ton antivirus et la garde de ton antispyware ( si tu en as un) /!\

    - Deconnectes toi et fermes toutes les applications en cours
    - Double clic sur Combofix.exe >> un message apparait > réponds " oui "
    - ( Il est conseillé d'installer la console de recuperations)
    - Selectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

    /!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

    - A la fin du scan, Combofix aura besoin de redemarrer pour finir la desinfection, laisses le faire
    - Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

    .
    0
  • 1
  • 2
  • 3