Virus VBS:Malware-gen
gerard777
Messages postés
14
Statut
Membre
-
plopus Messages postés 6113 Statut Contributeur sécurité -
plopus Messages postés 6113 Statut Contributeur sécurité -
Bonjour,
je n'arrive pas à supprimer un virus/malware, du nom de :
VBS:Malware-gen
Je suis sous Windows XP. J'ai executer Hijackthis et voici le rapport.
Merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:48, on 14/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
C:\Program Files\SW Virus\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\services.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
C:\Program Files\SW Virus\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = LocalHost:8800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC6B055-2182-4860-9757-A02FFC232A97} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {607BB4C9-449C-46D7-AF14-4B54A97CBACD} - (no file)
O2 - BHO: (no name) - {647DAC06-C886-4A57-A265-8219A83B69AC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\wvusttr.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flash32] c:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [2B2B342D363435383] 1B1B241D2624252.exe
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\starter.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Neuf Giga Drive] "C:\Program Files\Neuf\Neuf Giga Drive\neufGiga.exe" /delayed
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [9Giga Synchro] "C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe" /delayed
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/36.17/uploader2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvusttr - wvusttr.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)
je n'arrive pas à supprimer un virus/malware, du nom de :
VBS:Malware-gen
Je suis sous Windows XP. J'ai executer Hijackthis et voici le rapport.
Merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:48, on 14/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
C:\Program Files\SW Virus\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\services.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
C:\Program Files\SW Virus\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = LocalHost:8800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC6B055-2182-4860-9757-A02FFC232A97} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {607BB4C9-449C-46D7-AF14-4B54A97CBACD} - (no file)
O2 - BHO: (no name) - {647DAC06-C886-4A57-A265-8219A83B69AC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\wvusttr.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flash32] c:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [2B2B342D363435383] 1B1B241D2624252.exe
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\starter.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Neuf Giga Drive] "C:\Program Files\Neuf\Neuf Giga Drive\neufGiga.exe" /delayed
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [9Giga Synchro] "C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe" /delayed
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/36.17/uploader2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: wvusttr - wvusttr.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)
A voir également:
- Virus VBS:Malware-gen
- Vbs windows - Accueil - Optimisation
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
8 réponses
Salut
oui en effet tu es infecté fait ceci deja :
un scan en ligne avec internet explorer ici et poste le rapport en entier avec les lignes
http://www.bitdefender.com/scan_fr/scan8/ie.html
puis
* Télécharge Malwarebytes
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
* Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
* Lance une analyse complète en cliquant sur "Exécuter un examen complet"
* Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
puis
Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
oui en effet tu es infecté fait ceci deja :
un scan en ligne avec internet explorer ici et poste le rapport en entier avec les lignes
http://www.bitdefender.com/scan_fr/scan8/ie.html
puis
* Télécharge Malwarebytes
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
* Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
* Lance une analyse complète en cliquant sur "Exécuter un examen complet"
* Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
puis
Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Merci beaucoup pour la réponse et les instructions.
Je démarre tout ça et reviens avec des rapports.
Entre temps, un autre virus fait son apparition: Win32:Trojan-gen {Other}, fichier: C:\WINDOWS\Temp\wpv011249806738.exe\install.exe
Je suppose que les memes utilitaires vont aider à découvrir celui la aussi.
A bientot.
Je démarre tout ça et reviens avec des rapports.
Entre temps, un autre virus fait son apparition: Win32:Trojan-gen {Other}, fichier: C:\WINDOWS\Temp\wpv011249806738.exe\install.exe
Je suppose que les memes utilitaires vont aider à découvrir celui la aussi.
A bientot.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'ai essayé de lancer Bitdefender online, qui m'a donné un message d'erreur: this web site is not authorized to host this activeX control. Je n'ai pas réussi à régler ce problème.
Je suis donc passé à Malwarebyte, qui a tourné pendant 3 heures et a trouvé une soixantaine de fichiers infectés, que je lui ai fait supprimer
Je vais maintenant lancer RSIT.
A suivre.
.
Voici le rapport de Malwarebyte:
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2623
Windows 5.1.2600 Service Pack 2
14/08/2009 21:39:18
mbam-log-2009-08-14 (21-39-18).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 561671
Temps écoulé: 3 hour(s), 17 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvusttr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbar_starter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services (Trojan.SpamBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54} (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\TrustedAntiVirus (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\TrustedAntiVirus\AVQuar (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\wvusttr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\3d9b1e7803d1f514d0305a80ddfe72bc.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\a3368572eced2cc5f3e48709437835f9.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\b0a974e21bd83e5a9a77094cf52ff863.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\cd8511eeb7608e164d2860e220a79af3.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Thumbs.db (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv011249806738.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Gérard\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Je suis donc passé à Malwarebyte, qui a tourné pendant 3 heures et a trouvé une soixantaine de fichiers infectés, que je lui ai fait supprimer
Je vais maintenant lancer RSIT.
A suivre.
.
Voici le rapport de Malwarebyte:
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2623
Windows 5.1.2600 Service Pack 2
14/08/2009 21:39:18
mbam-log-2009-08-14 (21-39-18).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 561671
Temps écoulé: 3 hour(s), 17 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvusttr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a051b1ff-8d7e-418b-aabe-4ff82f4280a2} (Trojan.Conhook) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbar_starter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services (Trojan.SpamBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54} (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\Dot1XCfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\TrustedAntiVirus (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\TrustedAntiVirus\AVQuar (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\wvusttr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\3d9b1e7803d1f514d0305a80ddfe72bc.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\a3368572eced2cc5f3e48709437835f9.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\b0a974e21bd83e5a9a77094cf52ff863.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\cd8511eeb7608e164d2860e220a79af3.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\Deskbar_{B3C20BB3-AB5F-4874-82D0-C6F3F72B0E54}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Thumbs.db (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv011249806738.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Gérard\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Voici le 1er rapport de RSIT.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gérard at 2009-08-14 21:56:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (2%) free of 114 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:59, on 14/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
C:\Program Files\SW Virus\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
C:\Program Files\SW Virus\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gérard\Mes documents\Mes logiciels\SW Virus\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Gérard.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = LocalHost:8800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC6B055-2182-4860-9757-A02FFC232A97} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {607BB4C9-449C-46D7-AF14-4B54A97CBACD} - (no file)
O2 - BHO: (no name) - {647DAC06-C886-4A57-A265-8219A83B69AC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flash32] c:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [2B2B342D363435383] 1B1B241D2624252.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Neuf Giga Drive] "C:\Program Files\Neuf\Neuf Giga Drive\neufGiga.exe" /delayed
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [9Giga Synchro] "C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe" /delayed
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/36.17/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gérard at 2009-08-14 21:56:53
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (2%) free of 114 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:59, on 14/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
C:\Program Files\SW Virus\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
C:\Program Files\SW Virus\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gérard\Mes documents\Mes logiciels\SW Virus\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Gérard.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = LocalHost:8800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC6B055-2182-4860-9757-A02FFC232A97} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {607BB4C9-449C-46D7-AF14-4B54A97CBACD} - (no file)
O2 - BHO: (no name) - {647DAC06-C886-4A57-A265-8219A83B69AC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SWVIRU~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flash32] c:\Program Files\Flash 32\Flash32.exe
O4 - HKLM\..\Run: [2B2B342D363435383] 1B1B241D2624252.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Neuf Giga Drive] "C:\Program Files\Neuf\Neuf Giga Drive\neufGiga.exe" /delayed
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [9Giga Synchro] "C:\Program Files\Neuf\Neuf Giga Drive\9Giga_Synchro.exe" /delayed
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute Lite Edition\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/36.17/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\SW Virus\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\SW Virus\Avast4\ashWebSv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
Et voici le 2eme rapport de RSIT
Bonne chance pour le dépouillement.
info.txt logfile of random's system information tool 1.06 2009-08-14 21:57:02
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
9Giga Synchro v2.9.2-->"C:\Program Files\Neuf\Neuf Giga Drive\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
a-squared Free 3.1-->"C:\Program Files\a-squared Free\unins000.exe"
ASUS Probe V2.23.01-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUS Probe V2.23.08-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL2.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\SW Virus\Avast4\aswRunDll.exe "C:\Program Files\SW Virus\Avast4\Setup\setiface.dll",RunSetup
cam2pc (remove only)-->"C:\Program Files\cam2pc\uninstall.exe"
Canon i550-->C:\WINDOWS\system32\CNMCP49.exe "-PRINTERNAMECanon i550" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll" "-RCDLLcnmi040c.dll"
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Cartes du Ciel-->"C:\Program Files\Ciel\Uninstall.exe" "C:\Program Files\Ciel\install.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Map PCMCIA and USB drivers-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{98C61F22-8B4F-416E-A4BF-54FCC10509E0}
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Converter for Lotus Ami Pro (Remove only)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\Ami332.inf, Uninstall.NT
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 930c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 930c series
IGN Rando-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
IGN Rando-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JVComm32-->MsiExec.exe /I{572A8222-DB1B-4919-9BE2-B48BF8A84787}
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}\setup.exe" -runfromtemp -l0x040c -removeonly
Maxtor Manager-->MsiExec.exe /I{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Office XP Professional-->MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nikon Scan-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}\Setup.exe" -l0x40c UNINSTALL
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PinnacleHollywood FX 5-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
SailPack-Viewer 1.0-->C:\Program Files\BSG\SailPack-Viewer\uninst.exe
Sentinel Protection Installer 7.3.2-->MsiExec.exe /I{EDFE2142-CFB3-44AB-A961-DE85F6408A28}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartFTP Client 2.5 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SpamBayes 1.0.4-->"C:\Program Files\SpamBayes\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
Téléchargement PHOTOWAYS 3.0.8-->"C:\Program Files\Téléchargement PHOTOWAYS\uninstall.exe"
TV sur PC-->C:\Program Files\Neuf\TV_PC\uninstall.exe
Ugrib RC1-->"C:\Program Files\GRIB.US\unins000.exe"
USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
ViaMichelin Navigation PND-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47FF921C-E834-47A6-8CE4-F0A99CDE347F}\setup.exe" -l0x40c
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual Passage Planner 2-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
VisualRoute Lite Edition-->"C:\Program Files\VisualRoute Lite Edition\Uninstall.exe" "C:\Program Files\VisualRoute Lite Edition"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090813-0]
======System event log======
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.
Record Number: 43202
Source Name: Service Control Manager
Time Written: 20090408080848.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.
Record Number: 43201
Source Name: Service Control Manager
Time Written: 20090408080848.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 43200
Source Name: Service Control Manager
Time Written: 20090408080827.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 43199
Source Name: Service Control Manager
Time Written: 20090408080822.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 43198
Source Name: Service Control Manager
Time Written: 20090408080821.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: PCVIDEO
Event Code: 101
Message: wuauclt (1384) Le moteur de base de données est arrêté.
Record Number: 3883
Source Name: ESENT
Time Written: 20080909063326.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 103
Message: wuaueng.dll (1384) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
Record Number: 3882
Source Name: ESENT
Time Written: 20080909063326.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 102
Message: wuaueng.dll (1384) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3881
Source Name: ESENT
Time Written: 20080909063325.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 100
Message: wuauclt (1384) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 3880
Source Name: ESENT
Time Written: 20080909063325.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 3879
Source Name: SecurityCenter
Time Written: 20080909063240.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Bonne chance pour le dépouillement.
info.txt logfile of random's system information tool 1.06 2009-08-14 21:57:02
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
9Giga Synchro v2.9.2-->"C:\Program Files\Neuf\Neuf Giga Drive\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
ArcSoft PhotoStudio 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
a-squared Free 3.1-->"C:\Program Files\a-squared Free\unins000.exe"
ASUS Probe V2.23.01-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUS Probe V2.23.08-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL2.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\SW Virus\Avast4\aswRunDll.exe "C:\Program Files\SW Virus\Avast4\Setup\setiface.dll",RunSetup
cam2pc (remove only)-->"C:\Program Files\cam2pc\uninstall.exe"
Canon i550-->C:\WINDOWS\system32\CNMCP49.exe "-PRINTERNAMECanon i550" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll" "-RCDLLcnmi040c.dll"
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Cartes du Ciel-->"C:\Program Files\Ciel\Uninstall.exe" "C:\Program Files\Ciel\install.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Map PCMCIA and USB drivers-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{98C61F22-8B4F-416E-A4BF-54FCC10509E0}
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Converter for Lotus Ami Pro (Remove only)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\Ami332.inf, Uninstall.NT
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 930c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 930c series
IGN Rando-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
IGN Rando-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JVComm32-->MsiExec.exe /I{572A8222-DB1B-4919-9BE2-B48BF8A84787}
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}\setup.exe" -runfromtemp -l0x040c -removeonly
Maxtor Manager-->MsiExec.exe /I{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Office XP Professional-->MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nikon Scan-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}\Setup.exe" -l0x40c UNINSTALL
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PinnacleHollywood FX 5-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
SailPack-Viewer 1.0-->C:\Program Files\BSG\SailPack-Viewer\uninst.exe
Sentinel Protection Installer 7.3.2-->MsiExec.exe /I{EDFE2142-CFB3-44AB-A961-DE85F6408A28}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartFTP Client 2.5 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SpamBayes 1.0.4-->"C:\Program Files\SpamBayes\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
Téléchargement PHOTOWAYS 3.0.8-->"C:\Program Files\Téléchargement PHOTOWAYS\uninstall.exe"
TV sur PC-->C:\Program Files\Neuf\TV_PC\uninstall.exe
Ugrib RC1-->"C:\Program Files\GRIB.US\unins000.exe"
USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
ViaMichelin Navigation PND-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47FF921C-E834-47A6-8CE4-F0A99CDE347F}\setup.exe" -l0x40c
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual Passage Planner 2-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
VisualRoute Lite Edition-->"C:\Program Files\VisualRoute Lite Edition\Uninstall.exe" "C:\Program Files\VisualRoute Lite Edition"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090813-0]
======System event log======
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.
Record Number: 43202
Source Name: Service Control Manager
Time Written: 20090408080848.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.
Record Number: 43201
Source Name: Service Control Manager
Time Written: 20090408080848.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 43200
Source Name: Service Control Manager
Time Written: 20090408080827.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 43199
Source Name: Service Control Manager
Time Written: 20090408080822.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 43198
Source Name: Service Control Manager
Time Written: 20090408080821.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: PCVIDEO
Event Code: 101
Message: wuauclt (1384) Le moteur de base de données est arrêté.
Record Number: 3883
Source Name: ESENT
Time Written: 20080909063326.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 103
Message: wuaueng.dll (1384) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
Record Number: 3882
Source Name: ESENT
Time Written: 20080909063326.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 102
Message: wuaueng.dll (1384) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 3881
Source Name: ESENT
Time Written: 20080909063325.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 100
Message: wuauclt (1384) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 3880
Source Name: ESENT
Time Written: 20080909063325.000000+120
Event Type: Informations
User:
Computer Name: PCVIDEO
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 3879
Source Name: SecurityCenter
Time Written: 20080909063240.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Bon c'est pas mal mais il en reste encore...
deja supprime tes cracks et keygen si tu en as encore, tu commencais a choppé du Vundo
ensuite
==> Télécharger et enregistre sur ton bureau SDfix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
==> Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.
/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..
==> Choisir son compte, pas celui de l'Administrateur ou autre.
==> Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum
deja supprime tes cracks et keygen si tu en as encore, tu commencais a choppé du Vundo
ensuite
==> Télécharger et enregistre sur ton bureau SDfix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
==> Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.
/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..
==> Choisir son compte, pas celui de l'Administrateur ou autre.
==> Dérouler la liste des instructions ci-dessous :
• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum
