[VIRUS] infecté par serwab et Win

Résolu
anthony -  
 Regis59 -
Bonjour, j'ai eu a plusieurs reprises un message qui me disé que mon PC est infecté par le virus serwab. J'ai utilisé Ad-aware pour l'éliminer je pense que ca a marché mais il est revenus. Dans le compte rendu de Ad-aware le virus Win était présent aussi. J'ai fait un scane avec Hijackthis. Voici ce qu'il ma donné:

Logfile of HijackThis v1.99.1
Scan saved at 12:36:27, on 28/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\lssas.exe
C:\kybrdff_e38.exe
C:\nwnmff_e38.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\FNTS~1\winspool.exe
C:\Program Files\?dobe\w?wexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hbtools\HBTV\HBTV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HbTools\Bin\4.8.2.0\HbtSrv.exe
C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e38.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e38.exe
O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\g2040cdqef0e0.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe


J'ai aussi parfois un messsage qui me dit que la sécurité de ma carte bancaire, que mon mariage et que mon avenir peuvent être en danger car il ya des traces de mes parcours sur internet. Aidez moi svp. Je n'y connait vraiment pas grand chose en informatique. Mon anti virus est Norton 2004, et j'ai cru comprendre qu'il n'est pas trés éfficace.
J'ai encore un autre problème quand je suis sue internet j'ai trés souvent des pages publicitaire qui s'affiche? comment y remédier.
Merçi d'avance à tout ceux qui pourront m'aider.
A voir également:
  • [VIRUS] infecté par serwab et Win
  • Win rar - Télécharger - Compression & Décompression
  • Virus mcafee - Accueil - Piratage
  • Win dir stat - Télécharger - Gestion de fichiers
  • Win setup from usb - Télécharger - Utilitaires
  • Win zip - Télécharger - Compression & Décompression

67 réponses

Réponse 1 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
slt,

Vire ceci :

C:\Program Files\HbTools

Télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.
Si tu vois des lignes avec PRESENT! Continue la manip qui suit.

Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l’option 2 et tu réponds oui à tout.

Copie/colle le rapport sur le forum stp.

a+
0
Réponse 2 / 67
anthony
 
J'ai essayé de virer le dossier Hb Tools mais le Pc ne veut pas:
HbtCoreSrv.dll Accés refusé.
Je télécharge quand même smitfraudfix?

Merci
0
Réponse 3 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
oui lance Smitfraudfix quand meme et colle le rapport.

Si Hbtools ne degage en mode normal vire le en mode sans echec

Rappel :

Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

Désolé.

Je suis absent tout le week end à partir de maintenant donc on verra pour la suite + tard ...

Bon week end. ;-)

a+
0
Réponse 4 / 67
anthony
 
voila le rapport:

SmitFraudFix v2.115

Rapport fait à 20:16:57,09, 28/10/2006
Executé à partir de C:\Documents and Settings\Anthony Lenglet\Bureau\Nouveau dossier\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\drsmartload?.exe supprimé
C:\MTE3NDI6ODoxNg.exe supprimé
C:\WINDOWS\drsmartload2.dat supprimé
C:\WINDOWS\keyboard1.dat supprimé
C:\WINDOWS\newname.dat supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




Hb tools a bien dégagé. Merci.

J'atend ton retour pour la suite...

Merci.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 67
Kristopher Messages postés 3731 Date d'inscription   Statut Contributeur Dernière intervention   106
 
Bonsoir,

Tu es énormément infecté...

En attendant le retour de l'ami Séb fais ceci stp. :

1/ Télécharge absolument un firewall.
Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
Tutorial là : https://forums.cnetfrance.fr

2/ Ensuite, rends toi ici et fais exactement ce qui est demandé en collant les 3 rapports dans l'ordre :)

virus methode preliminaire de desinfection version fr

Bonne fin de week end
0
Réponse 6 / 67
anthony
 
ok je v faire ça.

Merci
0
Réponse 7 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
Re,

Alors ?

slt Kris ;-)
0
Réponse 8 / 67
anthony
 
J'ai téléchargé kério et installé mais j'ai essayé de le tutoré mais il me manque l'onglet:
"Sécurité du système". Donc je ne peut pas réaliser toute les étapes du tutorial.

Je n'arive pas à m'enregistrer non plus car il me manque le numéro de licence. Il me demande le nombre de licence que j'ai acheté au prés de leurs service de vente. Ce n'est pas gratuit?

Est ce que je fait la 2ème étape quand même?


Merci
0
Réponse 9 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
Ne tinscrit pas sinon tu va payer les services de Kério !

Tu l'installe et c'est tout ensuite tu ne t'occupes pas de ce qui se passe.
Au bout d'un certains temps tu vas perdre le filtrage Web qui n'est dispo que sur la version payante sinon tout fonctionnera normalement.
0
Réponse 10 / 67
anthony
 
Bonjour,
Voilà les trois rapport:

1°) il est en allemand car j'ai oublié de configurer la langue.

---------------------------------------------------------
ewido anti-spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 20:05:31 30/10/2006

+ Scan-Ergebnis:



C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\bw2.com -> Adware.AdURL : Gesäubert.
C:\WINDOWS\icont.exe -> Adware.AdURL : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052620.DLL -> Adware.CommAd : Gesäubert.
C:\WINDOWS\QW50aG9ueSBMZW5nbGV0\command.exe -> Adware.CommAd : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052575.dll -> Adware.DriveCleaner : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053171.exe -> Adware.DriveCleaner : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053175.dll -> Adware.DriveCleaner : Gesäubert.
C:\Program Files\Hotbar -> Adware.HotBar : Gesäubert.
C:\Recycled\Dc3\bin\4.8.2.0\HbtHostOE.dll -> Adware.Hotbar : Gesäubert.
C:\Recycled\Dc3\bin\4.8.2.0\HbtInstIE.dll -> Adware.HotBar : Gesäubert.
C:\Recycled\Dc3\bin\4.8.2.0\bak\HbtOEAddOn.exe -> Adware.HotBar : Gesäubert.
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\AppID\WeatherOnTray.EXE -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbTools.HbtCommBand\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostIE.Bho -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostIE.Bho\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtTools.HbMain -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtTools.HbMain.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtTools.HbMain\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\HbtTools.HbMain\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager.1 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\Install -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\MachineInfo -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\Mail -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\Updates -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\HbTools\Upgrade -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\Install -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\HbTools\Install\CmpMap -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsOutlookTools -> Adware.HotBar : Gesäubert.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HbToolsWebTools -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Common -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Common\Time -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Common\Updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\EUI -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Install -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\MachineInfo -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\PI -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\keren -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg860 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg861 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg887 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg888 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg889 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg910 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg914 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg915 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg940 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg941 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg942 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg943 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg946 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg947 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Sample\Hist\sg948 -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\Weather -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\dynamicFail -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\links -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\mail -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\options -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HbTools\updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HostOI -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\HostOI\Updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Install -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Install\Icons -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Install\Links -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostIE -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOI -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOL -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol\Mail -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol\Updates -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hostol\soho -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hotbar -> Adware.HotBar : Gesäubert.
HKU\S-1-5-21-1690843657-3660946461-3242847100-1005\Software\HbTools\hotbar\MultiUrl -> Adware.HotBar : Gesäubert.
C:\Installer4.exe -> Adware.Look2Me : Gesäubert.
C:\Installer5.exe -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052576.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052586.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052593.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052602.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052605.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052610.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052621.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052641.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052643.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052656.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052668.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052960.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052971.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053176.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053183.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053189.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053192.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053200.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053206.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053221.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053233.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053241.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053255.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053272.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053274.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053286.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053287.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053295.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053417.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053426.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053436.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053446.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053454.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053457.dll -> Adware.Look2Me : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053471.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\dmauth.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\dznwsock.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\gpn6l35s1.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\iacvid.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\ineshare.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\kldur.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\tHpi.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\uhrcoina.dll -> Adware.Look2Me : Gesäubert.
C:\WINDOWS\system32\wpfeman.dll -> Adware.Look2Me : Gesäubert.
[1808] C:\WINDOWS\system32\sosinv.dll -> Adware.Look2Me : Gesäubert.
[1960] C:\WINDOWS\system32\sosinv.dll -> Adware.Look2Me : Gesäubert.
C:\Program Files\Deskbar -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Gesäubert.
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052635.exe -> Adware.Softomate : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052636.dll -> Adware.Softomate : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053262.exe -> Adware.Softomate : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053263.dll -> Adware.Softomate : Gesäubert.
C:\deskbar.exe -> Adware.Softomate : Gesäubert.
C:\deskbar_e37.exe/deskbar.exe -> Adware.Softomate : Gesäubert.
C:\deskbar_e41.exe/deskbar.exe -> Adware.Softomate : Gesäubert.
HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Gesäubert.
HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Gesäubert.
HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Gesäubert.
HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Gesäubert.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Gesäubert.
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Gesäubert.
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Gesäubert.
C:\WINDOWS\system32\lssas.exe -> Backdoor.IRCBot.xn : Gesäubert.
[2076] C:\WINDOWS\System32\lssas.exe -> Backdoor.IRCBot.xn : Fehler während der Säuberung.
C:\bak\nwnmff_e37.exe -> Downloader.Adload.fk : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP305\A0050429.exe -> Downloader.Adload.fu : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050501.exe -> Downloader.Adload.fu : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0051543.exe -> Downloader.Adload.fu : Gesäubert.
C:\mc44a37.exe -> Downloader.Adload.fu : Gesäubert.
C:\mc44a38.exe -> Downloader.Adload.fu : Gesäubert.
C:\mc44a41.exe -> Downloader.Adload.fu : Gesäubert.
C:\bak\kybrdff_e37.exe -> Downloader.Adload.fy : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052543.exe -> Downloader.Adload.hg : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052591.exe -> Downloader.Adload.hg : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052632.exe -> Downloader.Adload.hg : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053261.exe -> Downloader.Adload.hg : Gesäubert.
C:\WINDOWS\Fοnts\bak\winspool.exe -> Downloader.PurityScan.db : Gesäubert.
C:\WINDOWS\Fοnts\winspool.exe -> Downloader.PurityScan.db : Gesäubert.
[2108] C:\WINDOWS\FNTS~1\winspool.exe -> Downloader.PurityScan.db : Fehler während der Säuberung.
C:\VSL.dl_.exe -> Downloader.Small.ajc : Gesäubert.
C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053291.exe -> Downloader.Small.buy : Gesäubert.
C:\VSL.dl_ -> Downloader.Small.ctp : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP302\A0048863.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP303\A0048959.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP303\A0049959.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP303\A0049971.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP305\A0050342.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP305\A0050428.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050452.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050473.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050499.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0050525.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0051522.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0051535.EXE -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052540.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052585.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052601.EXE -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052629.exe -> Downloader.Small.duf : Gesäubert.
C:\WINDOWS\algs.exe -> Downloader.Small.duf : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052639.exe -> Hijacker.Small.jf : Gesäubert.
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Gesäubert.
C:\WINDOWS\Temp\ICD1.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\8NFNSG7R\installdrivecleanerstart_fr[1].cab/UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\installdrivecleanerstart_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Gesäubert.
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\WinAntiVirusPro2006FreeInstall_fr[1].cab/UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Gesäubert.
C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052655.EXE -> Not-A-Virus.Monitor.Win32.NetMon.a : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@247realmedia[1].txt -> TrackingCookie.247realmedia : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@247realmedia[2].txt -> TrackingCookie.247realmedia : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@2o7[2].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@2o7[3].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@boonty.122.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@advertising[1].txt -> TrackingCookie.Advertising : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@atdmt[2].txt -> TrackingCookie.Atdmt : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@casalemedia[1].txt -> TrackingCookie.Casalemedia : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@casalemedia[2].txt -> TrackingCookie.Casalemedia : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@casinotropez[1].txt -> TrackingCookie.Casinotropez : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.epilot[1].txt -> TrackingCookie.Epilot : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@estat[1].txt -> TrackingCookie.Estat : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@as1.falkag[2].txt -> TrackingCookie.Falkag : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@as1.falkag[3].txt -> TrackingCookie.Falkag : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ehg-sonyesolutions.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ehg-sonyeu.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@hitbox[3].txt -> TrackingCookie.Hitbox : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@mediaplex[1].txt -> TrackingCookie.Mediaplex : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@overture[2].txt -> TrackingCookie.Overture : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ads1.revenue[1].txt -> TrackingCookie.Revenue : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@revenue[1].txt -> TrackingCookie.Revenue : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@revenue[3].txt -> TrackingCookie.Revenue : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@serving-sys[1].txt -> TrackingCookie.Serving-sys : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@tacoda[1].txt -> TrackingCookie.Tacoda : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@webstat[1].txt -> TrackingCookie.Web-stat : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@weborama[1].txt -> TrackingCookie.Weborama : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Gesäubert.
C:\Documents and Settings\Anthony Lenglet\Cookies\anthony lenglet@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Gesäubert.


::Berichtende


2°)

BitDefender Online Scanner



Scan report generated at: Tue, Oct 31, 2006 - 08:51:50





Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:20:02

Files
417281

Folders
5992

Boot Sectors
2

Archives
7554

Packed Files
63676




Results

Identified Viruses
22

Infected Files
80

Suspect Files
5

Warnings
0

Disinfected
0

Deleted Files
102




Engines Info

Virus Definitions
479421

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
Disinfection failed

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE
Deleted

C:\WINDOWS\system32\enp8l17u1.dll
Infected with: Trojan.Candebe.CZ

C:\WINDOWS\system32\enp8l17u1.dll
Disinfection failed

C:\WINDOWS\system32\enp8l17u1.dll
Deleted

C:\WINDOWS\system32\i
Infected with: Generic.Botget.CCBE999D

C:\WINDOWS\system32\i
Deleted

C:\WINDOWS\system32\wu.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\WINDOWS\system32\wu.exe
Disinfection failed

C:\WINDOWS\system32\wu.exe
Deleted

C:\WINDOWS\system32\NeroCheck.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\WINDOWS\system32\NeroCheck.exe
Disinfection failed

C:\WINDOWS\system32\NeroCheck.exe
Deleted

C:\WINDOWS\system32\gccdklme.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\WINDOWS\system32\gccdklme.exe
Disinfection failed

C:\WINDOWS\system32\gccdklme.exe
Deleted

C:\WINDOWS\wt\wcmdmgrl.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\WINDOWS\wt\wcmdmgrl.exe
Disinfection failed

C:\WINDOWS\wt\wcmdmgrl.exe
Deleted

C:\WINDOWS\FNTS~1\winspool.exe
Infected with: Trojan.Downloader.PurityScan.BP

C:\WINDOWS\FNTS~1\winspool.exe
Disinfection failed

C:\WINDOWS\FNTS~1\winspool.exe
Delete failed

C:\RDFX4.exe
Infected with: Trojan.Downloader.Small.CTP

C:\RDFX4.exe
Disinfection failed

C:\RDFX4.exe
Deleted

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk=>C:\Program Files\Real\RealPlayer\realplay.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk=>C:\Program Files\Real\RealPlayer\realplay.exe
Disinfection failed

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk=>C:\Program Files\Real\RealPlayer\realplay.exe
Deleted

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real\RealPlayer\RealPlayer.lnk
Update failed

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\!update.exe
Infected with: Trojan.Downloader.PurityScan.BP

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\!update.exe
Disinfection failed

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temp\!update.exe
Deleted

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\!update-4295[1].0000
Infected with: Trojan.Downloader.PurityScan.BP

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\!update-4295[1].0000
Disinfection failed

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\KD6RSXY3\!update-4295[1].0000
Deleted

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\6NY7Q5AR\checkin[1].htm
Infected with: Exploit.ADODB.Stream.AO

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\6NY7Q5AR\checkin[1].htm
Disinfection failed

C:\Documents and Settings\Anthony Lenglet\Local Settings\Temporary Internet Files\Content.IE5\6NY7Q5AR\checkin[1].htm
Deleted

C:\Documents and Settings\Anthony Lenglet\Bureau\Remove Spyware.url
Infected with: Trojan.QUrl.C

C:\Documents and Settings\Anthony Lenglet\Bureau\Remove Spyware.url
Disinfection failed

C:\Documents and Settings\Anthony Lenglet\Bureau\Remove Spyware.url
Deleted

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
Disinfection failed

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
Deleted

C:\Program Files\QuickTime\qttask.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Program Files\QuickTime\qttask.exe
Disinfection failed

C:\Program Files\QuickTime\qttask.exe
Deleted

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Disinfection failed

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Delete failed

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Disinfection failed

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Deleted

C:\Program Files\Ahead\InCD\InCD.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Program Files\Ahead\InCD\InCD.exe
Disinfection failed

C:\Program Files\Ahead\InCD\InCD.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\036D16A9.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.SN!!.948370C5

C:\Program Files\Norton AntiVirus\Quarantine\036D16A9.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\036D16A9.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0004
Infected with: Trojan.Downloader.IstBar.OK

C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)=>lzma_solid_nsis0004
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6B224CCF=>(Quarantine-2)=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\2ED55FBA=>(Quarantine-2)
Infected with: Backdoor.Rbot.BIJ

C:\Program Files\Norton AntiVirus\Quarantine\2ED55FBA=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1E253C10.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\Norton AntiVirus\Quarantine\1E253C10.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1E253C10.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1EDF1543.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BOJ

C:\Program Files\Norton AntiVirus\Quarantine\1EDF1543.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1EDF1543.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\26BB1C9E.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BOJ

C:\Program Files\Norton AntiVirus\Quarantine\26BB1C9E.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\26BB1C9E.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\26BE469A.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BOJ

C:\Program Files\Norton AntiVirus\Quarantine\26BE469A.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\26BE469A.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\35E373F0.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\Norton AntiVirus\Quarantine\35E373F0.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\35E373F0.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\772C5818.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\Norton AntiVirus\Quarantine\772C5818.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\772C5818.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\745C09C2.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\Norton AntiVirus\Quarantine\745C09C2.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\745C09C2.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\21631BA2.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\Program Files\Norton AntiVirus\Quarantine\21631BA2.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\21631BA2.exe=>(Quarantine-2)
Deleted

C:\Program Files\SymNetDrv\SNDMon.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\Program Files\SymNetDrv\SNDMon.exe
Disinfection failed

C:\Program Files\SymNetDrv\SNDMon.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052542.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052542.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052542.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052574.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052574.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052574.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052588.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052588.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052588.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052589.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052589.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052589.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052631.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052631.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0052631.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053290.exe
Infected with: Trojan.Downloader.Adload.FJ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053290.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP306\A0053290.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053479.exe
Infected with: Generic.Sdbot.F001AFB6

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053479.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053480.exe
Infected with: Trojan.Clspring.BE

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053480.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053480.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053481.exe
Infected with: Trojan.Clspring.BE

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053481.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053481.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053482.exe
Infected with: DeepScan:Generic.Malware.dld!!.F67304D8

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053482.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053482.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053483.exe
Infected with: Trojan.Downloader.Adload.FG

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053483.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053483.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053484.exe
Infected with: Trojan.Downloader.Adload.FG

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053484.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053484.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053485.exe
Infected with: Trojan.Downloader.Adload.FJ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053485.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053485.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053486.exe
Infected with: Trojan.Downloader.Small.BUY

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053486.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053487.exe
Infected with: Trojan.Downloader.Small.AJC

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053487.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053487.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053488.exe
Infected with: Trojan.Downloader.DollarRevenue.AD

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053488.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053488.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053489.exe
Infected with: Trojan.Downloader.DollarRevenue.AD

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053489.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053489.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053490.exe
Infected with: Trojan.Canbede.L

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053490.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053490.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053491.exe
Infected with: Trojan.Canbede.L

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053491.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053491.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053493.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053493.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053493.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053495.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053495.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053495.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053496.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053496.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053496.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053498.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053498.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053498.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053500.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053500.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053500.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053511.exe
Infected with: Trojan.Qurl.3

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053511.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053511.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053514.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053514.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053514.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053530.EXE
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053530.EXE
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053530.EXE
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053531.dll
Infected with: Trojan.Candebe.CZ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053531.dll
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053531.dll
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053532.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053532.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053532.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053533.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053533.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053533.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053534.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053534.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053534.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053535.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053535.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053535.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053536.exe
Infected with: Trojan.Downloader.Small.CTP

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053536.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053536.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053537.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053537.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053537.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053538.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053538.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053538.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053539.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053539.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053539.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053540.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053540.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053540.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053541.exe
Infected with: DeepScan:Generic.Mitglied.687CAF98

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053541.exe
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053541.exe
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053542.exe=>(Quarantine-2)
Infected with: DeepScan:Generic.Malware.SN!!.948370C5

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053542.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053542.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053543.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053543.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053543.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053544.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BOJ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053544.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053544.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053545.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BOJ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053545.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053545.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053546.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BOJ

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053546.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053546.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053547.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053547.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053547.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053548.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053548.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053548.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053549.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053549.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053549.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053550.exe=>(Quarantine-2)
Infected with: MemScan:Trojan.Vundo.K

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053550.exe=>(Quarantine-2)
Disinfection failed

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053550.exe=>(Quarantine-2)
Deleted

C:\System Volume Information\_restore{79AF36F4-6C21-4EF9-8EA7-5EF2D9C850EA}\RP309\A0053551.exe
Infected with: DeepScan:Generic.Mi
0
Réponse 11 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
heureusement que j'ai un mon traducteur informatique ! lol

Ou en sont tes probs ?

Remet un log Hijack
0
Kristopher Messages postés 3731 Date d'inscription   Statut Contributeur Dernière intervention   106
 
Slt Séb ;)

J'ai quelques notions principales de l'Allemand même si c'est un langue que je n'ai jamais étudié...

Il me semble que Gesäubert = Nettoyé.

Je suis presque certain qu'il reste encore pas mal de virus.

J'espère que notre ami a installé un firewall comme je lui ai suggéré et il faudra lui faire changer d'antivirus car celui-ci semble être "troué" (euphémisme).

Bonne journée,
Kris
0
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430 > Kristopher Messages postés 3731 Date d'inscription   Statut Contributeur Dernière intervention  
 
ok Kris ;-)

Quand je disais que j'avais mon traducteur ce n'etait pas des connneries ! lol

Gesäubert = Nettoyé j'avais vu sinon je lui aurait dit de refaire le scan.

Bonne journée à toi aussi.

@+
0
Réponse 12 / 67
anthony
 
Voici le log demandé:


Logfile of HijackThis v1.99.1
Scan saved at 14:54:08, on 31/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\WINDOWS\FNTS~1\winspool.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F8EDD4-A834-41B8-84A1-65C250B5D399}: NameServer = 86.64.145.140 84.103.237.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe



Moi j'ai fait de l'allemand mais je n'y connais rien... Merci a vous 2.
Je pense que vous n'êtes pas trop de 2 pour me sortir de là.Mdr.
0
Réponse 13 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
Pour vérif :

Fais un clic droit sur l'outil HijackThis! >> "Renommer", puis renomme-le en scan.exe

Lance HijackThis! (double clique scan.exe) puis clique "Do a system scan and save a logfile", puis poste le rapport ici.
0
Réponse 14 / 67
anthony
 
Voila le log:


Logfile of HijackThis v1.99.1
Scan saved at 17:21:43, on 31/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\FNTS~1\winspool.exe
C:\Program Files\?dobe\w?wexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F8EDD4-A834-41B8-84A1-65C250B5D399}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe



Je pense avoir bien fait la manip'.

Merçi.
0
Réponse 15 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
Télécharge l2mfix :
http://www.downloads.subratam.org/l2mfix.exe

Quitter le net, le navigateur, et toutes autres fenêtres d’applications.
Double clic sur l2mfix.exe pour lancer l'extraction.
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche "Entrée".
Le bloc note va s'ouvrir avec le résultat du scan.
Copie/colle le rapport sur le forum stp.


--

***** Have a good day *****
0
Réponse 16 / 67
anthony
 
Re
Voilà le rapport de l2mfix


2MFIX find log 051206
These are the registry keys present
********************************************************************

**************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

********************************************************************

**************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu

rrentVersion\Internet Settings\User Agent\Post Platform]
"{F74A6EDC-3CD0-75DA-7DF6-C23B8143273C}"=""

********************************************************************

**************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu

rrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de

propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de

scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de

s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des

propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de

l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL

Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension

Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension

Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension

Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de

s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de

compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire

de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension

copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de

l'environnement pour les objets r‚seau de Microsoft

Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion

d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion

d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de

l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de

l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu

contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-docum

ents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension

ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de

s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de

l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display

TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de

cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de

cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions

r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions

r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et

appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs

et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et

appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs

et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs

et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote

Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update

Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions

de l'interpr‚teur de commandes pour l'environnement

d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de

donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder

Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder

Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches

planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des

tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier

‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils

d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media

Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media

Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav

Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties

Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties

Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video

Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils

Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du

t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier

Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du

shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du

navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de

recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚

de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche

Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des

options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte

d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie

semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImag

eExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie

semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie

semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de

progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de

la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie

semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie

semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur

de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site

de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell

DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du

Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar

BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance

utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres

du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites

Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell

Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell

DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft

Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcu

t"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url

History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary

Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary

Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url

Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de

d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF

Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search

Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet

Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail

service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail

service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier

ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription

Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier

Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckW

ebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheck

ChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code

Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="Connection

Agent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck

SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire

d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur

d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication

d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image

Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image

Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de

miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnair

e de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de

miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image

Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant

Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande

d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet

Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir

une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes

d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed

(zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed

(zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de

chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de

chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel

Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel

Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel

Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders

Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft

DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft

DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft

DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft

DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft

DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft

DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory

Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell

properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory

Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory

Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory

Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory

Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs

Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop

Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs

Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files

Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files

Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier

Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft

Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_Publish

DropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon

Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file

viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des

&personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows

Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows

Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows

Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion

Cache"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft

Outlook Custom Icon Handler"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAM

P Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerA

MP Music Converter"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension

for CDRW"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger

Sharing Folders"
"{CE000992-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN

Resolver"
"{CE000994-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN

SearchHook"
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}"="IZArc

DragDrop Menu"
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"="IZArc Shell

Context Menu"
"{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}"=""
"{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}"=""
"{D71B94EB-B141-420F-88E8-F84CCC038DF0}"=""
"{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}"=""
"{C8B6262B-8C09-46FB-AAFC-AD31148A8089}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable

Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable

Media Devices Menu"

********************************************************************

**************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

2BCAC54ABCE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

2BCAC54ABCE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

2BCAC54ABCE}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-0

2BCAC54ABCE}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

00E0B65CB43}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

00E0B65CB43}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

00E0B65CB43}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-0

00E0B65CB43}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxnwsock.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

CCC038DF0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

CCC038DF0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

CCC038DF0}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84

CCC038DF0}\InprocServer32]
@="C:\\WINDOWS\\system32\\igm32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

2F8E70D91E4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

2F8E70D91E4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

2F8E70D91E4}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-0

2F8E70D91E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\kfdpo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

D31148A8089}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

D31148A8089}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

D31148A8089}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-A

D31148A8089}\InprocServer32]
@="C:\\WINDOWS\\system32\\sosinv.dll"
"ThreadingModel"="Apartment"

********************************************************************

**************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ydpld.dll Wed 25 Oct 2006 15:25:02 A.... 126 976

124,00 K
m4460e~1.dll Mon 30 Oct 2006 19:20:30 ..S.R 235

537 230,02 K
cncs32.dll Fri 20 Oct 2006 11:30:34 A.... 172 032

168,00 K
s32evnt1.dll Fri 15 Sep 2006 22:52:12 A.... 91 904

89,75 K

4 items found: 4 files (1 H/S), 0 directories.
Total of file sizes: 626 449 bytes 611,77 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Mon 30 Oct 2006 21:53:00 A.... 236 004

230,47 K
atmtdd~1.tmp Thu 26 Oct 2006 19:08:26 A.... 0

0,00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 236 004 bytes 230,47 K
********************************************************************

**************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2B1B-1302

R‚pertoire de C:\WINDOWS\System32

30/10/2006 19:20 235ÿ537 m4460ehseh460.dll
02/11/2004 08:39 <REP> Microsoft
02/11/2004 08:18 <REP> dllcache
1 fichier(s) 235ÿ537 octets
2 R‚p(s) 50ÿ743ÿ967ÿ744 octets libres



Encor merçi de ton aide.
0
Réponse 17 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
ok

Ferme tous les programmes parce qu'il va y avoir reboot automatique.
Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
Enfin poste ce 2ème rapport avec un nouveau rapport HijackThis.

Je dois m'absenter.

a+
0
Réponse 18 / 67
anthony
 
voici le 1er rapport de l2mfix, je pense que je l'ai réalisé correctement:


L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (596)
Killing 'winlogon.exe'
winlogon.exe (1308)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (2568)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: C:\WINDOWS\system32\m4460ehseh460.dll
Successfully Deleted: C:\WINDOWS\system32\m4460ehseh460.dll
Deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp

msg11?.dll
0 fichier(s) copi‚(s).
Desktop.ini sucessfully removed




Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\m4460ehseh460.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxnwsock.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}\InprocServer32]
@="C:\\WINDOWS\\system32\\igm32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}\InprocServer32]
@="C:\\WINDOWS\\system32\\kfdpo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}\InprocServer32]
@="C:\\WINDOWS\\system32\\sosinv.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}"=-
"{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}"=-
"{D71B94EB-B141-420F-88E8-F84CCC038DF0}"=-
"{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}"=-
"{C8B6262B-8C09-46FB-AAFC-AD31148A8089}"=-
[-HKEY_CLASSES_ROOT\CLSID\{6D601CAA-FC33-4E67-98DE-02BCAC54ABCE}]
[-HKEY_CLASSES_ROOT\CLSID\{D77A6346-A22D-4D4C-BE6F-000E0B65CB43}]
[-HKEY_CLASSES_ROOT\CLSID\{D71B94EB-B141-420F-88E8-F84CCC038DF0}]
[-HKEY_CLASSES_ROOT\CLSID\{EA8C1EC9-E541-4543-97D3-02F8E70D91E4}]
[-HKEY_CLASSES_ROOT\CLSID\{C8B6262B-8C09-46FB-AAFC-AD31148A8089}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/m4460ehseh460.dll (deflated 5%)
adding: dlls/guard.tmp (deflated 5%)
adding: backregs/notibac.reg (deflated 54%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/6D601CAA-FC33-4E67-98DE-02BCAC54ABCE.reg (deflated 70%)
adding: backregs/D77A6346-A22D-4D4C-BE6F-000E0B65CB43.reg (deflated 70%)
adding: backregs/D71B94EB-B141-420F-88E8-F84CCC038DF0.reg (deflated 70%)
adding: backregs/EA8C1EC9-E541-4543-97D3-02F8E70D91E4.reg (deflated 70%)
adding: backregs/C8B6262B-8C09-46FB-AAFC-AD31148A8089.reg (deflated 70%)


et voilà celui de hijacktis:

Logfile of HijackThis v1.99.1
Scan saved at 19:49:25, on 31/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\FNTS~1\winspool.exe
C:\Program Files\?dobe\w?wexec.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\HP\PRODUC~1\bin\hprblog.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Anthony Lenglet\Mes documents\logiciel\hijackthis_199\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {F7653E31-8BA9-A509-DEDA-D428E1213BBF} - C:\WINDOWS\System32\ydpld.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.2.0\HbtHostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [loqkwpnw] C:\WINDOWS\System32\gccdklme.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Le Clavier Façile.lnk = C:\TYPING\FLYING.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69c07e0fd8d24d91b0b01c83895339ab
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69c07e0fd8d24d91b0b01c83895339ab
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DBB968-7952-4F9A-9192-7B4DB2BA0804}: NameServer = 86.64.145.140,84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe


Merci pour ton aide.
0
Réponse 19 / 67
Séb08 Messages postés 16503 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
Ok on verra pour le reste demain, je dois m'absenter.

a+
0
Réponse 20 / 67
anthony
 
Re:

J'ai un objet qui m'interresse fortement sur ebay mais je ne suis pas certain que mes données personnelles soient protégées a cause des virus certainement encore présent sur mon Pc.
Est ce que je peut quand même acheté l'objet sur le site Ebay?
car il parait que c'est un site trés sécurisé (avec paypal).

Je souhaiterais que l'on puisse me répondre assez rapidement car la vente ce termine a 19h50.

Merci a celui qui pourra me repondre rapidement.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses