[ virus adir.dll ] infection virulante !! Fermé

Question

Bonjour a tous
voila je pars a l'etranger vendredi et je viens d'etre infecté sur mon pc portable d'un virus de M... que je n'arrive pas a supprimer.
Est ce que quelqu'un pourrait m'aider svp ???? j'utilise ce pc pour le boulot et la ca devient tres embetant si ce cogno me plante l'ordi....
je me suis un peu renseigné sur les forums et apparement ce virus deja connu il sagirait d'un fichier adir.dll (repéré par avast)
par contre je n'arrive pas a trouver une procedure qui pourrait correspondre a mon ordi, je controle pas trop le sujet et je n'ose pas trop m'aventurer dans la suppression de fichiers que je ne connais pas.

j'ai donc fait un scan avec hijacksthis (apparement c ce ki faut faire) pour essayer de reperer le hic
voici le resultat:
Logfile of HijackThis v1.99.1
Scan saved at 14:07:35, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\taskdir.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctpmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Documents and Settings\Valentin\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sex.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

..... personellement ca ne me parle pas.... alors j'ai fait un autre scan avec spyhunter ( ca m'en dit pas plus ..., mais peutetre que quelqu'un comprends ce language sournoit ;)
voici le resultat:
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = b4c08d31e8c2ea9d76f892052a6fcaeb
processName = WINLOGON.EXE File Size = 506368 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = d2de785aeab0bb8ca4c14a8a199dbe4e
processName = SERVICES.EXE File Size = 108544 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = 732e0b1abaace15d80ec19056b0a2af9
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 9f3744a5c6f49291a7a685040a013399
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 1bd6c2f707a275cb7c16fd99fe0f31ca
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 1bd6c2f707a275cb7c16fd99fe0f31ca
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = EXPLORER.EXE File Size = 1036288 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = 4c33e5b9a6197b6ed215f6cfba0a2daa
processName = EHTRAY.EXE File Size = 64512 File Path = C:\WINDOWS\ehome\ehtray.exe ModuleMD5 = 9c69e6a25f5500501b14af43311f8d8b
processName = HP WIRELESS ASSISTANT.EXE File Size = 458752 File Path = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe ModuleMD5 = 1e4037f987986b200eb8421a1ceeee68
processName = JUSCHED.EXE File Size = 49263 File Path = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe ModuleMD5 = 3aa5d60b77ce19b1f2521f532ab986e7
processName = IGFXTRAY.EXE File Size = 94208 File Path = C:\WINDOWS\system32\igfxtray.exe ModuleMD5 = 54f1f98c4ad8f99bbbe8fbb62b38733f
processName = HKCMD.EXE File Size = 77824 File Path = C:\WINDOWS\system32\hkcmd.exe ModuleMD5 = d9f3db62d1b361d82cd82a347ea6218d
processName = IGFXPERS.EXE File Size = 118784 File Path = C:\WINDOWS\system32\igfxpers.exe ModuleMD5 = 32fb9368f485a7fe944eb6678b61734b
processName = SYNTPENH.EXE File Size = 794713 File Path = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ModuleMD5 = 80a0309e33334fcc86f11647c8a1d942
processName = QPSERVICE.EXE File Size = 102400 File Path = C:\Program Files\HP\QuickPlay\QPService.exe ModuleMD5 = cd7a1d584fc809b82d6a391bbdb42a44
processName = HPWUSCHD2.EXE File Size = 49152 File Path = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe ModuleMD5 = 821f73b833c4daebc33c1a9a4b16bb5a
processName = QLBCTRL.EXE File Size = 163840 File Path = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ModuleMD5 = 0b55d3a8cdab67f647ee0cbad87ccb6d
processName = GOOGLEDESKTOP.EXE File Size = 190464 File Path = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ModuleMD5 = 4ffd225c1cb52c0d198edd8b189eadf9
processName = ASHDISP.EXE File Size = 108160 File Path = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ModuleMD5 = 264c095d36aa973d9c64909124d0ba60
processName = ADIRSS.EXE File Size = 6085 File Path = C:\WINDOWS\system32\adirss.exe ModuleMD5 = d2346ba22ac69347f28606bb7246fe0a
processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = 5584247b568c2e53934873f4b655fe6a
processName = WMPNSCFG.EXE File Size = 204288 File Path = C:\Program Files\Windows Media Player\WMPNSCFG.exe ModuleMD5 = 5011a24aecf4d573473bdc15ee84c178
processName = CTPMON.EXE File Size = 30720 File Path = C:\WINDOWS\system32\ctpmon.exe ModuleMD5 = 4b368fade9d1f20b8c757a1e6fd4a8eb
processName = TASKDIR.EXE File Size = 54213 File Path = C:\WINDOWS\system32\taskdir.exe ModuleMD5 = f29bb699d2be9395aec4a871533a63c1
processName = GOOGLEDESKTOPINDEX.EXE File Size = 755200 File Path = C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ModuleMD5 = 72f1d09a1c1f69b0bb85655cb2d6fcb6
processName = CTPMON.EXE File Size = 30720 File Path = C:\WINDOWS\system32\ctpmon.exe ModuleMD5 = 4b368fade9d1f20b8c757a1e6fd4a8eb
processName = MSNMSGR.EXE File Size = 7086080 File Path = C:\Program Files\MSN Messenger\MsnMsgr.Exe ModuleMD5 = c595c788c794d893fe70c3e9c0113135
processName = GOOGLEUPDATER.EXE File Size = 114616 File Path = C:\Program Files\Google\Google Updater\GoogleUpdater.exe ModuleMD5 = 86b4eb00e9844fdc05a3c6f17b3beb69
processName = HPQIMZONE.EXE File Size = 475136 File Path = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe ModuleMD5 = 6c56cf33c2c6236a1162fdfc0becd042
processName = GOOGLEDESKTOPDISPLAY.EXE File Size = 1109504 File Path = C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ModuleMD5 = 5d06d79249fb552b96a20f7684ac2b3a
processName = GOOGLEDESKTOPCRAWL.EXE File Size = 243712 File Path = C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe ModuleMD5 = 72b3e1e1ce2780eee143bb594aab3730
processName = ASWUPDSV.EXE File Size = 59008 File Path = C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ModuleMD5 = dc995da2d258c0590c3ae07ec68bfee6
processName = ASHSERV.EXE File Size = 108160 File Path = C:\Program Files\Alwil Software\Avast4\ashServ.exe ModuleMD5 = 1ca6d8776d4f615e7861e35221582ae0
processName = EHRECVR.EXE File Size = 237568 File Path = C:\WINDOWS\eHome\ehRecvr.exe ModuleMD5 = 5d1347aa5ae6e2f77d7f4f8372d95ac9
processName = EHSCHED.EXE File Size = 103424 File Path = C:\WINDOWS\eHome\ehSched.exe ModuleMD5 = 980eeea91776357518892c5544768e2b
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 1bd6c2f707a275cb7c16fd99fe0f31ca
processName = LSSRVC.EXE File Size = 49152 File Path = C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe ModuleMD5 = 86e8bcaa91fc2acfacd99cf2bf9f1f47
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 1bd6c2f707a275cb7c16fd99fe0f31ca
processName = HPQWMIEX.EXE File Size = 135168 File Path = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe ModuleMD5 = 04c1dcbb226c6ae647b794833ce3ceb6
processName = MQSVC.EXE File Size = 4608 File Path = C:\WINDOWS\system32\mqsvc.exe ModuleMD5 = 5339a35dbab8fec27c8d76c5610760e6
processName = MQTGSVC.EXE File Size = 117248 File Path = C:\WINDOWS\system32\mqtgsvc.exe ModuleMD5 = 8eb039729ce98c4d9220cd2e0afd3c19
processName = DLLHOST.EXE File Size = 5120 File Path = C:\WINDOWS\system32\dllhost.exe ModuleMD5 = d66259c3bcefc9caeb481ed52a4eac74
processName = ASHMAISV.EXE File Size = 251520 File Path = C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ModuleMD5 = 30020c9fd8754f4099f9d868c6c87051
processName = ASHWEBSV.EXE File Size = 370304 File Path = C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ModuleMD5 = 165408dd1bb1cc1ac41115f906fcfacb
processName = EHMSAS.EXE File Size = 46592 File Path = C:\WINDOWS\eHome\ehmsas.exe ModuleMD5 = daefb050ac8fee4f1097fcf7cb97220e
processName = FIREFOX.EXE File Size = 7200365 File Path = C:\PROGRA~1\MOZILL~1\FIREFOX.EXE ModuleMD5 = c27f9e9ebeb05c9d2260d4be605c836b
processName = SPYHUNTER.EXE File Size = 2482176 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 146e80454798088ce29eff0254637ceb
processName = IGFXSRVC.EXE File Size = 163840 File Path = C:\WINDOWS\system32\igfxsrvc.exe ModuleMD5 = 23daa38f8ff3f0b76f41463a49c65b5e
###########################REGISTRY MD5 DATA###########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=ehTray Data=C:\WINDOWS\ehome\ehtray.exe FileSize = 64512 MD5=9c69e6a25f5500501b14af43311f8d8b
Name=hpWirelessAssistant Data=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe FileSize = 458752 MD5=1e4037f987986b200eb8421a1ceeee68
Name=SunJavaUpdateSched Data="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" FileSize = 49263 MD5=3aa5d60b77ce19b1f2521f532ab986e7
Name=MsmqIntCert Data=regsvr32 /s mqrt.dll FileSize = MD5=
Name=High Definition Audio Property Page Shortcut Data=CHDAudPropShortcut.exe FileSize = 61952 MD5=facc9e11e2102c23ce69589c11a4c326
Name=igfxtray Data=C:\WINDOWS\system32\igfxtray.exe FileSize = 94208 MD5=54f1f98c4ad8f99bbbe8fbb62b38733f
Name=igfxhkcmd Data=C:\WINDOWS\system32\hkcmd.exe FileSize = 77824 MD5=d9f3db62d1b361d82cd82a347ea6218d
Name=igfxpers Data=C:\WINDOWS\system32\igfxpers.exe FileSize = 118784 MD5=32fb9368f485a7fe944eb6678b61734b
Name=SynTPEnh Data=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe FileSize = 794713 MD5=80a0309e33334fcc86f11647c8a1d942
Name=QPService Data="C:\Program Files\HP\QuickPlay\QPService.exe" FileSize = 102400 MD5=cd7a1d584fc809b82d6a391bbdb42a44
Name=HP Software Update Data=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe FileSize = 49152 MD5=821f73b833c4daebc33c1a9a4b16bb5a
Name=QlbCtrl Data=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start FileSize = MD5=
Name=Cpqset Data=C:\Program Files\HPQ\Default Settings\cpqset.exe FileSize = 40960 MD5=cf7ef7f52bccfe94f8290ab4f41bcbc8
Name=RecGuard Data=C:\Windows\SMINST\RecGuard.exe FileSize = 1187840 MD5=c764f15f0ae8a02df1523cb24f355b22
Name=Google Desktop Search Data="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup FileSize = 190464 MD5=4ffd225c1cb52c0d198edd8b189eadf9
Name=avast! Data=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe FileSize = 108160 MD5=264c095d36aa973d9c64909124d0ba60
Name=sysinter Data=C:\WINDOWS\system32\adirss.exe FileSize = 6085 MD5=d2346ba22ac69347f28606bb7246fe0a
Name=KernelFaultCheck Data=%systemroot%\system32\dumprep 0 -k FileSize = MD5=
Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
FileSize = 2482176 MD5=146e80454798088ce29eff0254637ceb
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=CTFMON.EXE Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 15360 MD5=5584247b568c2e53934873f4b655fe6a
Name=BitTorrent Data="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized FileSize = MD5=********************************
Name=WMPNSCFG Data=C:\Program Files\Windows Media Player\WMPNSCFG.exe FileSize = 204288 MD5=5011a24aecf4d573473bdc15ee84c178
Name=ctpmon Data=ctpmon.exe FileSize = 30720 MD5=4b368fade9d1f20b8c757a1e6fd4a8eb
Name=taskdir Data=C:\WINDOWS\system32\taskdir.exe FileSize = 54213 MD5=f29bb699d2be9395aec4a871533a63c1
Name=Skype Data="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized FileSize = 20058152 MD5=32cc2915fcc207086d9b43ccece298f7
Name=MsnMsgr Data="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
FileSize = 7086080 MD5=c595c788c794d893fe70c3e9c0113135
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=CTFMON.EXE Data=C:\WINDOWS\system32\CTFMON.EXE
FileSize = 15360 MD5=5584247b568c2e53934873f4b655fe6a
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS>
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL FileSize = 136704 MD5=2ed7798e48c93c0cc93cd836be5bbc83
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL>
Explorer.exe FileSize = 1036288 MD5=4c33e5b9a6197b6ed215f6cfba0a2daa
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT>
C:\WINDOWS\system32\userinit.exe, FileSize = 25088 MD5=d6d65ea32b190401b57edb6706f29669
#############################FILE MD5 DATA#############################
<C:\Documents and Settings\Valentin\Menu Démarrer\Programmes\Démarrage>
File Path = C:\Documents and Settings\Valentin\Menu Démarrer\Programmes\Démarrage\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
#############################SERVICES DATA#############################
Service Name = aswUpdSv Service Display Name = avast! iAVS4 Control Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" Binary Size = 0 Binary MD5 =
Service Name = AudioSrv Service Display Name = Audio Windows Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = avast! Antivirus Service Display Name = avast! Antivirus Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" Binary Size = 0 Binary MD5 =
Service Name = avast! Mail Scanner Service Display Name = avast! Mail Scanner Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 3 Service Error Control = 1 Service Binary Path = "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service Binary Size = 0 Binary MD5 =
Service Name = avast! Web Scanner Service Display Name = avast! Web Scanner Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 3 Service Error Control = 1 Service Binary Path = "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service Binary Size = 0 Binary MD5 =
Service Name = BITS Service Display Name = Service de transfert intelligent en arrière-plan Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = COMSysApp Service Display Name = Application système COM+ Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Binary Size = 0 Binary MD5 =
Service Name = CryptSvc Service Display Name = Services de cryptographie Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = Lanceur de processus serveur DCOM Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = Client DHCP Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = dmserver Service Display Name = Gestionnaire de disque logique Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = Client DNS Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ehRecvr Service Display Name = Media Center Receiver Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\eHome\ehRecvr.exe Binary Size = 237568 Binary MD5 = 5d1347aa5ae6e2f77d7f4f8372d95ac9
Service Name = ehSched Service Display Name = Service de planification Media Center Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\eHome\ehSched.exe Binary Size = 103424 Binary MD5 = 980eeea91776357518892c5544768e2b
Service Name = ERSvc Service Display Name = Service de rapport d'erreurs Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Journal des événements Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108544 Binary MD5 = 732e0b1abaace15d80ec19056b0a2af9
Service Name = EventSystem Service Display Name = Système d'événements de COM+ Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = FastUserSwitchingCompatibility Service Display Name = Compatibilité avec le Changement rapide d'utilisateur Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Aide et support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = HidServ Service Display Name = HID Input Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = hpqwmiex Service Display Name = hpqwmiex Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe Binary Size = 135168 Binary MD5 = 04c1dcbb226c6ae647b794833ce3ceb6
Service Name = HTTPFilter Service Display Name = HTTP SSL Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k HTTPFilter Binary Size = 0 Binary MD5 =
Service Name = lanmanserver Service Display Name = Serveur Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Station de travail Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LightScribeService Service Display Name = LightScribeService Direct Disc Labeling Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe" Binary Size = 0 Binary MD5 =
Service Name = LmHosts Service Display Name = Assistance TCP/IP NetBIOS Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = McrdSvc Service Display Name = Media Center Extender Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\ehome\mcrdsvc.exe Binary Size = 99328 Binary MD5 = 52404cc76e9d53843bdf97564bb16bed
Service Name = MSDTC Service Display Name = Distributed Transaction Coordinator Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\msdtc.exe Binary Size = 6144 Binary MD5 = 680639b08040cec24b8bd873b1f02f51
Service Name = MSMQ Service Display Name = Message Queuing Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\mqsvc.exe Binary Size = 4608 Binary MD5 = 5339a35dbab8fec27c8d76c5610760e6
Service Name = MSMQTriggers Service Display Name = Message Queuing Triggers Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\mqtgsvc.exe Binary Size = 117248 Binary MD5 = 8eb039729ce98c4d9220cd2e0afd3c19
Service Name = Netman Service Display Name = Connexions réseau Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = NLA (Network Location Awareness) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = NtLmSsp Service Display Name = Fournisseur de la prise en charge de sécurité LM NT Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 9f3744a5c6f49291a7a685040a013399
Service Name = PlugPlay Service Display Name = Plug-and-Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108544 Binary MD5 = 732e0b1abaace15d80ec19056b0a2af9
Service Name = PolicyAgent Service Display Name = Services IPSEC Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 9f3744a5c6f49291a7a685040a013399
Service Name = ProtectedStorage Service Display Name = Emplacement protégé Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 9f3744a5c6f49291a7a685040a013399
Service Name = RasMan Service Display Name = Gestionnaire de connexions d'accès distant Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RemoteRegistry Service Display Name = Accès à distance au Registre Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Appel de procédure distante (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Gestionnaire de comptes de sécurité Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 9f3744a5c6f49291a7a685040a013399
Service Name = Schedule Service Display Name = Planificateur de tâches Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Connexion secondaire Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = Notification d'événement système Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Détection matériel noyau Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Spouleur d'impression Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f
Service Name = srservice Service Display Name = Service de restauration système Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = Acquisition d'image Windows (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Téléphonie Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Services Terminal Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Thèmes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Client de suivi de lien distribué Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = upnphost Service Display Name = Hôte de périphérique universel Plug-and-Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = W32Time Service Display Name = Horloge Windows Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Infrastructure de gestion Windows Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WMPNetworkSvc Service Display Name = Service Partage réseau du Lecteur Windows Media Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Windows Media Player\WMPNetwk.exe" Binary Size = 0 Binary MD5 =
Service Name = wscsvc Service Display Name = Centre de sécurité Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Mises à jour automatiques Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Configuration automatique sans fil Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 604672 File MD5 = fd8631128e14583f135eb4b3f37ef626
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = 344dcb5a0c57e0fc3714c5e5e5fbc232
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 102912 File MD5 = fbc2cd20b107b6525dfee9f6e41dcc8b
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxdev.dll File Size = 139264 File MD5 = a58241451a149929a679c82fa934ef81
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 94208 File MD5 = 8201bb13554a855cabd88bbf14b2166b
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 94208 File MD5 = 8201bb13554a855cabd88bbf14b2166b
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 22016 File MD5 = 83db3b831c845699ad4f6bfb37c4790c
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 94208 File MD5 = 8201bb13554a855cabd88bbf14b2166b
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 94208 File MD5 = 8201bb13554a855cabd88bbf14b2166b
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 94208 File MD5 = 8201bb13554a855cabd88bbf14b2166b
##########################BROWSER ADD-ON DATA##########################
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1497600 File MD5 = aad9fc77ccb23ce4f396cff33fb3dc71
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>
CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File Size = 59032 File MD5 = 4ea3a6cd9d20584ffafdb1e47dbf0e20
CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll File Size = 440056 File MD5 = bc7a3c412fe12f471603473294ceeebe
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>
CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = File Size = 0 File MD5 =
CLSID = {e2e2dd38-d088-4134-82b7-f2ba38496583} FilePath = File Size = 0 File MD5 =
CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>
CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1497600 File MD5 = aad9fc77ccb23ce4f396cff33fb3dc71 Description =
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler>
CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = 38948cf4f25d717f60a5fb35228ba637 Description = Pré-chargeur Browseui
CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = 38948cf4f25d717f60a5fb35228ba637 Description = Démon de cache des catégories de composant
##########################LSP CHAIN DATA##########################
<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = bc3752885b2ec7bf57fc6f9b23f2c8d5
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = bc3752885b2ec7bf57fc6f9b23f2c8d5
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247808 File MD5 = ccdd3433f3c3bd0d8502b38fd155b2f0
##########################UNINSTALL DATA##########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\99A88D57-2C93-491B-87B8-E41A870FB6BE DisplayName = GemMaster Mystic
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal DisplayName = Ad-Aware SE Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\avast! DisplayName = avast! Antivirus InstallLocation = C:\PROGRA~1\ALWILS~1\Avast4
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent DisplayName = BitTorrent 5.0.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_HDAUDIO DisplayName = Conexant HD Audio
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_wis30B2m DisplayName = HDAUDIO Soft Data Fax Modem with SmartCP
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\GalleryPlayer Images DisplayName = GalleryPlayer Images
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop DisplayName = Google Desktop
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Updater DisplayName = Outil de mise à jour Google
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions DisplayName = HP Imaging Device Functions 6.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging DisplayName = HP Photosmart Premier Software 6.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs DisplayName = Microsoft Internationalized Domain Names Mitigation APIs
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} DisplayName = Amélioration de nos services InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548} DisplayName = Turbo Lister 2 InstallLocation = C:\Program Files\eBay\Turbo Lister2\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} DisplayName = Connexion Facile à Internet InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Correctif Windows XP - KB873333
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Correctif Windows XP - KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883667 DisplayName = Correctif Windows XP - KB883667
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884267
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Correctif Windows XP - KB885250
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885353
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Correctif Windows XP - KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Correctif Windows XP - KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885855 DisplayName = Correctif Windows XP - KB885855
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Correctif Windows XP - KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886612
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887078
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Correctif Windows XP - KB887472
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887626
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887998 DisplayName = Microsoft .NET Framework 1.0 Hotfix (KB887998)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Correctif Windows XP - KB888113
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888239 DisplayName = Correctif Windows XP - KB888239
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Correctif Windows XP - KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888656
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888795 DisplayName = Correctif pour Windows XP (KB888795)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB889858
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890546 DisplayName = Correctif Windows XP - KB890546
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Correctif Windows XP - KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891122
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891220 DisplayName = Correctif Windows XP - KB891220
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891593 DisplayName = Correctif pour Windows XP (KB891593)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Correctif Windows XP - KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892313
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892559 DisplayName = Correctif Windows XP - KB892559
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Mise à jour de sécurité pour Windows XP (KB893066)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893240
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893241
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Mise à jour de sécurité pour Windows XP (KB893756)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Mise à jour pour Windows XP (KB894391)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895181
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895316
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895572
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895961 DisplayName = Correctif Windows XP - KB895961
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896256 DisplayName = Correctif pour Windows XP (KB896256)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Mise à jour de sécurité pour Windows XP (KB896358)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Mise à jour de sécurité pour Windows XP (KB896422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Mise à jour de sécurité pour Windows XP (KB896423)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Mise à jour de sécurité pour Windows XP (KB896424)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Mise à jour de sécurité pour Windows XP (KB896428)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896727 DisplayName = Mise à jour pour Windows XP (KB896727)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB897586
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Mise à jour pour Windows XP (KB898461)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898549
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899337 DisplayName = Correctif pour Windows XP (KB899337)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899510 DisplayName = Correctif pour Windows XP (KB899510)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Mise à jour de sécurité pour Windows XP (KB899587)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Mise à jour de sécurité pour Windows XP (KB899591)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900325 DisplayName = Correctif n° 2 pour Windows XP Édition Media Center 2005
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900399
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Mise à jour pour Windows XP (KB900485)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Mise à jour de sécurité pour Windows XP (KB900725)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Mise à jour de sécurité pour Windows XP (KB901017)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901190 DisplayName = Mise à jour de sécurité pour Windows XP (KB901190)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Mise à jour de sécurité pour Windows XP (KB901214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902344
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Mise à jour de sécurité pour Windows XP (KB902400)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902841 DisplayName = Correctif pour Windows XP (KB902841)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB903157 DisplayName = Hotfix for Windows Media Player 10 (KB903157)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB903235 DisplayName = Mise à jour de sécurité pour Windows XP (KB903235)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Mise à jour de sécurité pour Windows XP (KB904706)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904942 DisplayName = Mise à jour pour Windows XP (KB904942)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Mise à jour de sécurité pour Windows XP (KB905414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Mise à jour de sécurité pour Windows XP (KB905749)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB907658
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Mise à jour de sécurité pour Windows XP (KB908519)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Mise à jour pour Windows XP (KB908531)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB909095 DisplayName = Correctif pour Windows XP (KB909095)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910393 DisplayName = Mise à jour pour Lecteur Windows Media 10 (KB910393)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Mise à jour pour Windows XP (KB910437)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910728 DisplayName = Correctif pour Windows XP (KB910728)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911164 DisplayName = Mise à jour pour Windows XP (KB911164)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Mise à jour pour Windows XP (KB911280)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Mise à jour de sécurité pour Windows XP (KB911562)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 DisplayName = Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911567 DisplayName = Mise à jour de sécurité pour Windows XP (KB911567)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911854
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Mise à jour de sécurité pour Windows XP (KB911927)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912436 DisplayName = Correctif pour Windows XP (KB912436)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Mise à jour de sécurité pour Windows XP (KB912919)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912945 DisplayName = Mise à jour pour Windows XP (KB912945)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913446 DisplayName = Mise

philae83 · Answer

Bonjour,

edit : j'ai oublié désinstalle spy hunter, c'est un "rogue"
http://assiste.com.free.fr/p/craptheque/craptheque.html


* Télécharge SmitfraudFix 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
de S!Ri, balltrap34 et moe31

* Installe le à la racine de C
 
* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd * Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

tkuss · Answer

Merci pour ta reponse je en l'avais pas vue..... :)
je test ca desuite

tkuss · Answer

voici le rapport :

SmitFraudFix v2.137

Rapport fait à 16:17:03,54, 29/01/2007
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\secure32.html PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\autosys.exe PRESENT !
C:\WINDOWS\system32\ctpmon.exe PRESENT !
C:\WINDOWS\system32\RegistryCleanerSetup.exe PRESENT !
C:\WINDOWS\system32	askdir.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valentin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valentin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\Valentin\MENUDM~1\PROGRA~1\Registry Cleaner PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Valentin\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\Valentin\Bureau\Registry Cleaner.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\RegistryCleaner\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

huy32 détecté, utilisez un scanner de Rootkit

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

philae83 · Answer

Maintenant :

Utilisation ----- option 2 -Nettoyage :

* Redémarre l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924


* Double clique sur smitfraudfix.cmd


* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.


A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté.

A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

* Redémarre en mode normal et poste le rapport ici

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !

PUIS

* Télécharge ce fichier (par ejvindh)
http://www.uploads.ejvindh.net/rustbfix.exe

* sauvegarde-le sur ton Bureau.

* Double clique rustbfix.exe afin de lancer l'outil.
Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer l'ordi. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.

Suite au(x) redémarrage(s), deux rapports s'ouvriront : (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
* Copie colle le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis + celui de smitfraud option 2

tkuss · Answer

et aussi un petit message    pelog     :)
 voili voila


************************* Rustock.b-fix -- By ejvindh *************************
29/01/2007 16:33:34,37

******************* Pre-run Status of system *******************

Rootkit driver huy32 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
  :huy32.sys                              69416
Total size: 69416 bytes.
Attempting to remove ADS...
system32: deleted 69416 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ************************

tkuss · Answer

et voici le log hijackthis .. desolé pour tous ces messages...j'espere que tout est la...   merci de m'aider   !!!

Logfile of HijackThis v1.99.1
Scan saved at 16:40:45, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\adirss.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valentin\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

philae83 · Answer

re

c'est parfait, merci, je regarde ton dernier rapport hijackthis pour continuer à nettoyer, réponse dans un moment

philae83 · Answer

re

* lance Hijackthis coche ces lignes :
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll 
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe 
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll 
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab 
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll 

* ferme toutes les fenêtres ouvertes y compris Internet Explorer et clique sur fix checked.

puis

* Assure toi d'avoir accès à tous les fichiers

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage 

puis 

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation 

Puis  - Appliquer 

* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

C:\WINDOWS\system32\adirss.exe

* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système

* fait un scan antivirus en ligne et poste le rapport ici ensuite
http://www.bitdefender.fr/scan8/ie.html

ainsi qu'un nouveau rapport hijackthis

philae83 · Answer

Merci pour ton aide t'es vraiment un prince ;)

un prince en jupette alors..... :)

philae83 · Answer

Y a rien dans ton rapport concernant adir.dll
qu'en est-il du scan de bitdefender ?

philae83 · Answer

tu penses ou tu l'as supprimé, mais tu m'as bien dit que ton antivirus te le détectait toujours ?

pour le scan, je pense qu'on verra demain le résultat, je ne t'attendrais pas :)

tkuss · Answer

c le bordel!!
lool
voila que adir.dll reviens me harceler pendant le scan de bitdefender..!!!
je l'ai donc mis en quarentaien avec avast deux fois mais rien a faire il envoie des messages suspects  avec comme sujet sending you my love ou internet love, et un petit fichier greeting card.exe   !!

est ce que je suis en train de transmettre ce virus????

philae83 · Answer

normalement bitdefender supprime cette cochonnerie


demarrer>executer>taper:
regsvr32 /u C:\WINDOWS\System32\adir.dll 
ensuite clique sur Entrée...peu importe le message.

ensuite lance HijackThis,"open the misc tool section","delete a file on reboot"
=> dans la fenêtre qui s'ouvre, colle ce chemin :
C:\WINDOWS\system32\adir.dll
puis clique sur "ouvrir"

si il te demande de redémarrer, redémarre le pc.

tkuss · Answer

yep
bonjour,
j'espere que t'es bien reposée...
bon mon pc a tourné toute la nuit, durée du scan 10H et des poussieres

J'ai fait la derniere manip comme tu m'as indiqué ci-dessus
je t'envoi le rapport bitdefender et hijackthis

bitdefender

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Tue, Jan 30, 2007 - 09:03:50
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;F:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 10:16:37
 
Fichiers
 527461
 
Directoires
 5369
 
Secteurs de boot
 6
 
Archives
 21426
 
Paquets programmes
 37687
 
  
  
 
Résultats
 
Virus identifiés
 13
 
Fichiers infectés
 35
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 30
 
  
  
 
Info sur les moteurs
 
Définition virus
 394332
 
Version des moteurs
 AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
 
Analyse des plugins
 14
 
Archive des plugins
 38
 
Unpack des plugins
 6
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 *;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7H7PGDJ6\abc[1].exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7H7PGDJ6\abc[1].exe
 Echec de la désinfection
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7H7PGDJ6\abc[1].exe
 Supprimé
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7H7PGDJ6\abc[2].exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7H7PGDJ6\abc[2].exe
 Echec de la désinfection
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7H7PGDJ6\abc[2].exe
 Supprimé
 
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\win2kprosp4.LAST.IMAGE.iso=>I386/WELCOME.EX_
 Infecté par: BehavesLike:Trojan.RegistryDisabler
 
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\win2kprosp4.LAST.IMAGE.iso=>I386/WELCOME.EX_
 Echec de la désinfection
 
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\win2kprosp4.LAST.IMAGE.iso=>I386/WELCOME.EX_
 Supprimé
 
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\win2kprosp4.LAST.IMAGE.iso
 Echec de la mise à jour
 
C:\RECYCLER\S-1-5-21-3985169229-2468616442-3143399419-1005\Dc2.iso=>I386/WELCOME.EX_
 Infecté par: BehavesLike:Trojan.RegistryDisabler
 
C:\RECYCLER\S-1-5-21-3985169229-2468616442-3143399419-1005\Dc2.iso=>I386/WELCOME.EX_
 Echec de la désinfection
 
C:\RECYCLER\S-1-5-21-3985169229-2468616442-3143399419-1005\Dc2.iso=>I386/WELCOME.EX_
 Supprimé
 
C:\RECYCLER\S-1-5-21-3985169229-2468616442-3143399419-1005\Dc2.iso
 Echec de la mise à jour
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0008121.exe
 Infecté par: Trojan.Downloader.Harnig.AB
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0008121.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0008121.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009127.exe
 Infecté par: Trojan.Downloader.Harnig.AB
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009127.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009127.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009128.exe
 Infecté par: MemScan:Trojan.Dropper.EP
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009128.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009128.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009130.exe
 Infecté par: GenPack:Trojan.Downloader.Tibs.I
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009130.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009130.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009158.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009158.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009158.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009252.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009252.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0009252.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011200.exe
 Infecté par: Trojan.Downloader.Harnig.AB
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011200.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011200.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011201.exe
 Infecté par: Trojan.Dropper.EP
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011201.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011201.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011214.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011214.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP61\A0011214.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0012263.exe
 Infecté par: MemScan:Trojan.SpamBot.DT
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0012263.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0012263.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0012357.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0012357.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0012357.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013265.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013265.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013265.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013266.dll
 Infecté par: Trojan.Spy.Agent.LH
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013266.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013266.dll
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013286.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013286.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013286.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013306.dll
 Infecté par: Trojan.Spy.Agent.LH
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013306.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013306.dll
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013321.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013321.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013321.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013322.exe
 Infecté par: MemScan:Trojan.SpamBot.DT
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013322.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013322.exe
 Supprimé
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013324.sys
 Infecté par: Trojan.HaiDavai.A
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013324.sys
 Echec de la désinfection
 
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP62\A0013324.sys
 Supprimé
 
C:\WINDOWS\system32\abc.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\WINDOWS\system32\abc.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\abc.exe
 Echec de la suppression
 
C:\WINDOWS\system32\adir.dll
 Infecté par: Trojan.Spy.Agent.LH
 
C:\WINDOWS\system32\adir.dll
 Echec de la désinfection
 
C:\WINDOWS\system32\adir.dll
 Echec de la suppression
 
C:\WINDOWS\system32\adirss.exe
 Infecté par: MemScan:Trojan.SpamBot.DT
 
C:\WINDOWS\system32\adirss.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\adirss.exe
 Supprimé
 
C:\WINDOWS\system32\g3l7GT0.exe
 Infecté par: Dropped:Trojan.HaiDavai.A
 
C:\WINDOWS\system32\g3l7GT0.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\g3l7GT0.exe
 Supprimé
 
C:\WINDOWS\system32\game0.exe.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\WINDOWS\system32\game0.exe.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\game0.exe.exe
 Supprimé
 
C:\WINDOWS\system32\game1.exe
 Infecté par: MemScan:Trojan.SpamBot.DT
 
C:\WINDOWS\system32\game1.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\game1.exe
 Echec de la suppression
 
C:\WINDOWS\system32\game2.exe
 Infecté par: MemScan:Trojan.Peed.R
 
C:\WINDOWS\system32\game2.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\game2.exe
 Supprimé
 
C:\WINDOWS\system32\game4.exe
 Infecté par: MemScan:Trojan.Peed.U
 
C:\WINDOWS\system32\game4.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\game4.exe
 Echec de la suppression
 
C:\WINDOWS\system32\game5p.exe.exe
 Infecté par: Dropped:Trojan.HaiDavai.A
 
C:\WINDOWS\system32\game5p.exe.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\game5p.exe.exe
 Supprimé
 
C:\WINDOWS\system32\lnwin.exe
 Infecté par: MemScan:Trojan.Peed.U
 
C:\WINDOWS\system32\lnwin.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\lnwin.exe
 Supprimé
 
C:\WINDOWS\system32\secure32.html
 Infecté par: Trojan.SpySheriff.C
 
C:\WINDOWS\system32\secure32.html
 Echec de la désinfection
 
C:\WINDOWS\system32\secure32.html
 Supprimé
 
C:\WINDOWS\system32	askdir.exe
 Infecté par: GenPack:Trojan.Downloader.Agent.YC
 
C:\WINDOWS\system32	askdir.exe
 Echec de la désinfection
 
C:\WINDOWS\system32	askdir.exe
 Echec de la suppression
 
C:\WINDOWS\system32\UPGN0x5.exe
 Infecté par: Dropped:Trojan.HaiDavai.A
 
C:\WINDOWS\system32\UPGN0x5.exe
 Echec de la désinfection
 
C:\WINDOWS\system32\UPGN0x5.exe
 Supprimé
 
 
hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:18:15, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valentin\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

  de mon coté le pc a l'air de bien tourner je continue a l'utiliser pour voir si tout va bien

philae83 · Answer

bonsoir,

on réattaque
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
 

* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis  te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter  et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

avec un nouveau log Hijackthis

tkuss · Answer

re :)
voici le raaport sdfix:

SDFix: Version 1.63

31/01/2007 - 12:41:16,04

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 

Name:
wincom32

Path:
\??\C:\WINDOWS\system32\wincom32.sys 

wincom32 Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\game1.exe - Deleted
C:\WINDOWS\system32\game3.exe - Deleted
C:\WINDOWS\system32\game4.exe - Deleted
C:\WINDOWS\system32	askdir.exe - Deleted
C:\WINDOWS\system32\wincom32.ini - Deleted
C:\WINDOWS\system32\wincom32.sys - Deleted
C:\WINDOWS\system32\zlbw.dll - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

                                 Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\game1.exe"="C:\WINDOWS\system32\game1.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\VA - Nova Tunes 1.3 [Electronic][2006][www.pctrecords.com]\AlbumArtSmall.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\VA - Nova Tunes 1.3 [Electronic][2006][www.pctrecords.com]\AlbumArt_{710F658C-20A0-4292-9868-139713EE747E}_Large.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\VA - Nova Tunes 1.3 [Electronic][2006][www.pctrecords.com]\AlbumArt_{710F658C-20A0-4292-9868-139713EE747E}_Small.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\VA - Nova Tunes 1.3 [Electronic][2006][www.pctrecords.com]\desktop.ini
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\VA - Nova Tunes 1.3 [Electronic][2006][www.pctrecords.com]\Folder.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\Ying_Yang_Twins-Chemically_Imbalanced-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\Ying_Yang_Twins-Chemically_Imbalanced-(RapGodFathers.com)\AlbumArt_{FF738546-075D-41D2-8827-73E111D7088B}_Large.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\Ying_Yang_Twins-Chemically_Imbalanced-(RapGodFathers.com)\AlbumArt_{FF738546-075D-41D2-8827-73E111D7088B}_Small.jpg
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\Ying_Yang_Twins-Chemically_Imbalanced-(RapGodFathers.com)\desktop.ini
C:\Documents and Settings\Valentin\Mes documents\BitTorrent Downloads\Ying_Yang_Twins-Chemically_Imbalanced-(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Valentin\Mes documents\Ma musique\Orishas\Orishas.-.El.Kilo.SP.2005.MP3.192Kbps.www.mp3-es.com\AlbumArtSmall.jpg
C:\Documents and Settings\Valentin\Mes documents\Ma musique\Orishas\Orishas.-.El.Kilo.SP.2005.MP3.192Kbps.www.mp3-es.com\AlbumArt_{4AE47E93-335C-4DD8-9C2A-93C0A15284B5}_Large.jpg
C:\Documents and Settings\Valentin\Mes documents\Ma musique\Orishas\Orishas.-.El.Kilo.SP.2005.MP3.192Kbps.www.mp3-es.com\AlbumArt_{4AE47E93-335C-4DD8-9C2A-93C0A15284B5}_Small.jpg
C:\Documents and Settings\Valentin\Mes documents\Ma musique\Orishas\Orishas.-.El.Kilo.SP.2005.MP3.192Kbps.www.mp3-es.com\desktop.ini
C:\Documents and Settings\Valentin\Mes documents\Ma musique\Orishas\Orishas.-.El.Kilo.SP.2005.MP3.192Kbps.www.mp3-es.com\Folder.jpg
C:\Documents and Settings\Valentin\Mes documents\Ma musique\Orishas\Orishas.-.El.Kilo.SP.2005.MP3.192Kbps.www.mp3-es.com\Thumbs.db
C:\Documents and Settings\Valentin\Local Settings\Temp\~rnsetup\pncrt.dll
C:\WINDOWS\SMINST\HPCD.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Valentin\Local Settings\Temp\BIT1.tmp
C:\Documents and Settings\Valentin\Mes documents\Mes images\Mes images\2004\mexico\SIVBCE.tmp
C:\Program Files\Google\Google Desktop Search\BIT12D.tmp
C:\WINDOWS\Temp\kccou360.TMP

                                 Finished



le log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 12:47:00, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Valentin\Bureau\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

*** · Answer

J'ai aussi ce problème :'( 
Le PC plante à cause de ce foutu virus/trojan !!!!!

Mais je vais l'avoir !!

Si quelqu'un à un autre bon logiciel pour le supprimer car il revient à chaque fois (rhaaa !!!! :p )


En tout cas, il s'appele Host et je ne vous souhaite pas de le rencontrer ^^


++

Lyonnais92 · Answer

Bonsoir,
Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace 
Procèdes comme ceci : 
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

tu y mets le log du logiciel qui te le détecte et un log HijackThis
(Télécharge HijackThis ici: 
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html 

Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Lance le puis: 
clique sur "do a system scan and save logfile" (cf démo) 
faire un copier coller du log entier sur le forum 

Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/demohijack.htm )

@+

korialstraz · Answer

Bonjour, 
en lissant les rapports que certain on envoyé  je pense a une solution , aprés avoir suprimé les fichiers 
C:\WINDOWS\system32\adir.dll
,C:\WINDOWS\system32\abc.exe 
,C:\WINDOWS\system32\g3l7GT0.exe 
,C:\WINDOWS\system32\adirss.exe
, et les quelques fichier restant qui porte la mention "Echec de la désinfection"
vider le tempori cache net, la corbeille, et surtout decocher la restauration systeme..

ensuite aller dans le msconfig, demarrage, decocher les entres louche..
puis service," masquer tous les services windows",  recherche les "inconnus" qui  sont en cours lorsque le vers est actif... 

corriger moi si je me trompe...

[ virus adir.dll ] infection virulante !!

19 réponses

Discussions similaires

Newsletters