[Demande assistance / virus] SVP

Résolu
Yann -  
green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
demande assistance / infection virus d'après rapports SVP---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:25:08 24/02/2007

+ Résultat de l'analyse:

C:\WINDOWS\BDE -> Adware.BrilliantDigital : Nettoyé.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Nettoyé.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Nettoyé.
HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Nettoyé.
C:\Program Files\PAL SPYREM -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\Quarantine -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\Reports -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\ee.url -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\klp.url -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\pct.url -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\popupe.url -> Adware.PALSpywareRemover : Nettoyé.
C:\Program Files\PAL SPYREM\spyrem.exe -> Adware.PALSpywareRemover : Nettoyé.
C:\WINDOWS\system32\jkkjkih.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039813.exe -> Downloader.Tiny.fk : Nettoyé.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\CA8C01E8-8896-4BEA-BF0D-52209D\C0A5A9CC-1FFD-43CE-9990-08639C -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039814.dll -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039815.dll -> Trojan.Agent.qt : Nettoyé.
C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039832.exe -> Trojan.Dialer.rt : Nettoyé.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Sat, Feb 24, 2007 - 19:36:46

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time
03:02:27

Files
435055

Folders
9101

Boot Sectors
2

Archives
8833

Packed Files
39185

Results

Identified Viruses
2

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4

Engines Info

Virus Definitions
393347

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll
Infected with: Trojan.Obfus.Gen

C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll
Disinfection failed

C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll
Deleted

C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039846.dll
Infected with: Trojan.Obfus.Gen

C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039846.dll
Disinfection failed

C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039846.dll
Deleted

C:\WINDOWS\system32\awvtr.dll
Infected with: MemScan:Trojan.Vundo.AF

C:\WINDOWS\system32\awvtr.dll
Disinfection failed

C:\WINDOWS\system32\awvtr.dll
Delete failed

C:\WINDOWS\system32\maslapn.dll
Infected with: Trojan.Obfus.Gen

C:\WINDOWS\system32\maslapn.dll
Disinfection failed

C:\WINDOWS\system32\maslapn.dll
Deleted

C:\WINDOWS\system32\setupapi.dll
Clean

C:\WINDOWS\system32\setupdll.dll
Clean

C:\WINDOWS\system32\setver.exe
Clean

C:\WINDOWS\system32\sfc.dll
Clean

C:\WINDOWS\system32\sfc.exe
Clean

C:\WINDOWS\system32\sfcfiles.dll
Clean

C:\WINDOWS\system32\sfc_os(3).dll
Clean

C:\WINDOWS\system32\sfc_os.dll
Clean

C:\WINDOWS\system32\sfmapi.dll
Clean

C:\WINDOWS\system32\sgpvqml.dll
Infected with: Trojan.Obfus.Gen

C:\WINDOWS\system32\sgpvqml.dll
Infected with: Trojan.Obfus.Gen

C:\WINDOWS\system32\sgpvqml.dll
Disinfection failed

C:\WINDOWS\system32\sgpvqml.dll
Disinfection failed

C:\WINDOWS\system32\sgpvqml.dll
Delete failed

C:\WINDOWS\system32\sgpvqml.dll
Delete failed

C:\WINDOWS\system32\shadow.exe
Clean

C:\WINDOWS\system32\share.exe
Clean

C:\WINDOWS\system32\shdoclc.dll
Clean

C:\WINDOWS\system32\shdocvw.dll
Clean

C:\WINDOWS\system32\shell.dll
Clean

C:\WINDOWS\system32\shell32(3).dll
Clean

C:\WINDOWS\system32\shell32.dll
Clean

C:\WINDOWS\system32\shellstyle.dll
Clean

C:\WINDOWS\system32\shfolder(2).dll
Clean

C:\WINDOWS\system32\shfolder.dll
Clean

C:\WINDOWS\system32\shgina.dll
Clean

C:\WINDOWS\system32\shiftjis.uce
Clean

C:\WINDOWS\system32\shimeng.dll
Clean

C:\WINDOWS\system32\shimgvw(2).dll
Clean

C:\WINDOWS\system32\shimgvw.dll
Clean

C:\WINDOWS\system32\shlwapi(3).dll
Clean

C:\WINDOWS\system32\shlwapi.dll
Clean

C:\WINDOWS\system32\shmedia.dll
Clean

C:\WINDOWS\system32\shmgrate.exe
Clean

C:\WINDOWS\system32\shrpubw.exe
Clean

C:\WINDOWS\system32\shscrap.dll
Clean

C:\WINDOWS\system32\shsvcs(3).dll
Clean

C:\WINDOWS\system32\shsvcs.dll
Clean

C:\WINDOWS\system32\shutdown.exe
Clean

C:\WINDOWS\system32\sigtab.dll
Clean

C:\WINDOWS\system32\sigverif.exe
Clean

C:\WINDOWS\system32\simpdata.tlb
Clean

C:\WINDOWS\system32\sisbkup.dll
Clean

C:\WINDOWS\system32\skdll.dll
Clean

C:\WINDOWS\system32\skeys.exe
Clean

C:\WINDOWS\system32\slayerxp.dll
Clean

C:\WINDOWS\system32\slbcsp.dll
Clean

C:\WINDOWS\system32\slbiop.dll
Clean

C:\WINDOWS\system32\slbrccsp.dll
Clean

C:\WINDOWS\system32\slcpappl.chm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#SYSTEM
Clean

C:\WINDOWS\system32\slcpappl.chm=>/SLCPAPPL.hhc
Clean

C:\WINDOWS\system32\slcpappl.chm=>/SLCPAPPL.hhk
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4701).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm=>(JAVASCRIPT 4)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm=>(JAVASCRIPT 5)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4703).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4702).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4707).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4706).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4410).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4402).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4403).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4404).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4405).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4406).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4708).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4710).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4704).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4705).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4407).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4004).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4010).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4002).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4005).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4003).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4006).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4007).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4408).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4401).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4008).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4001).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4101).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4502).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4510).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4503).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4504).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4505).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4506).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4110).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4102).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4103).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4104).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4105).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4106).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4107).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4108).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4610).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4307).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4308).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4301).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4507).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4508).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4501).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4310).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4602).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4302).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4303).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4304).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4305).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4306).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4605).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4810).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4802).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4803).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4804).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4805).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4806).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4807).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4808).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4604).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4606).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4607).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4608).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm=>(JAVASCRIPT 4)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm=>(JAVASCRIPT 5)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4601).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4603).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4201).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm=>(JAVASCRIPT 4)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm=>(JAVASCRIPT 5)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4801).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4206).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4208).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4207).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4901).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4902).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4210).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4202).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4203).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4204).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4205).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4907).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4711).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4811).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4411).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/English (4011).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/French (4111).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/German (4511).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Italian (4311).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4611).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4903).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4904).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4906).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4908).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4910).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4905).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Korean (4911).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4211).htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.htm
Clean

C:\WINDOWS\system32\slcpappl.chm=>/external.js
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#BSSC
Clean

C:\WINDOWS\system32\slcpappl.chm=>/SLCPAPPL.brs
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image001.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image002.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image003.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image004.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image005.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image006.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image007.gif
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#WINDOWS
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#IVB
Clean

C:\WINDOWS\system32\slcpappl.chm=>/$WWKeywordLinks/Property
Clean

C:\WINDOWS\system32\slcpappl.chm=>/$WWAssociativeLinks/Property
Clean

C:\WINDOWS\system32\slcpappl.chm=>/$OBJINST
Clean

C:\WINDOWS\system32\slcpappl.chm=>/$FIftiMain
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#IDXHDR
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#TOPICS
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#URLTBL
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#URLSTR
Clean

C:\WINDOWS\system32\slcpappl.chm=>/#STRINGS
Clean

C:\WINDOWS\system32\slcpappl.cpl
Clean

C:\WINDOWS\system32\slextspk.dll
Clean

C:\WINDOWS\system32\slserv.exe
Clean

C:\WINDOWS\system32\sl_anet.acm
Clean

C:\WINDOWS\system32\smbinst.exe
Clean

C:\WINDOWS\system32\smlogcfg.dll
Clean

C:\WINDOWS\system32\smlogsvc.exe
Clean

C:\WINDOWS\system32\SMMSCRPT.DLL
Clean

C:\WINDOWS\system32\SMMSETUP.DLL
Clean

C:\WINDOWS\system32\smss.exe
Clean

C:\WINDOWS\system32\sndrec32.exe
Clean

C:\WINDOWS\system32\sndvol32.exe
Clean

C:\WINDOWS\system32\snmpapi(2).dll
Clean

C:\WINDOWS\system32\snmpapi.dll
Clean

C:\WINDOWS\system32\snmpsnap.dll
Clean

C:\WINDOWS\system32\softpub.dll
Clean

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\5.8.0.2469\wuapi.dll
Clean

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\5.8.0.2694\wuapi.dll
Clean

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll
Clean

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2694\wups.dll
Clean

C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\5.8.0.2694\wups2.dll
Clean

C:\WINDOWS\system32\sol.exe
Clean

C:\WINDOWS\system32\sort.exe
Clean

C:\WINDOWS\system32\sortkey.nls
Clean

C:\WINDOWS\system32\sorttbls.nls
Clean

C:\WINDOWS\system32\sound.drv
Clean

C:\WINDOWS\system32\spider.exe
Clean

C:\WINDOWS\system32\spiisupd.exe
Clean

C:\WINDOWS\system32\spmsg.dll
Clean

C:\WINDOWS\system32\spnike.dll
Clean

C:\WINDOWS\system32\spnpinst.exe
Clean

C:\WINDOWS\system32\spool\drivers\color\AdobeRGB1998.icc
Clean

C:\WINDOWS\system32\spool\drivers\color\adod6522.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\appd6518.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\BetaRGB.icc
Clean

C:\WINDOWS\system32\spool\drivers\color\Diamond Compatible 9300K G2.2.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\ECI-RGB.V1.0.icc
Clean

C:\WINDOWS\system32\spool\drivers\color\European Print Medium GCR 320 UCR.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\Hitachi Compatible 9300K G2.2.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Prem Plus Photo(tricolor+black).icc
Clean

C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Prem Plus Photo(tricolor+photo).icc
Clean

C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Premium Paper(tricolor+black).icc
Clean

C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Premium Paper(tricolor+photo).icc
Clean

C:\WINDOWS\system32\spool\drivers\color\HP PS C4100-Prem Plus Photo(tricolor+gray).icc
Clean

C:\WINDOWS\system32\spool\drivers\color\HP PS C4100-Premium Paper(tricolor+gray).icc
Clean

C:\WINDOWS\system32\spool\drivers\color\HP500ND.ICM
Clean

C:\WINDOWS\system32\spool\drivers\color\HP500NG.ICM
Clean

C:\WINDOWS\system32\spool\drivers\color\is330.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\Kodak SWOP Proofer CMYK-Coated.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\NEC Compatible 9300K G2.2.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm
Clean

C:\WINDOWS\system32\spool\drivers\color\Trinitron Compatible 9300K G2.2.icm
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\2\olfaxdrv.fad
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\2\olfdnt40.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\2\olfunt40.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac4103.BUD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac4103.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac4103.xml
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac410a.ini
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpafax.gpd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpafax.ini
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpafax.xml
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpahc410.exp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpaiofax.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJ500C.BUD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJ500C.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJRES.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPk7hmlo.cfg
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPrbi85i.cfg
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPV600AL.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ200.HLP
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI=>(unicode)
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ670.BUD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ670.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ67X.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ6XX.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVIMG50.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVNAM50.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUD50.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUI50.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3a054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3m054.gpd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzar054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzcs054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzhc054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzht054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzda054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzde054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzen054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzes054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzfr054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzel054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzhe054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzit054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzja054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzko054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzhu054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpznl054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzno054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzpl054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzpt054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzru054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzsk054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzfi054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzsv054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzth054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpztr054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzca054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsc054.dtd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsm054.gpd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzuifax.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\STDNAMES.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.HLP
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpac4103.gpd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpac4103.xml
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpac410a.ini
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpahc410.exp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpbcfgre.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpcdmc32.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpfie054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpfig054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpfrs054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpz3a054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpz3m054.gpd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpz3r054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzev054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzar054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzcs054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzhc054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzht054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzda054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzde054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzen054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzes054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzfr054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzel054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzhe054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzit054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzja054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzko054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzhu054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpznl054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzno054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzpl054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzpt054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzru054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzsk054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzfi054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzsv054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzth054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpztr054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzca054.hlp
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzpr054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzsc054.dtd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzsm054.gpd
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzss054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzst054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzui054.dll
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\STDNAMES.GPD
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIDRV.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIDRV.HLP
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIDRVUI.DLL
Clean

C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIRES.DLL
Clean

C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
Clean

C:\WINDOWS\system32\spool\prtprocs\w32x86\OLFPNT40.DLL
Clean

C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll
Clean

C:\WINDOWS\system32\spoolss(2).dll
Clean

C:\WINDOWS\system32\spoolss.dll
Clean

C:\WINDOWS\system32\spoolsv.exe
Clean

C:\WINDOWS\system32\sprestrt.exe
Clean

C:\WINDOWS\system32\sprio600.dll
Clean

C:\WINDOWS\system32\sprio800.dll
Clean

C:\WINDOWS\system32\SPTBDOCK.OCX
Clean

C:\WINDOWS\system32\spupdsvc.exe
Clean

C:\WINDOWS\system32\spxcoins.dll
Clean

C:\WINDOWS\system32\sqlsodbc.chm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#SYSTEM
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA.css
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Ex.css
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Print.css
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.css
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 1)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 2)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 3)
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/shared.js
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/caution.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coC.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coCb.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coE.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coEb.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/elle.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/important.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd_.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd_c.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto_.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto_c.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/note.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_c.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/spacer.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/tip.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/warning.gif
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/sqlsodbc.hhc
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#WINDOWS
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#IVB
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/$WWKeywordLinks/Property
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/$WWAssociativeLinks/Property
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/$OBJINST
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/$FIftiMain
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#IDXHDR
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#TOCIDX
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#TOPICS
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#URLTBL
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#URLSTR
Clean

C:\WINDOWS\system32\sqlsodbc.chm=>/#STRINGS
Clean

C:\WINDOWS\system32\sqlsrv32.dll
Clean

C:\WINDOWS\system32\sqlsrv32.rll
Clean

C:\WINDOWS\system32\sqlunirl.dll
Clean

C:\WINDOWS\system32\sqlwid.dll
Clean

C:\WINDOWS\system32\sqlwoa.dll
Clean

C:\WINDOWS\system32\srclient.dll
Clean

C:\WINDOWS\system32\srrstr.dll
Clean

C:\WINDOWS\system32\srsvc(3).dll
Clean

C:\WINDOWS\system32\srsvc.dll
Clean

C:\WINDOWS\system32\srvsvc.dll
Clean

C:\WINDOWS\system32\ss3dfo.scr
Clean

C:\WINDOWS\system32\ssbezier.scr
Clean

C:\WINDOWS\system32\ssdpapi(3).dll
Clean

C:\WINDOWS\system32\ssdpapi.dll
Clean

C:\WINDOWS\system32\ssdpsrv(3).dll
Clean

C:\WINDOWS\system32\ssdpsrv.dll
Clean

C:\WINDOWS\system32\ssflwbox.scr
Clean

C:\WINDOWS\system32\ssldivx.dll
Clean

C:\WINDOWS\system32\ssmarque.scr
Clean

C:\WINDOWS\system32\ssmypics.scr
Clean

C:\WINDOWS\system32\ssmyst.scr
Clean

C:\WINDOWS\system32\sspipes.scr
Clean

C:\WINDOWS\system32\ssqro.dll
Infected with: MemScan:Trojan.Vundo.AF

C:\WINDOWS\system32\ssqro.dll
Infected with: MemScan:Trojan.Vundo.AF

C:\WINDOWS\system32\ssqro.dll
Disinfection failed

C:\WINDOWS\system32\ssqro.dll
Disinfection failed

C:\WINDOWS\system32\ssqro.dll
Deleted

C:\WINDOWS\system32\ssqro.dll
Deleted

C:\WINDOWS\system32\ssstars.scr
Clean

C:\WINDOWS\system32\sstext3d.scr
Clean

C:\WINDOWS\system32\start.cdi
Clean

C:\WINDOWS\system32\stclient.dll
Clean

C:\WINDOWS\system32\STDOLE.TLB
Clean

C:\WINDOWS\system32\stdole2.tlb
Clean

C:\WINDOWS\system32\stdole32.tlb
Clean

C:\WINDOWS\system32\sti(2).dll
Clean

C:\WINDOWS\system32\sti.dll
Clean

C:\WINDOWS\system32\stimon.exe
Clean

C:\WINDOWS\system32\sti_ci.dll
Clean

C:\WINDOWS\system32\STKIT432.DLL
Clean

C:\WINDOWS\system32\stobject(2).dll
Clean

C:\WINDOWS\system32\stobject.dll
Clean

C:\WINDOWS\system32\storage.dll
Clean

C:\WINDOWS\system32\storprop.dll
Clean

C:\WINDOWS\system32\streamci.dll
Clean

C:\WINDOWS\system32\strmdll(2).dll
Clean

C:\WINDOWS\system32\strmdll.dll
Clean

C:\WINDOWS\system32\strmfilt.dll
Clean

C:\WINDOWS\system32\subrange.uce
Clean

C:\WINDOWS\system32\subst.exe
Clean

C:\WINDOWS\system32\svchost.exe
Clean

C:\WINDOWS\system32\svcpack.dll
Clean

C:\WINDOWS\system32\swpdflt2.dll
Clean

C:\WINDOWS\system32\swprv.dll
Clean

C:\WINDOWS\system32\sxs(3).dll
Clean

C:\WINDOWS\system32\sxs.dll
Clean

C:\WINDOWS\system32\SymStore.dll
Clean

C:\WINDOWS\system32\syncapp.exe
Clean

C:\WINDOWS\system32\synceng.dll
Clean

C:\WINDOWS\system32\syncui.dll
Clean

C:\WINDOWS\system32\sysdm.cpl
Clean

C:\WINDOWS\system32\sysedit.exe
Clean

C:\WINDOWS\system32\sysinv.dll
Clean

C:\WINDOWS\system32\syskey.exe
Clean

C:\WINDOWS\system32\sysmon.ocx
Clean

C:\WINDOWS\system32\sysocmgr.exe
Clean

C:\WINDOWS\system32\sysprint.sep
Clean

C:\WINDOWS\system32\sysprtj.sep
Clean

C:\WINDOWS\system32\syssetup.dll
Clean

C:\WINDOWS\system32\system.drv
Clean

C:\WINDOWS\system32\systeminfo.exe
Clean

C:\WINDOWS\system32\systray.exe
Clean

C:\WINDOWS\system32\t2embed.dll
Clean

C:\WINDOWS\system32\tabctl32.ocx
Clean

C:\WINDOWS\system32\tapi.dll
Clean

C:\WINDOWS\system32\tapi3.dll
Clean

C:\WINDOWS\system32\tapi32(3).dll
Clean

C:\WINDOWS\system32\tapi32.dll
Clean

C:\WINDOWS\system32\tapiperf.dll
Clean

C:\WINDOWS\system32\tapisrv(3).dll
Clean

C:\WINDOWS\system32\tapisrv.dll
Clean

C:\WINDOWS\system32\tapiui.dll
Clean

C:\WINDOWS\system32\taskkill.exe
Clean

C:\WINDOWS\system32\tasklist.exe
Clean

C:\WINDOWS\system32\taskman.exe
Clean

C:\WINDOWS\system32\taskmgr.exe
Clean

C:\WINDOWS\system32\tcmsetup.exe
Clean

C:\WINDOWS\system32\tcpmib.dll
Clean

C:\WINDOWS\system32\tcpmon.dll
Clean

C:\WINDOWS\system32\tcpmon.ini
Clean

C:\WINDOWS\system32\tcpmonui.dll
Clean

C:\WINDOWS\system32\tcpsvcs.exe
Clean

C:\WINDOWS\system32\tdc.ocx
Clean

C:\WINDOWS\system32\telephon.cpl
Clean

C:\WINDOWS\system32\telnet.exe
Clean

C:\WINDOWS\system32\termcap
Clean

C:\WINDOWS\system32\termmgr.dll
Clean

C:\WINDOWS\system32\termsrv(3).dll
Clean

C:\WINDOWS\system32\termsrv.dll
Clean

C:\WINDOWS\system32\tftp.exe
Clean

C:\WINDOWS\system32\TFTP4484
Clean

C:\WINDOWS\system32\themeui(2).dll
Clean

C:\WINDOWS\system32\themeui.dll
Clean

C:\WINDOWS\system32\timedate.cpl
Clean

C:\WINDOWS\system32\timer.drv
Clean

C:\WINDOWS\system32\TLBINF32.DLL
Clean

C:\WINDOWS\system32\tlntadmn.exe
Clean

C:\WINDOWS\system32\tlntsess.exe
Clean

C:\WINDOWS\system32\tlntsvr.exe
Clean

C:\WINDOWS\system32\tlntsvrp.dll
Clean

C:\WINDOWS\system32\tm20dec.ax
Clean

C:\WINDOWS\system32\toolhelp.dll
Clean

C:\WINDOWS\system32\tourstart.exe
Clean

C:\WINDOWS\system32\tracerpt.exe
Clean

C:\WINDOWS\system32\tracert.exe
Clean

C:\WINDOWS\system32\tracert6.exe
Clean

C:\WINDOWS\system32\traffic.dll
Clean

C:\WINDOWS\system32\tree.com
Clean

C:\WINDOWS\system32\trkwks(3).dll
Clean

C:\WINDOWS\system32\trkwks.dll
Clean

C:\WINDOWS\system32\tsappcmp.dll
Clean

C:\WINDOWS\system32\tsbyuv.dll
Clean

C:\WINDOWS\system32\tscfgwmi.dll
Clean

C:\WINDOWS\system32\tscon.exe
Clean

C:\WINDOWS\system32\tscupgrd.exe
Clean

C:\WINDOWS\system32\tsd32.dll
Clean

C:\WINDOWS\system32\tsddd.dll
Clean

C:\WINDOWS\system32\tsdiscon.exe
Clean

C:\WINDOWS\system32\tskill.exe
Clean

C:\WINDOWS\system32\tslabels.h
Clean

C:\WINDOWS\system32\tslabels.ini
Clean

C:\WINDOWS\system32\tsshutdn.exe
Clean

C:\WINDOWS\system32\tssoft32.acm
Clean

C:\WINDOWS\system32\TWAIN_32.DLL
Clean

C:\WINDOWS\system32\twext.dll
Clean

C:\WINDOWS\system32\txflog.dll
Clean

C:\WINDOWS\system32\typelib.dll
Clean

C:\WINDOWS\system32\typeperf.exe
Clean

C:\WINDOWS\system32\udhisapi.dll
Clean

C:\WINDOWS\system32\ufat.dll
Clean

C:\WINDOWS\system32\ulib.dll
Clean

C:\WINDOWS\system32\umandlg.dll
Clean

C:\WINDOWS\system32\umdmxfrm.dll
Clean

C:\WINDOWS\system32\umpnpmgr(3).dll
Clean

C:\WINDOWS\system32\umpnpmgr.dll
Clean

C:\WINDOWS\system32\unaddrv.exe
Clean

C:\WINDOWS\system32\unam4ie.exe
Clean

C:\WINDOWS\system32\unicdime.ime
Clean

C:\WINDOWS\system32\unicode.nls
Clean

C:\WINDOWS\system32\uniime.dll
Clean

C:\WINDOWS\system32\unimdm.tsp
Clean

C:\WINDOWS\system32\unimdmat.dll
Clean

C:\WINDOWS\system32\uniplat.dll
Clean

C:\WINDOWS\system32\unlodctr.exe
Clean

C:\WINDOWS\system32\unrar.dll
Clean

C:\WINDOWS\system32\untfs.dll
Clean

C:\WINDOWS\system32\unzip32.dll
Clean

C:\WINDOWS\system32\upnp(3).dll
Clean

C:\WINDOWS\system32\upnp.dll
Clean

C:\WINDOWS\system32\upnpcont.exe
Clean

C:\WINDOWS\system32\upnphost.dll
Clean

C:\WINDOWS\system32\upnpui.dll
Clean

C:\WINDOWS\system32\ups.exe
Clean

C:\WINDOWS\system32\ureg.dll
Clean

C:\WINDOWS\system32\url(3).dll
Clean

C:\WINDOWS\system32\url.dll
Clean

C:\WINDOWS\system32\urlmon(3).dll
Clean

C:\WINDOWS\system32\urlmon.dll
Clean

C:\WINDOWS\system32\urqnkjh.dll
Clean

C:\WINDOWS\system32\URTTemp\fusion.dll
Clean

C:\WINDOWS\system32\URTTemp\mscoree.dll
Clean

C:\WINDOWS\system32\URTTemp\mscoree.dll.local
Clean

C:\WINDOWS\system32\URTTemp\mscorsn.dll
Clean

C:\WINDOWS\system32\URTTemp\mscorwks.dll
Clean

C:\WINDOWS\system32\URTTemp\msvcr71.dll
Clean

C:\WINDOWS\system32\URTTemp\regtlib.exe
Clean

C:\WINDOWS\system32\usbmon.dll
Clean

C:\WINDOWS\system32\usbui.dll
Clean

C:\WINDOWS\system32\usb_cpl.dll
Clean

C:\WINDOWS\system32\user.exe
Clean

C:\WINDOWS\system32\user32.dll
Clean

C:\WINDOWS\system32\userenv.dll
Clean

C:\WINDOWS\system32\userinit.exe
Clean

C:\WINDOWS\system32\usmt\guitrn.dll
Clean

C:\WINDOWS\system32\usmt\guitrn_a.dll
Clean

C:\WINDOWS\system32\usmt\iconlib.dll
Clean

C:\WINDOWS\system32\usmt\log.dll
Clean

C:\WINDOWS\system32\usmt\migapp.inf
Clean

C:\WINDOWS\system32\usmt\migapp.inf=>(unicode)
Clean

C:\WINDOWS\system32\usmt\migism.dll
Clean

C:\WINDOWS\system32\usmt\migism.inf
Clean

C:\WINDOWS\system32\usmt\migism.inf=>(unicode)
Clean

C:\WINDOWS\system32\usmt\migism_a.dll
Clean

C:\WINDOWS\system32\usmt\migload.exe
Clean

C:\WINDOWS\system32\usmt\migsys.inf
Clean

C:\WINDOWS\system32\usmt\migsys.inf=>(unicode)
Clean

C:\WINDOWS\system32\usmt\miguser.inf
Clean

C:\WINDOWS\system32\usmt\miguser.inf=>(unicode)
Clean

C:\WINDOWS\system32\usmt\migwiz.exe
Clean

C:\WINDOWS\system32\usmt\migwiz.exe.manifest
Clean

C:\WINDOWS\system32\usmt\migwiz.exe.manifest=>(unicode)
Clean

C:\WINDOWS\system32\usmt\migwiz.inf
Clean

C:\WINDOWS\system32\usmt\migwiz.inf=>(unicode)
Clean

C:\WINDOWS\system32\usmt\migwiz_a.exe
Clean

C:\WINDOWS\system32\usmt\script.dll
Clean

C:\WINDOWS\system32\usmt\script_a.dll
Clean

C:\WINDOWS\system32\usmt\sysfiles.inf
Clean

C:\WINDOWS\system32\usmt\sysfiles.inf=>(unicode)
Clean

C:\WINDOWS\system32\usmt\sysmod.dll
Clean

C:\WINDOWS\system32\usmt\sysmod_a.dll
Clean

C:\WINDOWS\system32\usmt\usmtdef.inf
Clean

C:\WINDOWS\system32\usmt\usmtdef.inf=>(unicode)
Clean

C:\WINDOWS\system32\usp10(3).dll
Clean

C:\WINDOWS\system32\usp10.dll
Clean

C:\WINDOWS\system32\usrcntra.dll
Clean

C:\WINDOWS\system32\usrcoina.dll
Clean

C:\WINDOWS\system32\usrdpa.dll
Clean

C:\WINDOWS\system32\usrdtea.dll
Clean

C:\WINDOWS\system32\usrfaxa.dll
Clean

C:\WINDOWS\system32\usrlbva.dll
Clean

C:\WINDOWS\system32\usrlogon.cmd
Clean

C:\WINDOWS\system32\usrmlnka.exe
Clean

C:\WINDOWS\system32\usrprbda.exe
Clean

C:\WINDOWS\system32\usrrtosa.dll
Clean

C:\WINDOWS\system32\usrsdpia.dll
Clean

C:\WINDOWS\system32\usrshuta.exe
Clean

C:\WINDOWS\system32\usrsvpia.dll
Clean

C:\WINDOWS\system32\usrv42a.dll
Clean

C:\WINDOWS\system32\usrv80a.dll
Clean

C:\WINDOWS\system32\usrvoica.dll
Clean

C:\WINDOWS\system32\usrvpa.dll
Clean

C:\WINDOWS\system32\utildll.dll
Clean

C:\WINDOWS\system32\utilman.exe
Clean

C:\WINDOWS\system32\uwdf.exe
Clean

C:\WINDOWS\system32\uxtheme(3).dll
Clean

C:\WINDOWS\system32\uxtheme.dll
Clean

C:\WINDOWS\system32\v7vga.rom
Clean

C:\WINDOWS\system32\v7vga.rom=>REMOVED_NULLS
Clean

C:\WINDOWS\system32\VB5DB.DLL
Clean

C:\WINDOWS\system32\VB6FR.DLL
Clean

C:\WINDOWS\system32\VB6STKIT.DLL
Clean

C:\WINDOWS\system32\VBAEN32.OLB
Clean

C:\WINDOWS\system32\VBAEND32.OLB
Clean

C:\WINDOWS\system32\VBAFR32.OLB
Clean

C:\WINDOWS\system32\vbajet32.dll
Clean

C:\WINDOWS\system32\VBAME.DLL
Clean

C:\WINDOWS\system32\vbar332.dll
Clean

C:\WINDOWS\system32\vbicodec.ax
Clean

C:\WINDOWS\system32\vbisurf.ax
Clean

C:\WINDOWS\system32\vbscript(2).dll
Clean

C:\WINDOWS\system32\vbscript.dll
Clean

C:\WINDOWS\system32\vbsfr.dll
Clean

C:\WINDOWS\system32\vcdex.dll
Clean

C:\WINDOWS\system32\VCT3216.ACM
Clean

C:\WINDOWS\system32\VCT3216.DLL
Clean

C:\WINDOWS\system32\vdmdbg.dll
Clean

C:\WINDOWS\system32\vdmredir.dll
Clean

C:\WINDOWS\system32\VEN2232.OLB
Clean

C:\WINDOWS\system32\ver.dll
Clean

C:\WINDOWS\system32\verclsid.exe
Clean

C:\WINDOWS\system32\verifier.dll
Clean

C:\WINDOWS\system32\verifier.exe
Clean

C:\WINDOWS\system32\version.dll
Clean

C:\WINDOWS\system32\vfpodbc.dll
Clean

C:\WINDOWS\system32\vga.dll
Clean

C:\WINDOWS\system32\vga.drv
Clean

C:\WINDOWS\system32\vga256.dll
Clean

C:\WINDOWS\system32\vga64k.dll
Clean

C:\WINDOWS\system32\vidx16.dll
Clean

C:\WINDOWS\system32\Viewers\DEBMP.DLL
Clean

C:\WINDOWS\system32\Viewers\DEHEX.DLL
Clean

C:\WINDOWS\system32\Viewers\DEMET.DLL
Clean

C:\WINDOWS\system32\Viewers\DESS.DLL
Clean

C:\WINDOWS\system32\Viewers\DEWP.DLL
Clean

C:\WINDOWS\system32\Viewers\MSVIEWUT.DLL
Clean

C:\WINDOWS\system32\Viewers\QUIKVIEW.EXE
Clean

C:\WINDOWS\system32\Viewers\SCCVIEW.DLL
Clean

C:\WINDOWS\system32\Viewers\VSASC8.DLL
Clean

C:\WINDOWS\system32\Viewers\VSBMP.DLL
Clean

C:\WINDOWS\system32\Viewers\VSDRW.DLL
Clean

C:\WINDOWS\system32\Viewers\VSEXE.DLL
Clean

C:\WINDOWS\system32\Viewers\VSEXE2.DLL
Clean

C:\WINDOWS\system32\Viewers\VSMP.DLL
Clean

C:\WINDOWS\system32\Viewers\VSMSW.DLL
Clean

C:\WINDOWS\system32\Viewers\VSPP.DLL
Clean

C:\WINDOWS\system32\Viewers\VSQP6.DLL
Clean

C:\WINDOWS\system32\Viewers\VSRTF.DLL
Clean

C:\WINDOWS\system32\Viewers\VSTIFF.DLL
Clean

C:\WINDOWS\system32\Viewers\VSW6.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWKS.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWMF.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWORD.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWORK.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWP5.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWP6.DLL
Clean

C:\WINDOWS\system32\Viewers\VSWPF.DLL
Clean

C:\WINDOWS\system32\Viewers\VSXL5.DLL
Clean

C:\WINDOWS\system32\vjoy.dll
Clean

C:\WINDOWS\system32\vmhelper.dll
Clean

C:\WINDOWS\system32\VOXMSDEC.AX
Clean

C:\WINDOWS\system32\VOXMVDEC.AX
Clean

C:\WINDOWS\system32\vp6dec_settings.cpl
Clean

C:\WINDOWS\system32\VSFLEX3.OCX
Clean

C:\WINDOWS\system32\vssadmin.exe
Clean

C:\WINDOWS\system32\vssapi(3).dll
Clean

C:\WINDOWS\system32\vssapi.dll
Clean

C:\WINDOWS\system32\vssvc.exe
Clean

C:\WINDOWS\system32\vss_ps.dll
Clean

C:\WINDOWS\system32\vwipxspx.dll
Clean

C:\WINDOWS\system32\vwipxspx.exe
Clean

C:\WINDOWS\system32\vxblock.dll
Clean

C:\WINDOWS\system32\w32n50.dll
Clean

C:\WINDOWS\system32\w32time(3).dll
Clean

C:\WINDOWS\system32\w32time.dll
Clean

C:\WINDOWS\system32\w32tm.exe
Clean

C:\WINDOWS\system32\w32topl.dll
Clean

C:\WINDOWS\system32\w3ssl.dll
Clean

C:\WINDOWS\system32\w95inf16.dll
Clean

C:\WINDOWS\system32\w95inf32.dll
Clean

C:\WINDOWS\system32\watchdog.sys
Clean

C:\WINDOWS\system32\wavemsp.dll
Clean

C:\WINDOWS\system32\wbcache.deu
Clean

C:\WINDOWS\system32\wbcache.enu
Clean

C:\WINDOWS\system32\wbcache.esn
Clean

C:\WINDOWS\system32\wbcache.fra
Clean

C:\WINDOWS\system32\wbcache.ita
Clean

C:\WINDOWS\system32\wbcache.nld
Clean

C:\WINDOWS\system32\wbcache.sve
Clean

C:\WINDOWS\system32\wbdbase.deu
Clean

C:\WINDOWS\system32\wbdbase.enu
Clean

C:\WINDOWS\system32\wbdbase.esn
Clean

C:\WINDOWS\system32\wbdbase.fra
Clean

C:\WINDOWS\system32\wbdbase.ita
Clean

C:\WINDOWS\system32\wbdbase.nld
Clean

C:\WINDOWS\system32\wbdbase.sve
Clean

C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof=>(unicode)
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof
Clean

C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof=>(unicode)

31 réponses

  • 1
  • 2
Résumé de la discussion

Des rapports d'analyse antivirus signalent une infection via des fichiers Trojan et adware, notamment Trojan.Vundo.AF et Trojan.Obfus.Gen, avec des alertes et des désinfections partiellement réussies. Le rapport indique que plusieurs éléments ont été nettoyés ou déplacés en quarantaine, tandis que certains fichiers critiques comme awvtr.dll, maslapn.dll et ssqro.dll présentent des désinfections échouées ou des suppressions nécessaires. Des actions recommandées dans ce contexte incluent l'exécution du nettoyage en mode sans échec, la suppression des points de restauration compromis et la mise à jour des définitions avant un nouveau scan approfondi. En cas de persistance des infections, une réinstallation propre du système ou une vérification approfondie des périphériques et des sauvegardes récentes peut s'avérer nécessaire pour prévenir une réinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Télécharge ceci sur ton bureau :

    Lien : hijackthis

    Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

    Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

    ++
    0
    1. Yann
       
      Merci de m'avoir répondu
      Je vais tacher de suivre à la lettre vos conseils

      Voici le rapport souhaité :

      Logfile of HijackThis v1.99.1
      Scan saved at 22:25:47, on 24/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\Office\1036\wfxmsrvr.exe
      C:\WINDOWS\msagent\AgentSvr.exe
      C:\PROGRA~1\MICROS~4\Office\1036\OLFMOD32.EXE
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Documents and Settings\MURIE\Bureau\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, fais un clic droit sue l'icone du logiciel hijackthis < renommer < et nomme le CCM.exe

    ensuite reposte un hijack stp

    ++
    0
    1. Yann
       
      Voilà la suite :

      Logfile of HijackThis v1.99.1
      Scan saved at 22:41:03, on 24/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\Office\1036\wfxmsrvr.exe
      C:\WINDOWS\msagent\AgentSvr.exe
      C:\PROGRA~1\MICROS~4\Office\1036\OLFMOD32.EXE
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\MURIE\Bureau\CCM.exe\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    tu as renommé le fichier, il aurait fallu renommer l'executable, mais ce n'est pas très grave : il y a du vundo dans l'air ...

    Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

    http://www.atribune.org/ccount/click.php?id=4

    *Double-clique VundoFix.exe afin de le lancer.
    * Cochez Run VundoFix as a task.
    * l'outil va se fermer et s'ouvrir à nouveau : cliquez Ok
    * Cliquez sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
    * Une invite vous demandera supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * le PC va s'éteindre ("shutdown") : clique OK
    * Démarrez votre PC à nouveau
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    ++
    0
    1. Yann
       
      De retour et motivé, voici la suite :

      rapport Vundo :

      C:\WINDOWS\system32\awvtr.dll
      C:\WINDOWS\system32\rtvwa.ini

      rapport Hijackthis :

      Logfile of HijackThis v1.99.1
      Scan saved at 23:16:23, on 24/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\MURIE\Bureau\CCM.exe\HijackThis.exe
      C:\WINDOWS\system32\cidaemon.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: (no name) - {361CF4EE-24CA-4A45-9476-085D1F9A06CF} - C:\WINDOWS\system32\urqnkjh.dll
      O2 - BHO: (no name) - {59CA6513-5A5A-3FB4-D081-0BE271AEC009} - C:\WINDOWS\system32\sgpvqml.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {AE784354-305C-4584-9DB9-35837752A28E} - C:\WINDOWS\system32\awvtr.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: urqnkjh - C:\WINDOWS\SYSTEM32\urqnkjh.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

      merci !
      0
    2. Yann
       
      J'ai oublié de vous signaler un message d'erreur vu lors du redémarrage de la machine :

      "erreur de chargement de :
      C:\Documents and settings\MURIE\Localm Settings\Application Data\maslapn.dll
      Le module spécifié est introuvable"
      0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok

    relance vundofix et clic sur remouve vundo; poste le rapport ainsi qu'un nouveau hijack stp

    ++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    pas grave !

    continue !

    ++
    0
    1. Yann
       
      Suite :


      VundoFix V6.3.9

      Checking Java version...

      Java version is 1.5.0.9

      Scan started at 22:53:09 24/02/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\awvtr.dll
      C:\WINDOWS\system32\rtvwa.ini

      VundoFix V6.3.9

      Checking Java version...

      Java version is 1.5.0.9

      Scan started at 23:00:01 24/02/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\awvtr.dll
      C:\WINDOWS\system32\rtvwa.ini

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\awvtr.dll
      C:\WINDOWS\system32\awvtr.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\rtvwa.ini
      C:\WINDOWS\system32\rtvwa.ini Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.9

      Checking Java version...

      Java version is 1.5.0.9

      Scan started at 23:26:44 24/02/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\hjkmp.ini
      C:\WINDOWS\system32\pmkjh.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\hjkmp.ini
      C:\WINDOWS\system32\hjkmp.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\pmkjh.dll
      C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\pmkjh.dll
      C:\WINDOWS\system32\pmkjh.dll Has been deleted!

      Performing Repairs to the registry.
      Done!


      Hijackthis :


      Logfile of HijackThis v1.99.1
      Scan saved at 23:43:56, on 24/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\MURIE\Bureau\CCM.exe\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: (no name) - {361CF4EE-24CA-4A45-9476-085D1F9A06CF} - C:\WINDOWS\system32\urqnkjh.dll
      O2 - BHO: (no name) - {59CA6513-5A5A-3FB4-D081-0BE271AEC009} - C:\WINDOWS\system32\sgpvqml.dll
      O2 - BHO: (no name) - {732FFB66-67CF-4AF3-B466-774935A94C3F} - C:\WINDOWS\system32\pmkjh.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {AE784354-305C-4584-9DB9-35837752A28E} - C:\WINDOWS\system32\awvtr.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: urqnkjh - C:\WINDOWS\SYSTEM32\urqnkjh.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

      Est-ce normal que plus on avance, plus l'ordi rame ?!
      0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ouep ! un peu normal que ça rame !

    télécharge l2mfix ici:
    http://www.downloads.subratam.org/l2mfix.exe
    Double-cliquer sur l2mfix.exe pour lancer l'extraction
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
    Le bloc note va s'ouvrir avec le rsultat du scan.copie/colles le rapport ici

    ensuite :

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis

    la suite : demain ;-)

    @+
    0
    1. Yann
       
      La suite tant bien que mal, car je suis loin d'etre un pro en informatique ...


      L2MFIX find log 051206
      These are the registry keys present
      **********************************************************************************
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqnkjh]
      "Asynchronous"=dword:00000001
      "DllName"="urqnkjh.dll"
      "Impersonate"=dword:00000000
      "Logon"="Logon"
      "Logoff"="Logoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vturo]
      "Asynchronous"=dword:00000001
      "DllName"="C:\\WINDOWS\\system32\\vturo.dll"
      "Impersonate"=dword:00000000
      "Startup"="SysLogon"
      "Logoff"="SysLogoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      **********************************************************************************
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "SV1"=""

      **********************************************************************************
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
      "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
      "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
      "{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
      "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
      "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
      "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
      "{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
      "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
      "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
      "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
      "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
      "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
      "{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
      "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
      "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

      **********************************************************************************
      HKEY ROOT CLASSIDS:
      **********************************************************************************
      Files Found are not all bad files:

      C:\WINDOWS\SYSTEM32\
      divx.dll Thu 1 Feb 2007 5:56:06 A.... 639 066 624,09 K
      divxwm~1.dll Tue 12 Dec 2006 17:24:44 A.... 12 288 12,00 K
      divx_x~1.dll Thu 1 Feb 2007 5:56:06 A.... 823 296 804,00 K
      divx_x~2.dll Thu 1 Feb 2007 5:56:08 A.... 823 296 804,00 K
      divx_x~3.dll Thu 1 Feb 2007 5:56:06 A.... 802 816 784,00 K
      dpl100.dll Tue 30 Jan 2007 5:56:58 A.... 73 728 72,00 K
      dpu10.dll Tue 30 Jan 2007 5:56:54 A.... 294 912 288,00 K
      dpu11.dll Tue 30 Jan 2007 5:56:54 A.... 294 912 288,00 K
      dpugui10.dll Tue 30 Jan 2007 5:56:56 A.... 53 248 52,00 K
      dpugui11.dll Tue 30 Jan 2007 5:56:54 A.... 593 920 580,00 K
      dpus11.dll Tue 30 Jan 2007 5:56:54 A.... 344 064 336,00 K
      dpv11.dll Tue 30 Jan 2007 5:56:54 A.... 57 344 56,00 K
      dtu100.dll Tue 30 Jan 2007 5:56:58 A.... 196 608 192,00 K
      elbycdio.dll Wed 13 Dec 2006 21:24:44 A.... 89 296 87,20 K
      geebx.dll Sat 24 Feb 2007 23:49:26 ..SH. 281 652 275,05 K
      geeda.dll Sat 24 Feb 2007 23:49:10 ..... 281 652 275,05 K
      libdivx.dll Tue 30 Jan 2007 6:03:28 A.... 1 044 480 1020,00 K
      px.dll Tue 30 Jan 2007 6:03:36 ..... 527 096 514,74 K
      pxafs.dll Tue 30 Jan 2007 6:03:36 ..... 129 784 126,74 K
      pxdrv.dll Tue 30 Jan 2007 6:03:36 ..... 502 520 490,74 K
      pxmas.dll Tue 30 Jan 2007 6:03:36 ..... 183 032 178,74 K
      pxsfs.dll Tue 30 Jan 2007 6:03:36 ..... 1 329 912 1,27 M
      pxwave.dll Tue 30 Jan 2007 6:03:36 ..... 379 640 370,74 K
      qt-dx331.dll Tue 30 Jan 2007 6:03:42 A.... 3 596 288 3,43 M
      sgpvqml.dll Fri 23 Feb 2007 22:53:32 A.... 57 856 56,50 K
      ssldivx.dll Tue 30 Jan 2007 6:03:28 A.... 200 704 196,00 K
      urqnkjh.dll Fri 23 Feb 2007 22:53:34 ..SH. 26 637 26,01 K
      vturo.dll Sat 24 Feb 2007 23:49:20 ..SH. 281 652 275,05 K
      vxblock.dll Tue 30 Jan 2007 6:03:36 ..... 39 672 38,74 K

      29 items found: 29 files (3 H/S), 0 directories.
      Total of file sizes: 13 961 371 bytes 13,31 M
      Locate .tmp files:

      C:\WINDOWS\SYSTEM32\
      mcrh.tmp Sat 24 Feb 2007 0:37:30 A.... 143 0,14 K

      1 item found: 1 file, 0 directories.
      Total of file sizes: 143 bytes 0,14 K
      **********************************************************************************
      Directory Listing of system files:
      Le volume dans le lecteur C n'a pas de nom.
      Le num‚ro de s‚rie du volume est 48DE-ABDD

      R‚pertoire de C:\WINDOWS\System32

      24/02/2007 23:57 495 orutv.ini
      24/02/2007 23:49 353 xbeeg.ini
      24/02/2007 23:49 281ÿ652 geebx.dll
      24/02/2007 23:49 281ÿ652 vturo.dll
      23/02/2007 23:00 353 orqss.ini
      23/02/2007 22:53 26ÿ637 urqnkjh.dll
      07/02/2007 19:36 <REP> dllcache
      02/10/2006 05:19 3ÿ350 KGyGaAvL.sys
      01/10/2006 07:56 88 A55F8F4B8C.sys
      21/11/2002 22:22 <REP> Microsoft
      8 fichier(s) 594ÿ580 octets
      2 R‚p(s) 23ÿ067ÿ054ÿ080 octets libres




      SDFix: Version 1.68

      Run by MURIE - 25/02/2007 @ 0:09:58.07

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\Documents and Settings\MURIE\Bureau\SDFix\SDFix

      Safe Mode:
      Checking Services:

      Name:

      Path:


      Restoring Windows Registry Entries
      Restoring Default Hosts File


      Rebooting...

      Normal Mode:
      Checking Files:

      Below files will be copied to Backups folder then removed:

      C:\WINDOWS\system32\TFTP4484 - Deleted



      ADS Check:

      C:\WINDOWS\system32
      No streams found.


      Final Check:

      Remaining Services:
      ------------------


      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\prosys32.exe"="C:\\prosys32.exe:*:Enabled:prosys32"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\EA SPORTS\\Madden NFL 2005\\updater.exe"="C:\\Program Files\\EA SPORTS\\Madden NFL 2005\\updater.exe:*:Enabled:Updater"
      "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
      "C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE"="C:\\Program Files\\Microsoft Office\\Office\\1036\\WFXMSRVR.EXE:*:Disabled:WFXMSRVR"
      "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
      "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9 crack.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9 crack.exe:*:Enabled:Microsoft Flight Simulator"
      "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
      "C:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"="C:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe:*:Enabled:ivapnetint"
      "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


      Remaining Files:
      ---------------

      Backups Folder: - C:\DOCUME~1\MURIE\Bureau\SDFix\SDFix\backups\backups.zip


      Checking For Files with Hidden Attributes :

      C:\WINDOWS\system32\geebx.dll
      C:\WINDOWS\system32\urqnkjh.dll
      C:\WINDOWS\system32\vturo.dll
      C:\Documents and Settings\MURIE\Mes documents\Fichiers Flight Simulator\Avions\Concorde\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Extras\Kochcorde-Fs2002.exe
      C:\Documents and Settings\MURIE\Mes documents\Fichiers Flight Simulator\Avions\Concorde\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Extras\Kochcorde-Fs9.exe
      C:\Documents and Settings\MURIE\Mes documents\Fichiers Flight Simulator\Avions\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Extras\Kochcorde-Fs2002.exe
      C:\Documents and Settings\MURIE\Mes documents\Fichiers Flight Simulator\Avions\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Extras\Kochcorde-Fs9.exe
      C:\Program Files\Microsoft Games\Flight Simulator 9\Aircraft\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Extras\Kochcorde-Fs2002.exe
      C:\Program Files\Microsoft Games\Flight Simulator 9\Aircraft\Concorde For Microsoft Flight Simulator series FS2002 & FS2004\Extras\Kochcorde-Fs9.exe
      C:\WINDOWS\system32\bjln.exe
      C:\WINDOWS\system32\bndhrq.exe
      C:\WINDOWS\system32\A55F8F4B8C.sys
      C:\WINDOWS\system32\KGyGaAvL.sys
      C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
      C:\Documents and Settings\MURIE\Application Data\Microsoft\Word\~WRL0004.tmp
      C:\Documents and Settings\MURIE\Application Data\Microsoft\Word\~WRL0427.tmp
      C:\Documents and Settings\MURIE\Application Data\Microsoft\Word\~WRL0785.tmp
      C:\Documents and Settings\MURIE\Application Data\Microsoft\Word\~WRL1767.tmp
      C:\Program Files\Google\BIT50.tmp
      C:\Program Files\InterActual\InterActual Player\iti1.tmp
      C:\WINDOWS\system32\config\default.tmp.LOG
      C:\WINDOWS\system32\config\software.tmp.LOG
      C:\WINDOWS\system32\config\system.tmp.LOG

      Add/Remove Programs List:

      Commande ECHO d‚sactiv‚e.
      EA SPORTS online 2005
      Adobe Acrobat 4.0, 5.0
      Plus! MP3 Audio Converter LE
      avast! Antivirus
      AVG Anti-Spyware 7.5
      CCleaner (remove only)
      CloneCD
      Microsoft Combat Flight Simulator 3.0
      Copy Utility
      eJay Special Edition 2 - Deinstallation
      DASSAULT FALCON 50
      Data Access Objects (DAO) 3.5
      DivX Content Uploader
      DVD Shrink 3.2
      eMule
      Microsoft Fighter Ace II
      Microsoft Flight Simulator 2004 Un siŠcle d'aviation
      Furnish Pro
      HijackThis 1.99.1
      Hijackthis Version Fran‡aise
      HP Document Viewer 7.0
      HP Imaging Device Functions 7.0
      HP Photosmart Premier Software 6.5
      HP Solution Center 7.0
      HP Customer Participation Program 7.0
      OCR Software by I.R.I.S 7.0
      InCD (ahead software)
      Canon Utilities EOS Capture 1.3
      Canon Utilities PhotoStitch 3.1
      Canon RemoteCapture Task for ZoomBrowser EX
      Canon EOS Kiss_N REBEL_XT 350D Pilote WIA
      Canon Camera Support Core Library
      Canon Utilities Digital Photo Professional 1.6.1
      Canon Camera Window DS for ZoomBrowser EX
      QuickTime
      Canon Internet Library for ZoomBrowser EX
      Canon RAW Image Task for ZoomBrowser EX
      Canon Camera Window DVC for ZoomBrowser EX
      Canon Camera Window for ZoomBrowser EX
      InterActual Player
      InterBase 6 Open Edition - 6.0.2.0
      IrfanView (remove only)
      IvAe v0.8.6 + Data Update November 2006
      IvAp v1.3.4 (b1842)
      Correctif Windows XP - KB873339
      Correctif Windows XP - KB885835
      Correctif Windows XP - KB885836
      Correctif Windows XP - KB886185
      Correctif Windows XP - KB887472
      Correctif Windows XP - KB888302
      Correctif Windows XP - KB890859
      Correctif Windows XP - KB891781
      Koch Media Ltd Fly through the decades - Concorde FS2004 Version 2.1.0
      Language Pack for Ad-aware 6
      Librairies 2.7.5
      Look 'n' Stop 1.04 Beta 01
      Mozilla Firefox (1.5)
      Mozilla Thunderbird (1.5)
      Media Library Management Wizard
      Microsoft Compression Client Pack 1.0 for Windows XP
      Compl‚ment MSN pour Windows Messenger
      MTL v2.0.1
      Multimedia Keyboard Driver
      Navigation 2.7
      NeroMediaPlayer
      NVIDIA Display Driver
      PCI Audio Applications
      PCI Audio Driver
      Personal Antispy
      Pixie 1.4.1
      PowerDVD
      Registry Mechanic 6.0
      Shockwave
      Adobe Flash Player 9 ActiveX
      SideWinder Force Feedback 2
      Skype 3.0
      Aero - QCM
      TeamSpeak 2 RC2
      Skype add-on for IE
      SmartUSB56 Voice Modem
      Winamp (remove only)
      Lecteur Windows Mediaÿ11
      WinISO 5.3
      Archiveur WinRAR
      Windows Media Bonus Pack for Windows XP
      Microsoft User-Mode Driver Framework Feature Pack 1.0
      Yahoo! Anti-Spy
      Yahoo! Toolbar avec bloqueur de fenˆtres pop-up
      Yahoo! Toolbar
      Yahoo! Install Manager
      Microsoft Office 2000 Professional
      Logiciel iTouch de Logitech
      SlideShow
      cp_OnlineProjectsConfig
      EOS Capture 1.3
      AutoUpdate
      A310-300 The Master's Edition
      PhotoStitch
      Google Toolbar for Internet Explorer
      HPPhotoSmartExpress
      RemoteCapture Task 1.1
      Sonic_PrimoSDK
      FSNavigator
      J2SE Runtime Environment 5.0 Update 9
      J2SE Runtime Environment 5.0 Update 10
      SkinsHP1
      Canon Camera WIA Driver
      PanoStandAlone
      Skype Plugin Manager
      Google Earth
      DAEMON Tools
      CP_Package_Basic1
      BufferChm
      SAGEM F@st 800-840
      HPProductAssistant
      FullDPAppQFolder
      Camera Support Core Library
      Logitech MouseWare 9.42 .1
      WebReg
      RandMap
      eSupportQFolder
      FotoStation Easy
      PowerDVD
      AiOSoftwareNPI
      Toolbox
      CustomerResearchQFolder
      Readme
      Madden NFL 06
      Canon Utilities Digital Photo Professional 1.6.1
      DivX Codec
      Camera Window DS
      DocumentViewerQFolder
      ProductContextNPI
      Status
      Canon PhotoRecord
      DocProcQFolder
      DocProc
      DivX Player
      Unload
      Logitech Desktop Messenger
      QuickTime
      Internet Library
      CounterSpy
      ScannerCopy
      Microsoft .NET Framework 1.1 French Language Pack
      RAW Image Task 2.0
      InstantShareDevices
      Camera Window DVC
      DeviceManagementQFolder
      Adobe Reader 7.0.7 - Fran‡ais
      DivX Converter
      cp_PosterPrintConfig
      CueTour
      CP_Panorama1Config
      DivX Web Player
      HP Software Update
      HP Photosmart, Officejet and Deskjet 7.0.A
      PhotoGallery
      Canon ZoomBrowser EX
      SolutionCenter
      AiO_Scan_CDA
      Microsoft .NET Framework 1.1
      MTX MotoTrax
      Paint Shop Pro 7
      TrayApp
      MarketResearch
      Camera Window MC
      ScanToWeb
      CP_CalendarTemplates1
      InstantShareDevicesMFC
      Scan
      WinPhone
      Fax_CDA
      Logitech Gaming Software
      Destinations
      NewCopy_CDA
      DocumentViewer
      ACE Mega CoDecS Pack

      Finished


      Logfile of HijackThis v1.99.1
      Scan saved at 00:37:06, on 25/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\CounterSpy.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Microsoft Office\Office\WINWORD.EXE
      C:\WINDOWS\msagent\AgentSvr.exe
      C:\Documents and Settings\MURIE\Bureau\CCM.exe\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe



      merci et à demain pour la suite
      0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    suite :

    Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
    - Double-cliquer sur l2mfix.bat ;
    - Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
    - A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
    => Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

    ensuite reposte un nouveau hijackthis stp

    ++
    0
    1. yann
       
      Je ne suis pas sur d'executer le bon fichier donc je préfère dans le doute te proposer les différents choix dont je dispose en explorant l2mfix, afin que tu puisses me guider précisemment :

      backregs
      dlls
      regfixes
      direct
      fixautont.html
      keypress
      l2mfix
      locate
      not
      Ntrights
      pv
      pv
      readme
      report
      restart
      second
      strings
      zip

      Merci
      0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    choisis l2mfix.bat , le même qui t'as permis de faire le 1er rapport

    ++
    0
    1. yann
       
      L2mfix 051206
      Creating Account.
      La commande s'est termin‚e correctement.

      Adding Administrative privleges.
      Checking for L2MFix account(0=no 1=yes):
      1
      Granting SeDebugPrivilege to L2MFIX ... successful

      Running From:
      C:\WINDOWS\system32

      Killing Processes!
      Killing 'smss.exe'
      \SystemRoot\System32\smss.exe (468)
      Killing 'winlogon.exe'
      winlogon.exe (540)
      Killing 'explorer.exe'
      C:\WINDOWS\Explorer.EXE (3532)
      Killing 'rundll32.exe'
      Restoring Sedebugprivilege:
      Granting SeDebugPrivilege to Administrateurs ... successful

      Scanning First Pass. Please Wait!

      First Pass Completed

      Second Pass Scanning

      Second pass Completed!



      Restoring Windows Update Certificates.:

      The following Is the Current Export of the Winlogon notify key:
      ****************************************************************************
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqnkjh]
      "Asynchronous"=dword:00000001
      "DllName"="urqnkjh.dll"
      "Impersonate"=dword:00000000
      "Logon"="Logon"
      "Logoff"="Logoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vturo]
      "Asynchronous"=dword:00000001
      "DllName"="C:\\WINDOWS\\system32\\vturo.dll"
      "Impersonate"=dword:00000000
      "Startup"="SysLogon"
      "Logoff"="SysLogoff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001


      The following are the files found:
      ****************************************************************************

      Registry Entries that were Deleted:
      Please verify that the listing looks ok.
      If there was something deleted wrongly there are backups in the backreg folder.
      ****************************************************************************
      REGEDIT4

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      REGEDIT4

      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "SV1"=""
      ****************************************************************************
      Desktop.ini Contents:
      ****************************************************************************

      ****************************************************************************
      Checking for L2MFix account(0=no 1=yes):
      0
      Zipping up files for submission:
      zip warning: name not matched: dlls\*.*

      zip error: Nothing to do! (backup.zip)
      adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
      adding: backregs/shell.reg (164 bytes security) (deflated 73%)




      Logfile of HijackThis v1.99.1
      Scan saved at 18:31:15, on 25/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\notepad.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\CounterSpy.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: (no name) - {361CF4EE-24CA-4A45-9476-085D1F9A06CF} - C:\WINDOWS\system32\urqnkjh.dll (file missing)
      O2 - BHO: (no name) - {59CA6513-5A5A-3FB4-D081-0BE271AEC009} - C:\WINDOWS\system32\sgpvqml.dll
      O2 - BHO: (no name) - {732FFB66-67CF-4AF3-B466-774935A94C3F} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {AE784354-305C-4584-9DB9-35837752A28E} - (no file)
      O2 - BHO: (no name) - {BC982BD9-F174-42CE-9813-7E3802064153} - C:\WINDOWS\system32\vturo.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: urqnkjh - urqnkjh.dll (file missing)
      O20 - Winlogon Notify: vturo - C:\WINDOWS\system32\vturo.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


      merci
      0
  10. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok,

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    ensuite remets un nouveau hijack stp

    @+
    0
    1. yann
       
      Pas vu l'écran bleu + erreur fatale, voici la suite :


      [02/25/2007, 18:50:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\MURIE\Bureau\VirtumundoBeGone.exe" )
      [02/25/2007, 18:51:04] - Detected System Information:
      [02/25/2007, 18:51:04] - Windows Version: 5.1.2600, Service Pack 2
      [02/25/2007, 18:51:04] - Current Username: MURIE (Admin)
      [02/25/2007, 18:51:04] - Windows is in NORMAL mode.
      [02/25/2007, 18:51:04] - Searching for Browser Helper Objects:
      [02/25/2007, 18:51:04] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [02/25/2007, 18:51:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [02/25/2007, 18:51:04] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [02/25/2007, 18:51:04] - BHO 4: {361CF4EE-24CA-4A45-9476-085D1F9A06CF} ()
      [02/25/2007, 18:51:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:04] - Checking for HKLM\...\Winlogon\Notify\urqnkjh
      [02/25/2007, 18:51:04] - Found: HKLM\...\Winlogon\Notify\urqnkjh - This is probably Virtumundo.
      [02/25/2007, 18:51:04] - Assigning {361CF4EE-24CA-4A45-9476-085D1F9A06CF} MSEvents Object
      [02/25/2007, 18:51:04] - BHO list has been changed! Starting over...
      [02/25/2007, 18:51:04] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [02/25/2007, 18:51:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [02/25/2007, 18:51:04] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [02/25/2007, 18:51:04] - BHO 4: {361CF4EE-24CA-4A45-9476-085D1F9A06CF} (MSEvents Object)
      [02/25/2007, 18:51:04] - ALERT: Found MSEvents Object!
      [02/25/2007, 18:51:04] - BHO 5: {59CA6513-5A5A-3FB4-D081-0BE271AEC009} ()
      [02/25/2007, 18:51:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:04] - Checking for HKLM\...\Winlogon\Notify\sgpvqml
      [02/25/2007, 18:51:04] - Key not found: HKLM\...\Winlogon\Notify\sgpvqml, continuing.
      [02/25/2007, 18:51:04] - BHO 6: {732FFB66-67CF-4AF3-B466-774935A94C3F} ()
      [02/25/2007, 18:51:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:04] - No filename found. Continuing.
      [02/25/2007, 18:51:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [02/25/2007, 18:51:04] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [02/25/2007, 18:51:04] - BHO 9: {AE784354-305C-4584-9DB9-35837752A28E} ()
      [02/25/2007, 18:51:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:05] - No filename found. Continuing.
      [02/25/2007, 18:51:05] - BHO 10: {BC982BD9-F174-42CE-9813-7E3802064153} ()
      [02/25/2007, 18:51:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:05] - Checking for HKLM\...\Winlogon\Notify\vturo
      [02/25/2007, 18:51:05] - Found: HKLM\...\Winlogon\Notify\vturo - This is probably Virtumundo.
      [02/25/2007, 18:51:05] - Assigning {BC982BD9-F174-42CE-9813-7E3802064153} MSEvents Object
      [02/25/2007, 18:51:05] - BHO list has been changed! Starting over...
      [02/25/2007, 18:51:05] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [02/25/2007, 18:51:05] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [02/25/2007, 18:51:05] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [02/25/2007, 18:51:05] - BHO 4: {361CF4EE-24CA-4A45-9476-085D1F9A06CF} (MSEvents Object)
      [02/25/2007, 18:51:05] - ALERT: Found MSEvents Object!
      [02/25/2007, 18:51:05] - BHO 5: {59CA6513-5A5A-3FB4-D081-0BE271AEC009} ()
      [02/25/2007, 18:51:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:05] - Checking for HKLM\...\Winlogon\Notify\sgpvqml
      [02/25/2007, 18:51:05] - Key not found: HKLM\...\Winlogon\Notify\sgpvqml, continuing.
      [02/25/2007, 18:51:05] - BHO 6: {732FFB66-67CF-4AF3-B466-774935A94C3F} ()
      [02/25/2007, 18:51:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:05] - No filename found. Continuing.
      [02/25/2007, 18:51:05] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [02/25/2007, 18:51:05] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [02/25/2007, 18:51:05] - BHO 9: {AE784354-305C-4584-9DB9-35837752A28E} ()
      [02/25/2007, 18:51:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:05] - No filename found. Continuing.
      [02/25/2007, 18:51:05] - BHO 10: {BC982BD9-F174-42CE-9813-7E3802064153} (MSEvents Object)
      [02/25/2007, 18:51:05] - ALERT: Found MSEvents Object!
      [02/25/2007, 18:51:05] - Finished Searching Browser Helper Objects
      [02/25/2007, 18:51:05] - *** Detected MSEvents Object
      [02/25/2007, 18:51:05] - Trying to remove MSEvents Object...
      [02/25/2007, 18:51:06] - Terminating Process: IEXPLORE.EXE
      [02/25/2007, 18:51:07] - Terminating Process: RUNDLL32.EXE
      [02/25/2007, 18:51:07] - Disabling Automatic Shell Restart
      [02/25/2007, 18:51:07] - Terminating Process: EXPLORER.EXE
      [02/25/2007, 18:51:07] - Suspending the NT Session Manager System Service
      [02/25/2007, 18:51:07] - Terminating Windows NT Logon/Logoff Manager
      [02/25/2007, 18:51:08] - Re-enabling Automatic Shell Restart
      [02/25/2007, 18:51:08] - File to disable: C:\WINDOWS\system32\urqnkjh.dll
      [02/25/2007, 18:51:08] - Removing HKLM\...\Browser Helper Objects\{361CF4EE-24CA-4A45-9476-085D1F9A06CF}
      [02/25/2007, 18:51:08] - Removing HKCR\CLSID\{361CF4EE-24CA-4A45-9476-085D1F9A06CF}
      [02/25/2007, 18:51:08] - Adding Kill Bit for ActiveX for GUID: {361CF4EE-24CA-4A45-9476-085D1F9A06CF}
      [02/25/2007, 18:51:08] - Deleting ATLEvents/MSEvents Registry entries
      [02/25/2007, 18:51:08] - Removing HKLM\...\Winlogon\Notify\urqnkjh
      [02/25/2007, 18:51:08] - Searching for Browser Helper Objects:
      [02/25/2007, 18:51:08] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [02/25/2007, 18:51:08] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [02/25/2007, 18:51:08] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [02/25/2007, 18:51:08] - BHO 4: {59CA6513-5A5A-3FB4-D081-0BE271AEC009} ()
      [02/25/2007, 18:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:08] - Checking for HKLM\...\Winlogon\Notify\sgpvqml
      [02/25/2007, 18:51:08] - Key not found: HKLM\...\Winlogon\Notify\sgpvqml, continuing.
      [02/25/2007, 18:51:08] - BHO 5: {732FFB66-67CF-4AF3-B466-774935A94C3F} ()
      [02/25/2007, 18:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:08] - No filename found. Continuing.
      [02/25/2007, 18:51:08] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [02/25/2007, 18:51:08] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [02/25/2007, 18:51:08] - BHO 8: {AE784354-305C-4584-9DB9-35837752A28E} ()
      [02/25/2007, 18:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:08] - No filename found. Continuing.
      [02/25/2007, 18:51:08] - BHO 9: {BC982BD9-F174-42CE-9813-7E3802064153} (MSEvents Object)
      [02/25/2007, 18:51:08] - ALERT: Found MSEvents Object!
      [02/25/2007, 18:51:08] - Finished Searching Browser Helper Objects
      [02/25/2007, 18:51:08] - *** Detected MSEvents Object
      [02/25/2007, 18:51:08] - Trying to remove MSEvents Object...
      [02/25/2007, 18:51:09] - Terminating Process: IEXPLORE.EXE
      [02/25/2007, 18:51:09] - Terminating Process: RUNDLL32.EXE
      [02/25/2007, 18:51:09] - Disabling Automatic Shell Restart
      [02/25/2007, 18:51:09] - Terminating Process: EXPLORER.EXE
      [02/25/2007, 18:51:09] - Suspending the NT Session Manager System Service
      [02/25/2007, 18:51:09] - Terminating Windows NT Logon/Logoff Manager
      [02/25/2007, 18:51:10] - Re-enabling Automatic Shell Restart
      [02/25/2007, 18:51:10] - File to disable: C:\WINDOWS\system32\vturo.dll
      [02/25/2007, 18:51:10] - Renaming C:\WINDOWS\system32\vturo.dll -> C:\WINDOWS\system32\vturo.dll.vir
      [02/25/2007, 18:51:10] - File successfully renamed!
      [02/25/2007, 18:51:10] - Removing HKLM\...\Browser Helper Objects\{BC982BD9-F174-42CE-9813-7E3802064153}
      [02/25/2007, 18:51:10] - Removing HKCR\CLSID\{BC982BD9-F174-42CE-9813-7E3802064153}
      [02/25/2007, 18:51:10] - Adding Kill Bit for ActiveX for GUID: {BC982BD9-F174-42CE-9813-7E3802064153}
      [02/25/2007, 18:51:10] - Deleting ATLEvents/MSEvents Registry entries
      [02/25/2007, 18:51:10] - Removing HKLM\...\Winlogon\Notify\vturo
      [02/25/2007, 18:51:10] - Searching for Browser Helper Objects:
      [02/25/2007, 18:51:10] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
      [02/25/2007, 18:51:10] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [02/25/2007, 18:51:10] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [02/25/2007, 18:51:10] - BHO 4: {59CA6513-5A5A-3FB4-D081-0BE271AEC009} ()
      [02/25/2007, 18:51:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:10] - Checking for HKLM\...\Winlogon\Notify\sgpvqml
      [02/25/2007, 18:51:10] - Key not found: HKLM\...\Winlogon\Notify\sgpvqml, continuing.
      [02/25/2007, 18:51:10] - BHO 5: {732FFB66-67CF-4AF3-B466-774935A94C3F} ()
      [02/25/2007, 18:51:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:10] - No filename found. Continuing.
      [02/25/2007, 18:51:10] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [02/25/2007, 18:51:10] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [02/25/2007, 18:51:10] - BHO 8: {AE784354-305C-4584-9DB9-35837752A28E} ()
      [02/25/2007, 18:51:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [02/25/2007, 18:51:10] - No filename found. Continuing.
      [02/25/2007, 18:51:10] - Finished Searching Browser Helper Objects
      [02/25/2007, 18:51:10] - Finishing up...
      [02/25/2007, 18:51:10] - A restart is needed.
      [02/25/2007, 18:51:25] - Attempting to Restart via STOP error (Blue Screen!)



      Logfile of HijackThis v1.99.1
      Scan saved at 18:56:08, on 25/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: (no name) - {59CA6513-5A5A-3FB4-D081-0BE271AEC009} - C:\WINDOWS\system32\sgpvqml.dll
      O2 - BHO: (no name) - {732FFB66-67CF-4AF3-B466-774935A94C3F} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {AE784354-305C-4584-9DB9-35837752A28E} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


      merci
      0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    ok, refais les manips de ce lien stp :

    virus methode preliminaire de desinfection version fr

    ++
    0
    1. yann
       
      Voilà pour la suite, et merci encore pour ton aide :

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 20:54:43 25/02/2007

      + Résultat de l'analyse:



      C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP125\A0040507.dll -> Adware.Virtumonde : Aucune action entreprise.


      Fin du rapport




      BitDefender Online Scanner



      Scan report generated at: Sat, Feb 24, 2007 - 19:36:46





      Scan path: A:\;C:\;D:\;E:\;F:\;







      Statistics

      Time
      03:02:27

      Files
      435055

      Folders
      9101

      Boot Sectors
      2

      Archives
      8833

      Packed Files
      39185




      Results

      Identified Viruses
      2

      Infected Files
      6

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      4




      Engines Info

      Virus Definitions
      393347

      Engine build
      AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

      Scan plugins
      14

      Archive plugins
      38

      Unpack plugins
      6

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll
      Infected with: Trojan.Obfus.Gen

      C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll
      Disinfection failed

      C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll
      Deleted

      C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039846.dll
      Infected with: Trojan.Obfus.Gen

      C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039846.dll
      Disinfection failed

      C:\System Volume Information\_restore{00BE5197-B72C-459C-A716-FDEBB40EFA97}\RP124\A0039846.dll
      Deleted

      C:\WINDOWS\system32\awvtr.dll
      Infected with: MemScan:Trojan.Vundo.AF

      C:\WINDOWS\system32\awvtr.dll
      Disinfection failed

      C:\WINDOWS\system32\awvtr.dll
      Delete failed

      C:\WINDOWS\system32\maslapn.dll
      Infected with: Trojan.Obfus.Gen

      C:\WINDOWS\system32\maslapn.dll
      Disinfection failed

      C:\WINDOWS\system32\maslapn.dll
      Deleted

      C:\WINDOWS\system32\setupapi.dll
      Clean

      C:\WINDOWS\system32\setupdll.dll
      Clean

      C:\WINDOWS\system32\setver.exe
      Clean

      C:\WINDOWS\system32\sfc.dll
      Clean

      C:\WINDOWS\system32\sfc.exe
      Clean

      C:\WINDOWS\system32\sfcfiles.dll
      Clean

      C:\WINDOWS\system32\sfc_os(3).dll
      Clean

      C:\WINDOWS\system32\sfc_os.dll
      Clean

      C:\WINDOWS\system32\sfmapi.dll
      Clean

      C:\WINDOWS\system32\sgpvqml.dll
      Infected with: Trojan.Obfus.Gen

      C:\WINDOWS\system32\sgpvqml.dll
      Infected with: Trojan.Obfus.Gen

      C:\WINDOWS\system32\sgpvqml.dll
      Disinfection failed

      C:\WINDOWS\system32\sgpvqml.dll
      Disinfection failed

      C:\WINDOWS\system32\sgpvqml.dll
      Delete failed

      C:\WINDOWS\system32\sgpvqml.dll
      Delete failed

      C:\WINDOWS\system32\shadow.exe
      Clean

      C:\WINDOWS\system32\share.exe
      Clean

      C:\WINDOWS\system32\shdoclc.dll
      Clean

      C:\WINDOWS\system32\shdocvw.dll
      Clean

      C:\WINDOWS\system32\shell.dll
      Clean

      C:\WINDOWS\system32\shell32(3).dll
      Clean

      C:\WINDOWS\system32\shell32.dll
      Clean

      C:\WINDOWS\system32\shellstyle.dll
      Clean

      C:\WINDOWS\system32\shfolder(2).dll
      Clean

      C:\WINDOWS\system32\shfolder.dll
      Clean

      C:\WINDOWS\system32\shgina.dll
      Clean

      C:\WINDOWS\system32\shiftjis.uce
      Clean

      C:\WINDOWS\system32\shimeng.dll
      Clean

      C:\WINDOWS\system32\shimgvw(2).dll
      Clean

      C:\WINDOWS\system32\shimgvw.dll
      Clean

      C:\WINDOWS\system32\shlwapi(3).dll
      Clean

      C:\WINDOWS\system32\shlwapi.dll
      Clean

      C:\WINDOWS\system32\shmedia.dll
      Clean

      C:\WINDOWS\system32\shmgrate.exe
      Clean

      C:\WINDOWS\system32\shrpubw.exe
      Clean

      C:\WINDOWS\system32\shscrap.dll
      Clean

      C:\WINDOWS\system32\shsvcs(3).dll
      Clean

      C:\WINDOWS\system32\shsvcs.dll
      Clean

      C:\WINDOWS\system32\shutdown.exe
      Clean

      C:\WINDOWS\system32\sigtab.dll
      Clean

      C:\WINDOWS\system32\sigverif.exe
      Clean

      C:\WINDOWS\system32\simpdata.tlb
      Clean

      C:\WINDOWS\system32\sisbkup.dll
      Clean

      C:\WINDOWS\system32\skdll.dll
      Clean

      C:\WINDOWS\system32\skeys.exe
      Clean

      C:\WINDOWS\system32\slayerxp.dll
      Clean

      C:\WINDOWS\system32\slbcsp.dll
      Clean

      C:\WINDOWS\system32\slbiop.dll
      Clean

      C:\WINDOWS\system32\slbrccsp.dll
      Clean

      C:\WINDOWS\system32\slcpappl.chm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#SYSTEM
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/SLCPAPPL.hhc
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/SLCPAPPL.hhk
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4701).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm=>(JAVASCRIPT 4)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4709).htm=>(JAVASCRIPT 5)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4703).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4702).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4707).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4706).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4410).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4402).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4403).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4404).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4405).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4406).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4708).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4710).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4704).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4705).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4407).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4004).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4010).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4002).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4005).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4003).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4006).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4007).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4408).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4409).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4401).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4008).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4009).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4001).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4109).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4101).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4502).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4510).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4503).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4504).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4505).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4506).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4110).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4102).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4103).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4104).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4105).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4106).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4107).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4108).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4610).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4307).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4308).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4309).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4301).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4507).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4508).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4509).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4501).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4310).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4602).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4302).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4303).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4304).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4305).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4306).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4605).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4810).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4802).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4803).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4804).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4805).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4806).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4807).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4808).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4604).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4606).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4607).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4608).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm=>(JAVASCRIPT 4)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4609).htm=>(JAVASCRIPT 5)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4601).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4603).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4209).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4201).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm=>(JAVASCRIPT 4)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4809).htm=>(JAVASCRIPT 5)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4801).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4206).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4208).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4207).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4901).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4902).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4210).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4202).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4203).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4204).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4205).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4907).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Simplified Chinese (4711).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Traditional Chinese (4811).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Dutch (4411).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/English (4011).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/French (4111).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/German (4511).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Italian (4311).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Japanese (4611).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4903).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4904).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4906).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4908).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4909).htm=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4910).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4905).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Korean (4911).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Spanish (4211).htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.htm
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/external.js
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#BSSC
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/SLCPAPPL.brs
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image001.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image002.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image003.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image004.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image005.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image006.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/Result Code Table.files/image007.gif
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#WINDOWS
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#IVB
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/$WWKeywordLinks/Property
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/$WWAssociativeLinks/Property
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/$OBJINST
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/$FIftiMain
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#IDXHDR
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#TOPICS
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#URLTBL
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#URLSTR
      Clean

      C:\WINDOWS\system32\slcpappl.chm=>/#STRINGS
      Clean

      C:\WINDOWS\system32\slcpappl.cpl
      Clean

      C:\WINDOWS\system32\slextspk.dll
      Clean

      C:\WINDOWS\system32\slserv.exe
      Clean

      C:\WINDOWS\system32\sl_anet.acm
      Clean

      C:\WINDOWS\system32\smbinst.exe
      Clean

      C:\WINDOWS\system32\smlogcfg.dll
      Clean

      C:\WINDOWS\system32\smlogsvc.exe
      Clean

      C:\WINDOWS\system32\SMMSCRPT.DLL
      Clean

      C:\WINDOWS\system32\SMMSETUP.DLL
      Clean

      C:\WINDOWS\system32\smss.exe
      Clean

      C:\WINDOWS\system32\sndrec32.exe
      Clean

      C:\WINDOWS\system32\sndvol32.exe
      Clean

      C:\WINDOWS\system32\snmpapi(2).dll
      Clean

      C:\WINDOWS\system32\snmpapi.dll
      Clean

      C:\WINDOWS\system32\snmpsnap.dll
      Clean

      C:\WINDOWS\system32\softpub.dll
      Clean

      C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\5.8.0.2469\wuapi.dll
      Clean

      C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\5.8.0.2694\wuapi.dll
      Clean

      C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll
      Clean

      C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2694\wups.dll
      Clean

      C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\5.8.0.2694\wups2.dll
      Clean

      C:\WINDOWS\system32\sol.exe
      Clean

      C:\WINDOWS\system32\sort.exe
      Clean

      C:\WINDOWS\system32\sortkey.nls
      Clean

      C:\WINDOWS\system32\sorttbls.nls
      Clean

      C:\WINDOWS\system32\sound.drv
      Clean

      C:\WINDOWS\system32\spider.exe
      Clean

      C:\WINDOWS\system32\spiisupd.exe
      Clean

      C:\WINDOWS\system32\spmsg.dll
      Clean

      C:\WINDOWS\system32\spnike.dll
      Clean

      C:\WINDOWS\system32\spnpinst.exe
      Clean

      C:\WINDOWS\system32\spool\drivers\color\AdobeRGB1998.icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\adod6522.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\appd6518.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\BetaRGB.icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\Diamond Compatible 9300K G2.2.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\ECI-RGB.V1.0.icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\European Print Medium GCR 320 UCR.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\Hitachi Compatible 9300K G2.2.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Prem Plus Photo(tricolor+black).icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Prem Plus Photo(tricolor+photo).icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Premium Paper(tricolor+black).icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP PS C3100_C4100-Premium Paper(tricolor+photo).icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP PS C4100-Prem Plus Photo(tricolor+gray).icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP PS C4100-Premium Paper(tricolor+gray).icc
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP500ND.ICM
      Clean

      C:\WINDOWS\system32\spool\drivers\color\HP500NG.ICM
      Clean

      C:\WINDOWS\system32\spool\drivers\color\is330.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\Kodak SWOP Proofer CMYK-Coated.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\NEC Compatible 9300K G2.2.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\color\Trinitron Compatible 9300K G2.2.icm
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\2\olfaxdrv.fad
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\2\olfdnt40.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\2\olfunt40.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac4103.BUD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac4103.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac4103.xml
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpac410a.ini
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpafax.gpd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpafax.ini
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpafax.xml
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpahc410.exp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpaiofax.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJ500C.BUD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJ500C.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJRES.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPk7hmlo.cfg
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPrbi85i.cfg
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPV600AL.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ200.HLP
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI=>(unicode)
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ670.BUD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ670.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ67X.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ6XX.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVIMG50.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVNAM50.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUD50.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUI50.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3a054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3m054.gpd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzar054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzcs054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzhc054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzht054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzda054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzde054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzen054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzes054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzfr054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzel054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzhe054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzit054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzja054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzko054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzhu054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpznl054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzno054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzpl054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzpt054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzru054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzsk054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzfi054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzsv054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzth054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpztr054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzhl054.cab=>hpzca054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsc054.dtd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsm054.gpd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzuifax.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\STDNAMES.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.HLP
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpac4103.gpd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpac4103.xml
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpac410a.ini
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpahc410.exp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpbcfgre.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpcdmc32.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpfie054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpfig054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpfrs054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpz3a054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpz3m054.gpd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpz3r054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzev054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzar054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzcs054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzhc054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzht054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzda054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzde054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzen054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzes054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzfr054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzel054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzhe054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzit054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzja054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzko054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzhu054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpznl054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzno054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzpl054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzpt054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzru054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzsk054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzfi054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzsv054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzth054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpztr054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzhl054.cab=>hpzca054.hlp
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzpr054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzsc054.dtd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzsm054.gpd
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzss054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzst054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\hpzui054.dll
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\STDNAMES.GPD
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIDRV.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIDRV.HLP
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIDRVUI.DLL
      Clean

      C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4100_s3698\UNIRES.DLL
      Clean

      C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
      Clean

      C:\WINDOWS\system32\spool\prtprocs\w32x86\OLFPNT40.DLL
      Clean

      C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll
      Clean

      C:\WINDOWS\system32\spoolss(2).dll
      Clean

      C:\WINDOWS\system32\spoolss.dll
      Clean

      C:\WINDOWS\system32\spoolsv.exe
      Clean

      C:\WINDOWS\system32\sprestrt.exe
      Clean

      C:\WINDOWS\system32\sprio600.dll
      Clean

      C:\WINDOWS\system32\sprio800.dll
      Clean

      C:\WINDOWS\system32\SPTBDOCK.OCX
      Clean

      C:\WINDOWS\system32\spupdsvc.exe
      Clean

      C:\WINDOWS\system32\spxcoins.dll
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#SYSTEM
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA.css
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Ex.css
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Print.css
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.css
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 1)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 2)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 3)
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/shared.js
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/caution.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coC.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coCb.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coE.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coEb.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/elle.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/important.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd_.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd_c.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto_.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto_c.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/note.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_c.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/spacer.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/tip.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/warning.gif
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/sqlsodbc.hhc
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#WINDOWS
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#IVB
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/$WWKeywordLinks/Property
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/$WWAssociativeLinks/Property
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/$OBJINST
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/$FIftiMain
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#IDXHDR
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#TOCIDX
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#TOPICS
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#URLTBL
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#URLSTR
      Clean

      C:\WINDOWS\system32\sqlsodbc.chm=>/#STRINGS
      Clean

      C:\WINDOWS\system32\sqlsrv32.dll
      Clean

      C:\WINDOWS\system32\sqlsrv32.rll
      Clean

      C:\WINDOWS\system32\sqlunirl.dll
      Clean

      C:\WINDOWS\system32\sqlwid.dll
      Clean

      C:\WINDOWS\system32\sqlwoa.dll
      Clean

      C:\WINDOWS\system32\srclient.dll
      Clean

      C:\WINDOWS\system32\srrstr.dll
      Clean

      C:\WINDOWS\system32\srsvc(3).dll
      Clean

      C:\WINDOWS\system32\srsvc.dll
      Clean

      C:\WINDOWS\system32\srvsvc.dll
      Clean

      C:\WINDOWS\system32\ss3dfo.scr
      Clean

      C:\WINDOWS\system32\ssbezier.scr
      Clean

      C:\WINDOWS\system32\ssdpapi(3).dll
      Clean

      C:\WINDOWS\system32\ssdpapi.dll
      Clean

      C:\WINDOWS\system32\ssdpsrv(3).dll
      Clean

      C:\WINDOWS\system32\ssdpsrv.dll
      Clean

      C:\WINDOWS\system32\ssflwbox.scr
      Clean

      C:\WINDOWS\system32\ssldivx.dll
      Clean

      C:\WINDOWS\system32\ssmarque.scr
      Clean

      C:\WINDOWS\system32\ssmypics.scr
      Clean

      C:\WINDOWS\system32\ssmyst.scr
      Clean

      C:\WINDOWS\system32\sspipes.scr
      Clean

      C:\WINDOWS\system32\ssqro.dll
      Infected with: MemScan:Trojan.Vundo.AF

      C:\WINDOWS\system32\ssqro.dll
      Infected with: MemScan:Trojan.Vundo.AF

      C:\WINDOWS\system32\ssqro.dll
      Disinfection failed

      C:\WINDOWS\system32\ssqro.dll
      Disinfection failed

      C:\WINDOWS\system32\ssqro.dll
      Deleted

      C:\WINDOWS\system32\ssqro.dll
      Deleted

      C:\WINDOWS\system32\ssstars.scr
      Clean

      C:\WINDOWS\system32\sstext3d.scr
      Clean

      C:\WINDOWS\system32\start.cdi
      Clean

      C:\WINDOWS\system32\stclient.dll
      Clean

      C:\WINDOWS\system32\STDOLE.TLB
      Clean

      C:\WINDOWS\system32\stdole2.tlb
      Clean

      C:\WINDOWS\system32\stdole32.tlb
      Clean

      C:\WINDOWS\system32\sti(2).dll
      Clean

      C:\WINDOWS\system32\sti.dll
      Clean

      C:\WINDOWS\system32\stimon.exe
      Clean

      C:\WINDOWS\system32\sti_ci.dll
      Clean

      C:\WINDOWS\system32\STKIT432.DLL
      Clean

      C:\WINDOWS\system32\stobject(2).dll
      Clean

      C:\WINDOWS\system32\stobject.dll
      Clean

      C:\WINDOWS\system32\storage.dll
      Clean

      C:\WINDOWS\system32\storprop.dll
      Clean

      C:\WINDOWS\system32\streamci.dll
      Clean

      C:\WINDOWS\system32\strmdll(2).dll
      Clean

      C:\WINDOWS\system32\strmdll.dll
      Clean

      C:\WINDOWS\system32\strmfilt.dll
      Clean

      C:\WINDOWS\system32\subrange.uce
      Clean

      C:\WINDOWS\system32\subst.exe
      Clean

      C:\WINDOWS\system32\svchost.exe
      Clean

      C:\WINDOWS\system32\svcpack.dll
      Clean

      C:\WINDOWS\system32\swpdflt2.dll
      Clean

      C:\WINDOWS\system32\swprv.dll
      Clean

      C:\WINDOWS\system32\sxs(3).dll
      Clean

      C:\WINDOWS\system32\sxs.dll
      Clean

      C:\WINDOWS\system32\SymStore.dll
      Clean

      C:\WINDOWS\system32\syncapp.exe
      Clean

      C:\WINDOWS\system32\synceng.dll
      Clean

      C:\WINDOWS\system32\syncui.dll
      Clean

      C:\WINDOWS\system32\sysdm.cpl
      Clean

      C:\WINDOWS\system32\sysedit.exe
      Clean

      C:\WINDOWS\system32\sysinv.dll
      Clean

      C:\WINDOWS\system32\syskey.exe
      Clean

      C:\WINDOWS\system32\sysmon.ocx
      Clean

      C:\WINDOWS\system32\sysocmgr.exe
      Clean

      C:\WINDOWS\system32\sysprint.sep
      Clean

      C:\WINDOWS\system32\sysprtj.sep
      Clean

      C:\WINDOWS\system32\syssetup.dll
      Clean

      C:\WINDOWS\system32\system.drv
      Clean

      C:\WINDOWS\system32\systeminfo.exe
      Clean

      C:\WINDOWS\system32\systray.exe
      Clean

      C:\WINDOWS\system32\t2embed.dll
      Clean

      C:\WINDOWS\system32\tabctl32.ocx
      Clean

      C:\WINDOWS\system32\tapi.dll
      Clean

      C:\WINDOWS\system32\tapi3.dll
      Clean

      C:\WINDOWS\system32\tapi32(3).dll
      Clean

      C:\WINDOWS\system32\tapi32.dll
      Clean

      C:\WINDOWS\system32\tapiperf.dll
      Clean

      C:\WINDOWS\system32\tapisrv(3).dll
      Clean

      C:\WINDOWS\system32\tapisrv.dll
      Clean

      C:\WINDOWS\system32\tapiui.dll
      Clean

      C:\WINDOWS\system32\taskkill.exe
      Clean

      C:\WINDOWS\system32\tasklist.exe
      Clean

      C:\WINDOWS\system32\taskman.exe
      Clean

      C:\WINDOWS\system32\taskmgr.exe
      Clean

      C:\WINDOWS\system32\tcmsetup.exe
      Clean

      C:\WINDOWS\system32\tcpmib.dll
      Clean

      C:\WINDOWS\system32\tcpmon.dll
      Clean

      C:\WINDOWS\system32\tcpmon.ini
      Clean

      C:\WINDOWS\system32\tcpmonui.dll
      Clean

      C:\WINDOWS\system32\tcpsvcs.exe
      Clean

      C:\WINDOWS\system32\tdc.ocx
      Clean

      C:\WINDOWS\system32\telephon.cpl
      Clean

      C:\WINDOWS\system32\telnet.exe
      Clean

      C:\WINDOWS\system32\termcap
      Clean

      C:\WINDOWS\system32\termmgr.dll
      Clean

      C:\WINDOWS\system32\termsrv(3).dll
      Clean

      C:\WINDOWS\system32\termsrv.dll
      Clean

      C:\WINDOWS\system32\tftp.exe
      Clean

      C:\WINDOWS\system32\TFTP4484
      Clean

      C:\WINDOWS\system32\themeui(2).dll
      Clean

      C:\WINDOWS\system32\themeui.dll
      Clean

      C:\WINDOWS\system32\timedate.cpl
      Clean

      C:\WINDOWS\system32\timer.drv
      Clean

      C:\WINDOWS\system32\TLBINF32.DLL
      Clean

      C:\WINDOWS\system32\tlntadmn.exe
      Clean

      C:\WINDOWS\system32\tlntsess.exe
      Clean

      C:\WINDOWS\system32\tlntsvr.exe
      Clean

      C:\WINDOWS\system32\tlntsvrp.dll
      Clean

      C:\WINDOWS\system32\tm20dec.ax
      Clean

      C:\WINDOWS\system32\toolhelp.dll
      Clean

      C:\WINDOWS\system32\tourstart.exe
      Clean

      C:\WINDOWS\system32\tracerpt.exe
      Clean

      C:\WINDOWS\system32\tracert.exe
      Clean

      C:\WINDOWS\system32\tracert6.exe
      Clean

      C:\WINDOWS\system32\traffic.dll
      Clean

      C:\WINDOWS\system32\tree.com
      Clean

      C:\WINDOWS\system32\trkwks(3).dll
      Clean

      C:\WINDOWS\system32\trkwks.dll
      Clean

      C:\WINDOWS\system32\tsappcmp.dll
      Clean

      C:\WINDOWS\system32\tsbyuv.dll
      Clean

      C:\WINDOWS\system32\tscfgwmi.dll
      Clean

      C:\WINDOWS\system32\tscon.exe
      Clean

      C:\WINDOWS\system32\tscupgrd.exe
      Clean

      C:\WINDOWS\system32\tsd32.dll
      Clean

      C:\WINDOWS\system32\tsddd.dll
      Clean

      C:\WINDOWS\system32\tsdiscon.exe
      Clean

      C:\WINDOWS\system32\tskill.exe
      Clean

      C:\WINDOWS\system32\tslabels.h
      Clean

      C:\WINDOWS\system32\tslabels.ini
      Clean

      C:\WINDOWS\system32\tsshutdn.exe
      Clean

      C:\WINDOWS\system32\tssoft32.acm
      Clean

      C:\WINDOWS\system32\TWAIN_32.DLL
      Clean

      C:\WINDOWS\system32\twext.dll
      Clean

      C:\WINDOWS\system32\txflog.dll
      Clean

      C:\WINDOWS\system32\typelib.dll
      Clean

      C:\WINDOWS\system32\typeperf.exe
      Clean

      C:\WINDOWS\system32\udhisapi.dll
      Clean

      C:\WINDOWS\system32\ufat.dll
      Clean

      C:\WINDOWS\system32\ulib.dll
      Clean

      C:\WINDOWS\system32\umandlg.dll
      Clean

      C:\WINDOWS\system32\umdmxfrm.dll
      Clean

      C:\WINDOWS\system32\umpnpmgr(3).dll
      Clean

      C:\WINDOWS\system32\umpnpmgr.dll
      Clean

      C:\WINDOWS\system32\unaddrv.exe
      Clean

      C:\WINDOWS\system32\unam4ie.exe
      Clean

      C:\WINDOWS\system32\unicdime.ime
      Clean

      C:\WINDOWS\system32\unicode.nls
      Clean

      C:\WINDOWS\system32\uniime.dll
      Clean

      C:\WINDOWS\system32\unimdm.tsp
      Clean

      C:\WINDOWS\system32\unimdmat.dll
      Clean

      C:\WINDOWS\system32\uniplat.dll
      Clean

      C:\WINDOWS\system32\unlodctr.exe
      Clean

      C:\WINDOWS\system32\unrar.dll
      Clean

      C:\WINDOWS\system32\untfs.dll
      Clean

      C:\WINDOWS\system32\unzip32.dll
      Clean

      C:\WINDOWS\system32\upnp(3).dll
      Clean

      C:\WINDOWS\system32\upnp.dll
      Clean

      C:\WINDOWS\system32\upnpcont.exe
      Clean

      C:\WINDOWS\system32\upnphost.dll
      Clean

      C:\WINDOWS\system32\upnpui.dll
      Clean

      C:\WINDOWS\system32\ups.exe
      Clean

      C:\WINDOWS\system32\ureg.dll
      Clean

      C:\WINDOWS\system32\url(3).dll
      Clean

      C:\WINDOWS\system32\url.dll
      Clean

      C:\WINDOWS\system32\urlmon(3).dll
      Clean

      C:\WINDOWS\system32\urlmon.dll
      Clean

      C:\WINDOWS\system32\urqnkjh.dll
      Clean

      C:\WINDOWS\system32\URTTemp\fusion.dll
      Clean

      C:\WINDOWS\system32\URTTemp\mscoree.dll
      Clean

      C:\WINDOWS\system32\URTTemp\mscoree.dll.local
      Clean

      C:\WINDOWS\system32\URTTemp\mscorsn.dll
      Clean

      C:\WINDOWS\system32\URTTemp\mscorwks.dll
      Clean

      C:\WINDOWS\system32\URTTemp\msvcr71.dll
      Clean

      C:\WINDOWS\system32\URTTemp\regtlib.exe
      Clean

      C:\WINDOWS\system32\usbmon.dll
      Clean

      C:\WINDOWS\system32\usbui.dll
      Clean

      C:\WINDOWS\system32\usb_cpl.dll
      Clean

      C:\WINDOWS\system32\user.exe
      Clean

      C:\WINDOWS\system32\user32.dll
      Clean

      C:\WINDOWS\system32\userenv.dll
      Clean

      C:\WINDOWS\system32\userinit.exe
      Clean

      C:\WINDOWS\system32\usmt\guitrn.dll
      Clean

      C:\WINDOWS\system32\usmt\guitrn_a.dll
      Clean

      C:\WINDOWS\system32\usmt\iconlib.dll
      Clean

      C:\WINDOWS\system32\usmt\log.dll
      Clean

      C:\WINDOWS\system32\usmt\migapp.inf
      Clean

      C:\WINDOWS\system32\usmt\migapp.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\migism.dll
      Clean

      C:\WINDOWS\system32\usmt\migism.inf
      Clean

      C:\WINDOWS\system32\usmt\migism.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\migism_a.dll
      Clean

      C:\WINDOWS\system32\usmt\migload.exe
      Clean

      C:\WINDOWS\system32\usmt\migsys.inf
      Clean

      C:\WINDOWS\system32\usmt\migsys.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\miguser.inf
      Clean

      C:\WINDOWS\system32\usmt\miguser.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\migwiz.exe
      Clean

      C:\WINDOWS\system32\usmt\migwiz.exe.manifest
      Clean

      C:\WINDOWS\system32\usmt\migwiz.exe.manifest=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\migwiz.inf
      Clean

      C:\WINDOWS\system32\usmt\migwiz.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\migwiz_a.exe
      Clean

      C:\WINDOWS\system32\usmt\script.dll
      Clean

      C:\WINDOWS\system32\usmt\script_a.dll
      Clean

      C:\WINDOWS\system32\usmt\sysfiles.inf
      Clean

      C:\WINDOWS\system32\usmt\sysfiles.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usmt\sysmod.dll
      Clean

      C:\WINDOWS\system32\usmt\sysmod_a.dll
      Clean

      C:\WINDOWS\system32\usmt\usmtdef.inf
      Clean

      C:\WINDOWS\system32\usmt\usmtdef.inf=>(unicode)
      Clean

      C:\WINDOWS\system32\usp10(3).dll
      Clean

      C:\WINDOWS\system32\usp10.dll
      Clean

      C:\WINDOWS\system32\usrcntra.dll
      Clean

      C:\WINDOWS\system32\usrcoina.dll
      Clean

      C:\WINDOWS\system32\usrdpa.dll
      Clean

      C:\WINDOWS\system32\usrdtea.dll
      Clean

      C:\WINDOWS\system32\usrfaxa.dll
      Clean

      C:\WINDOWS\system32\usrlbva.dll
      Clean

      C:\WINDOWS\system32\usrlogon.cmd
      Clean

      C:\WINDOWS\system32\usrmlnka.exe
      Clean

      C:\WINDOWS\system32\usrprbda.exe
      Clean

      C:\WINDOWS\system32\usrrtosa.dll
      Clean

      C:\WINDOWS\system32\usrsdpia.dll
      Clean

      C:\WINDOWS\system32\usrshuta.exe
      Clean

      C:\WINDOWS\system32\usrsvpia.dll
      Clean

      C:\WINDOWS\system32\usrv42a.dll
      Clean

      C:\WINDOWS\system32\usrv80a.dll
      Clean

      C:\WINDOWS\system32\usrvoica.dll
      Clean

      C:\WINDOWS\system32\usrvpa.dll
      Clean

      C:\WINDOWS\system32\utildll.dll
      Clean

      C:\WINDOWS\system32\utilman.exe
      Clean

      C:\WINDOWS\system32\uwdf.exe
      Clean

      C:\WINDOWS\system32\uxtheme(3).dll
      Clean

      C:\WINDOWS\system32\uxtheme.dll
      Clean

      C:\WINDOWS\system32\v7vga.rom
      Clean

      C:\WINDOWS\system32\v7vga.rom=>REMOVED_NULLS
      Clean

      C:\WINDOWS\system32\VB5DB.DLL
      Clean

      C:\WINDOWS\system32\VB6FR.DLL
      Clean

      C:\WINDOWS\system32\VB6STKIT.DLL
      Clean

      C:\WINDOWS\system32\VBAEN32.OLB
      Clean

      C:\WINDOWS\system32\VBAEND32.OLB
      Clean

      C:\WINDOWS\system32\VBAFR32.OLB
      Clean

      C:\WINDOWS\system32\vbajet32.dll
      Clean

      C:\WINDOWS\system32\VBAME.DLL
      Clean

      C:\WINDOWS\system32\vbar332.dll
      Clean

      C:\WINDOWS\system32\vbicodec.ax
      Clean

      C:\WINDOWS\system32\vbisurf.ax
      Clean

      C:\WINDOWS\system32\vbscript(2).dll
      Clean

      C:\WINDOWS\system32\vbscript.dll
      Clean

      C:\WINDOWS\system32\vbsfr.dll
      Clean

      C:\WINDOWS\system32\vcdex.dll
      Clean

      C:\WINDOWS\system32\VCT3216.ACM
      Clean

      C:\WINDOWS\system32\VCT3216.DLL
      Clean

      C:\WINDOWS\system32\vdmdbg.dll
      Clean

      C:\WINDOWS\system32\vdmredir.dll
      Clean

      C:\WINDOWS\system32\VEN2232.OLB
      Clean

      C:\WINDOWS\system32\ver.dll
      Clean

      C:\WINDOWS\system32\verclsid.exe
      Clean

      C:\WINDOWS\system32\verifier.dll
      Clean

      C:\WINDOWS\system32\verifier.exe
      Clean

      C:\WINDOWS\system32\version.dll
      Clean

      C:\WINDOWS\system32\vfpodbc.dll
      Clean

      C:\WINDOWS\system32\vga.dll
      Clean

      C:\WINDOWS\system32\vga.drv
      Clean

      C:\WINDOWS\system32\vga256.dll
      Clean

      C:\WINDOWS\system32\vga64k.dll
      Clean

      C:\WINDOWS\system32\vidx16.dll
      Clean

      C:\WINDOWS\system32\Viewers\DEBMP.DLL
      Clean

      C:\WINDOWS\system32\Viewers\DEHEX.DLL
      Clean

      C:\WINDOWS\system32\Viewers\DEMET.DLL
      Clean

      C:\WINDOWS\system32\Viewers\DESS.DLL
      Clean

      C:\WINDOWS\system32\Viewers\DEWP.DLL
      Clean

      C:\WINDOWS\system32\Viewers\MSVIEWUT.DLL
      Clean

      C:\WINDOWS\system32\Viewers\QUIKVIEW.EXE
      Clean

      C:\WINDOWS\system32\Viewers\SCCVIEW.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSASC8.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSBMP.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSDRW.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSEXE.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSEXE2.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSMP.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSMSW.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSPP.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSQP6.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSRTF.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSTIFF.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSW6.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWKS.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWMF.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWORD.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWORK.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWP5.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWP6.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSWPF.DLL
      Clean

      C:\WINDOWS\system32\Viewers\VSXL5.DLL
      Clean

      C:\WINDOWS\system32\vjoy.dll
      Clean

      C:\WINDOWS\system32\vmhelper.dll
      Clean

      C:\WINDOWS\system32\VOXMSDEC.AX
      Clean

      C:\WINDOWS\system32\VOXMVDEC.AX
      Clean

      C:\WINDOWS\system32\vp6dec_settings.cpl
      Clean

      C:\WINDOWS\system32\VSFLEX3.OCX
      Clean

      C:\WINDOWS\system32\vssadmin.exe
      Clean

      C:\WINDOWS\system32\vssapi(3).dll
      Clean

      C:\WINDOWS\system32\vssapi.dll
      Clean

      C:\WINDOWS\system32\vssvc.exe
      Clean

      C:\WINDOWS\system32\vss_ps.dll
      Clean

      C:\WINDOWS\system32\vwipxspx.dll
      Clean

      C:\WINDOWS\system32\vwipxspx.exe
      Clean

      C:\WINDOWS\system32\vxblock.dll
      Clean

      C:\WINDOWS\system32\w32n50.dll
      Clean

      C:\WINDOWS\system32\w32time(3).dll
      Clean

      C:\WINDOWS\system32\w32time.dll
      Clean

      C:\WINDOWS\system32\w32tm.exe
      Clean

      C:\WINDOWS\system32\w32topl.dll
      Clean

      C:\WINDOWS\system32\w3ssl.dll
      Clean

      C:\WINDOWS\system32\w95inf16.dll
      Clean

      C:\WINDOWS\system32\w95inf32.dll
      Clean

      C:\WINDOWS\system32\watchdog.sys
      Clean

      C:\WINDOWS\system32\wavemsp.dll
      Clean

      C:\WINDOWS\system32\wbcache.deu
      Clean

      C:\WINDOWS\system32\wbcache.enu
      Clean

      C:\WINDOWS\system32\wbcache.esn
      Clean

      C:\WINDOWS\system32\wbcache.fra
      Clean

      C:\WINDOWS\system32\wbcache.ita
      Clean

      C:\WINDOWS\system32\wbcache.nld
      Clean

      C:\WINDOWS\system32\wbcache.sve
      Clean

      C:\WINDOWS\system32\wbdbase.deu
      Clean

      C:\WINDOWS\system32\wbdbase.enu
      Clean

      C:\WINDOWS\system32\wbdbase.esn
      Clean

      C:\WINDOWS\system32\wbdbase.fra
      Clean

      C:\WINDOWS\system32\wbdbase.ita
      Clean

      C:\WINDOWS\system32\wbdbase.nld
      Clean

      C:\WINDOWS\system32\wbdbase.sve
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof=>(unicode)
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof
      Clean

      C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2
      0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, mets un new hijack stp et precise l'evolution de la situation stp

    ++
    0
    1. yann
       
      Bonsoir

      Le PC est super lent, il rame mais sans les rames !!
      ça fait 4 fois que j'essaie de vous envoyer ce message, mais rien ne se passe.

      Je désespère d'y arriver, internet ne marche presque plus, c'est l'enfer, je suis prisonnier de ce truc et ça commence sérieusement à me fatiguer

      HELP HELP HELP HELP HELP HELP

      dernier rapport en date :

      Logfile of HijackThis v1.99.1
      Scan saved at 22:41:51, on 26/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: (no name) - {59CA6513-5A5A-3FB4-D081-0BE271AEC009} - C:\WINDOWS\system32\sgpvqml.dll
      O2 - BHO: (no name) - {732FFB66-67CF-4AF3-B466-774935A94C3F} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: (no name) - {AE784354-305C-4584-9DB9-35837752A28E} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/dribnif/fr/win/QuickTimeInstaller.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
      O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Merci
      0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    # Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    ( tu pourras la réactivé à la fin de la manip )

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/

    O2 - BHO: (no name) - {59CA6513-5A5A-3FB4-D081-0BE271AEC009} - C:\WINDOWS\system32\sgpvqml.dll
    O2 - BHO: (no name) - {732FFB66-67CF-4AF3-B466-774935A94C3F} - (no file)

    O2 - BHO: (no name) - {AE784354-305C-4584-9DB9-35837752A28E} - (no file)

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    O4 - HKLM\..\Run: [maslapn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MURIE\Local Settings\Application Data\maslapn.dll",ignvfd

    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - https://checkspy.com/

    ensuite, télécharge et execute ceci :

    * CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

    * Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    ccleaner

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    ensuite : defragmente ton DD :

    defragmenter son disque dur

    tiens nous au courant,@+
    0
    1. yann
       
      Ai scrupuleusement effectué les manips proposées, et si je mets autant de temps à répondre, c'est tout simplement parce qu'internet rame toujours autant (plus de 10 minutes avec un écran immobile, rien ne se passe), et que j'ai du éteindre puis relancer le PC 2 fois et relancer 3 fois le site avant d'arriver jusque là !!


      Sinon, j'ai vu un message d'erreur :
      vs mon.exe erreur d'application
      l'instruction "0x4d53565b emploie l'adresse mémoire "0x4d53565b
      la mémoire ne peut etre "read" ....


      Que dois-je faire à présent SVP ?
      0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    fais ceci stp :

    Réparer les fichiers système :

    · Allez sur le poste de travail
    · Faites un clique droit sur disque C:\ (disque où se trouve votre système d'exploitation)
    · Choisissez l’onglet propriété
    · Choisissez l’onglet Outils, puis vérifier maintenant

    et vois ce que ça te donne

    @+
    0
    1. yann
       
      J'ai réparé comme préconisé les fichiers systèmes

      L'ordi tourne mieux, mais n'a pas encore retrouvé sa vitesse d'antan, toutefois je parviens à en faire ce que je veux.
      J'ai déjà effectué 3 jours auparavant le protocole "mon PC rame que faire ?", donc comment puis-je encore amélioré le tir dasn la situation actuelle, la finalité étant de pouvoir par exemple jouer comme auparavant à flight simulator en réseau mondial, ce qui suppose un PC réactif ...

      Je te propose mon dernier rapport Hijack, et j'attends ta réponse.
      Qu'en est-il de mon ou mes infections virales, sont-elles traitées, partiellement, totalement ???

      Logfile of HijackThis v1.99.1
      Scan saved at 22:18:03, on 27/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe
      O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Merci encore de ton aide
      0
  15. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ton hijack est bon !

    regarde par là :

    pc ou ordinateur lent windows tres lent au demarrage

    ++
    0
    1. yann
       
      Tout semble fonctionner correctement à présent et j'en suis ravi.
      Merci pour ces excellenbts conseils qui m'ont permis de lever ces problèmes et d'en savoir un peu plus sur l'informatique.

      Aurai tu quelques conseils à me donner pour protéger plus efficacement mon PC ?

      J'ai un autre PC, portable celui-ci, qui présente une trace de virus également, ainsi que des séquelles de mauvaises manipulations informatiques de ma part.
      Je ne souhaite pas le connecter à internet car il contient des données perso, mais je peux me débrouiller via la clé USB à transférer les données sur celui-ci et à te les faire parvenir.
      Serais-tu d'accord pour ce nouveau challenge ?

      Merci encore pour le supoer travail effectué sur celui-ci et j'espère pouvoir te lire très bientot

      Yann


      Toutefois
      0
    2. yann
       
      1 er rapport Hijack du portable, merci

      Logfile of HijackThis v1.99.1
      Scan saved at 17:50:45, on 28/02/2007
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
      C:\WINDOWS\System32\MSEXECP32.exe
      C:\WINDOWS\ATK0100\Hcontrol.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\System32\MSEXECP32.exe
      C:\WINDOWS\System32\sst.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\ATK0100\ATKOSD.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\System32\HPZipm12.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
      O4 - HKLM\..\Run: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [USB Hardware9 Monitoring] USBhardware9.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Win32] sst.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\RunServices: [USB Hardware9 Monitoring] USBhardware9.exe
      O4 - HKLM\..\RunServices: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKLM\..\RunServices: [Win32] sst.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKCU\..\Run: [Win32] sst.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

      merci
      0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    effectivement, des petites saltés ...

    fais un scan avec avg stp et poste le !

    pour le protection de l'ordi :

    https://sebsauvage.net/safehex.html

    securite proteger un ordinateur contre les malwares d internet

    @+
    0
  17. yann
     
    suis tombé en panne de batterie sur le portable en plein scan AVG (chargeur resté au boulot) donc la suite demain soir en ce qui me concerne.

    Bonne soirée

    Yann
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, bonne soirée !

    @+
    0
    1. Yann
       
      Salut Green Day

      Quelques infos à propos des dysfonctions constatées sur le portable :

      1)
      Lors du lancement, on me propose de choisir le système d'exploitation entre /
      - windowsw xp pro
      - installation de windows xp pro

      Il me semble que pour me sortir d'un (autre) mauvais pas, j'avais du tenter de réinstaller XP pro, mais sans aller jusqu'au bout ...

      2)
      Une alerte virus se manifeste par le biais d'avast tous les jours au bout du meme temps écoulé de fonctionnement du PC, au environs de 3 à 4 heures :
      C:/Docume-1/yannmu-1/locals-1/temp/c27d8fef.d7a
      Nom : win 32 : trojan.gen

      3)
      voici le scan AVG demandé, ainsi qu'un hijack

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 10:57:03 01/03/2007

      + Résultat de l'analyse:



      [2092] C:\WINDOWS\System32\sst.exe -> Backdoor.Rbot : Aucune action entreprise.


      Fin du rapport

      Logfile of HijackThis v1.99.1
      Scan saved at 19:59:54, on 01/03/2007
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
      C:\WINDOWS\System32\MSEXECP32.exe
      C:\WINDOWS\ATK0100\Hcontrol.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\System32\MSEXECP32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\WINDOWS\ATK0100\ATKOSD.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Microsoft Office\Office\WINWORD.EXE
      C:\WINDOWS\msagent\AgentSvr.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
      O4 - HKLM\..\Run: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [USB Hardware9 Monitoring] USBhardware9.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\RunServices: [USB Hardware9 Monitoring] USBhardware9.exe
      O4 - HKLM\..\RunServices: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)


      Merci encore de ton aide

      Yann
      0
  19. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    ok, as tu supprimé ce qu'avg t'as trouvé ??

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    O4 - HKLM\..\Run: [MS Windows Executor Process] MSEXECP32.exe

    O4 - HKLM\..\Run: [USB Hardware9 Monitoring] USBhardware9.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\RunServices: [USB Hardware9 Monitoring] USBhardware9.exe
    O4 - HKLM\..\RunServices: [MS Windows Executor Process] MSEXECP32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MS Windows Executor Process] MSEXECP32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    ==> cherche et supprime les fichiers en gras si presents dans le fichier Windows :

    MSEXECP32.exe
    USBhardware9.exe

    ensuite, télécharge et exécute :

    * CleanUp40 (qui élimine les fichiers temporaires + cookies : gratuit )
    http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

    tuto : (merci à Balltrap) http://pageperso.aol.fr/balltrap34/democleanup.htm

    * Ccleaner : Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "réparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'à ce qu'il te trouve plus d'erreurs .

    *Relance Ccleaner ,vas dans l'onglet "nettoyeur" présent sur la gauche, décoche la dernière case (Avancé si elle
    est cochée) puis clique sur "lancer le nettoyage"

    ccleaner

    tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    enfin : installe un parefeu :

    kerio

    tuto : pour configurer et comprendre Kerio
    https://www.vulgarisation-informatique.com/kerio.php
    http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm

    @+

    ;-)
    La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
    perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
    0
    1. yann
       
      De retour

      Avais supprimé comme supposé l'élément trouvé par AVG

      Ai trouvé et effecé MSexeCP32.exe
      N'ai pas trouvé USBhardware 9 .exe

      dernier hijack

      Logfile of HijackThis v1.99.1
      Scan saved at 19:59:54, on 01/03/2007
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
      C:\WINDOWS\System32\MSEXECP32.exe
      C:\WINDOWS\ATK0100\Hcontrol.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\WINDOWS\System32\MSEXECP32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\WINDOWS\ATK0100\ATKOSD.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Microsoft Office\Office\WINWORD.EXE
      C:\WINDOWS\msagent\AgentSvr.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
      O4 - HKLM\..\Run: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [USB Hardware9 Monitoring] USBhardware9.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\RunServices: [USB Hardware9 Monitoring] USBhardware9.exe
      O4 - HKLM\..\RunServices: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MS Windows Executor Process] MSEXECP32.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
      0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    as tu fixé les lignes ???

    ++
    0
    1. yann
       
      Oui , pourqu'oi ?
      Excuse le délai mais était en train de désisntaller sur le PC fix le pare feu Zone Alarm au profit de Kerio
      0
  21. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Une impression de déjà vu :)

    est-ce un new hijack alors ???

    pourquoi déinstaller ZA ???

    ++
    0
  • 1
  • 2