Problèmes Internet ==> Rapport Hijackthis

Gaeldas Messages postés 14 Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour à toutes et tous ! =)

Alors, j'ai depuis pas mal de temps des problèmes très gênants avec Internet.
Entre autres, parfois l'impossibilité de me connecter à Firefox (qui est mon navigateur par défaut),
impossibilité de me connecter à IE6.0 (qui est un passage obligatoire chez moi afin de configurer mon
aolbox).
En dernier recours, il me reste le navigateur d'aol qui marche à tous les coups... mais il est cependant bourré
d'inconvénients (ne prend pas en charge le PNG et n'affiche pas certaines pages web).
J'ai donc découvert ce site bien pratique (il faut avouer) et ait effectué une recherche concernant mon
problème. Au final, j'ai trouvé l'application Hijackthis et je remet donc son rapport à votre considération.

Merci d'avance pour votre attention et votre patience =)

________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 05:28:30, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
E:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Xfire\xfire.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
E:\WINDOWS\explorer.exe
E:\Documents and Settings\El Diablo de la Vega\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: votre adresse no-ip 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {feff1a09-5602-4ccf-934c-733a11f20ff0} - E:\WINDOWS\system32\exe2c70.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] E:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EE323A15806F97BDE4417E70CE7C0726B954E1C2832211359826033AAC01F09DDF7618479154310B87659CA5E04E5067DF690232BC13E3C283211531856D1E27
O4 - HKLM\..\RunOnce: [AAW] "E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\Program Files\wamp\wampmanager.exe
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: e:\windows\system32\sstqrpo.dll
O20 - Winlogon Notify: exe2c70 - E:\WINDOWS\SYSTEM32\exe2c70.dll
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
Configuration: Windows XP
Firefox 2.0.0.4

20 réponses

  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Télécharge VundoFix.exe (par Atribune) sur ton Bureau
    http://www.atribune.org/ccount/click.php?id=4
    clic double sur VundoFix.exe afin de le lancer
    clic sur le bouton Scan for Vundo
    Lorsque le scan est complété, clic sur le bouton Remove Vundo
    Une invite te demandera si tu veux supprimer les fichiers, clic YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer;
    clic OK

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clic sur le bouton Scan for Vundo".

    Télécharge SDFix sur ton bureau
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.bat
    Appuie sur Y pour commencer le nettoyage.
    Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    0
  2. Gaeldas Messages postés 14 Statut Membre
     
    Merci pour cette réponse rapide =)

    Alors voilà, j'ai suivi toute la procédure que tu as indiqué.
    Voici les différents rapports :

    Report.txt de SDFix
    ___________________________________________

    SDFix: Version 1.88

    Run by El Diablo de la Vega on 24/06/2007 at 17:53

    Microsoft Windows XP [version 5.1.2600]

    Running From: E:\DOCUME~1\El Diablo de la Vega\Bureau\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter E:\DOCUME~1\EL DIABLO DE LA VEGA\BUREAU\SDFIX\SDFIX\APPS\LOCATE.COM - Deleted
    E:\WINDOWS\retadpu2000373.exe.tmp - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\DOCUME~1\El - Deleted
    E:\WINDOWS\retadpu.exe - Deleted

    Folder E:\Program Files\InetGet2 - Removed

    Removing Temp Files...

    ADS Check:

    Checking E:\WINDOWS
    E:\WINDOWS
    No streams found.

    Checking E:\WINDOWS\system32
    E:\WINDOWS\system32
    No streams found.

    Checking E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    No streams found.

    Checking E:\WINDOWS\system32\ntoskrnl.exe
    E:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
    "E:\\Program Files\\AOL 9.0\\waol.exe"="E:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
    "E:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\WINDOWS\\system32\\svchost.exe"="E:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "E:\\Program Files\\Shareaza\\Downloads\\WOW Free Server World Of Warcraft private server\\WAD_0.4341.1.4\\WoWemu.exe"="E:\\Program Files\\Shareaza\\Downloads\\WOW Free Server World Of Warcraft private server\\WAD_0.4341.1.4\\WoWemu.exe:*:Enabled:WoWemu"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WOW-Ex_French-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WOW-Ex_French-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW Free Server World Of Warcraft private server\\WAD_0.4341.1.4\\WoWemu.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW Free Server World Of Warcraft private server\\WAD_0.4341.1.4\\WoWemu.exe:*:Enabled:WoWemu"
    "E:\\Program Files\\World of Warcraft\\WoW.exe"="E:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:WoW"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\AhnQiraj_French-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\AhnQiraj_French-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"="E:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe:*:Enabled:Avid Editor"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Naxxramas_French-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Naxxramas_French-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\JVTorrent\\btdownloadgui.exe"="E:\\Program Files\\JVTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
    "E:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="E:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\DarkmooneFaire_French-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\DarkmooneFaire_French-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WEB-WOWEx-French-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WEB-WOWEx-French-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Nefarian_FR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Nefarian_FR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Arathi_new_FR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Arathi_new_FR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\ZulGurub_French-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\ZulGurub_French-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\CaptureTheFlag_FR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\CaptureTheFlag_FR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-Onyxia-enGB-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-Onyxia-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-1.10.2.5302-to-0.11.0.5344-frFR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-1.10.2.5302-to-0.11.0.5344-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-0.11.0.5344-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-0.11.0.5344-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5383-to-0.11.0.5413-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5383-to-0.11.0.5413-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5413-to-0.11.0.5428-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.11.0.5413-to-0.11.0.5428-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\Warcraft III\\Warcraft III.exe"="E:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
    "E:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="E:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW Free Server World Of Warcraft private server\\WAD_0.4341.1.4\\WoWemu_AA-FIX.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW Free Server World Of Warcraft private server\\WAD_0.4341.1.4\\WoWemu_AA-FIX.exe:*:Enabled:WoWemu_AA-FIX"
    "E:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-0.11.2.5464-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-0.11.2.5464-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Flying_Mount_PC_FR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Flying_Mount_PC_FR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-0.12.0.5496-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA76\\WoW Server.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA76\\WoW Server.exe:*:Enabled:TODO: <File description>"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA547\\wowbox.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA547\\wowbox.exe:*:Enabled:StormCraft WoW Exploration Box"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA440\\Zhenboy Box 1.10.EXE"="E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA440\\Zhenboy Box 1.10.EXE:*:Enabled:ZHENBOY WoW LANBOX 1.10"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA884\\Zhenboy sandbox.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Local Settings\\Temp\\_PA884\\Zhenboy sandbox.exe:*:Enabled:TODO: <File description>"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Abyss Server 1.1\\Abyss2.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Abyss Server 1.1\\Abyss2.exe:*:Enabled:Abyss2"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Sandbox2\\WoW Server.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Sandbox2\\WoW Server.exe:*:Enabled:TODO: <File description>"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow StormCraft Box\\wowbox.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow StormCraft Box\\wowbox.exe:*:Enabled:StormCraft WoW Exploration Box"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Zhenboy LAN Sandbox\\Client\\PM.EXE"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Zhenboy LAN Sandbox\\Client\\PM.EXE:*:Enabled:PM"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Zhenboy LAN Sandbox\\SandBox Client\\Zhenboy Box 1.10.EXE"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Zhenboy LAN Sandbox\\SandBox Client\\Zhenboy Box 1.10.EXE:*:Enabled:ZHENBOY WoW LANBOX 1.10"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Zhenboy Sandbox\\Zhenboy sandbox.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Mes documents\\Others\\WOW\\Wow World Of Warcraft Cracks Clients And Servers All Files -By S0u1r34v3r\\Wow Zhenboy Sandbox\\Zhenboy sandbox.exe:*:Enabled:TODO: <File description>"
    "E:\\Program Files\\World of Warcraft\\WTF\\Account\\SPEEDER514686562\\Wow Abyss Server 1.1\\Abyss2.exe"="E:\\Program Files\\World of Warcraft\\WTF\\Account\\SPEEDER514686562\\Wow Abyss Server 1.1\\Abyss2.exe:*:Enabled:Abyss2"
    "E:\\Program Files\\World of Warcraft\\World Of Warcraft\\Wow Abyss Server 1.1\\Abyss2.exe"="E:\\Program Files\\World of Warcraft\\World Of Warcraft\\Wow Abyss Server 1.1\\Abyss2.exe:*:Enabled:Abyss2"
    "E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
    "E:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="E:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "E:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="E:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "E:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="E:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe:*:Enabled:Rise Of Legends"
    "E:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\Xfire\\xfire.exe"="E:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
    "E:\\Program Files\\MSN Messenger\\msncall.exe"="E:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "E:\\Program Files\\eMule\\emule.exe"="E:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
    "E:\\Program Files\\Kazaa\\kazaa.exe"="E:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
    "E:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"="E:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe:*:Enabled:Stronghold 2"
    "C:\\Program Files\\Electronic Arts\\Bitwa o Sr¢dziemie II\\game.dat"="C:\\Program Files\\Electronic Arts\\Bitwa o Sr¢dziemie II\\game.dat:*:Enabled:Bitwa o Sr¢dziemieT II"
    "E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "E:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="E:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "E:\\Program Files\\Mozilla Firefox\\firefox.exe"="E:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
    "E:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\java.exe:*:Enabled:java"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.1.6180-to-0.0.3.6244-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.1.6180-to-0.0.3.6244-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.0.3.6282-to-0.0.3.6299-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.0.3.6282-to-0.0.3.6299-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WowExpansionMaster_1024_2100_B_English.avi-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-2.0.5.6320-to-0.0.6.6337-frFR-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\WoW-2.0.5.6320-to-0.0.6.6337-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\MSN Messenger\\msnmsgr.exe"="E:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "E:\\Program Files\\MSN Messenger\\livecall.exe"="E:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\EPL_Trailer_frFR.avi-downloader.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\EPL_Trailer_frFR.avi-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\World of Warcraft\\Repair.exe"="E:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "E:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"="E:\\Program Files\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server"
    "E:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe"="E:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
    "E:\\WINDOWS\\system32\\dpvsetup.exe"="E:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "E:\\WINDOWS\\system32\\rundll32.exe"="E:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"="C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Pack Lames de Feu v1\\Pack Lames de Feu v1\\mangosd.exe"="E:\\Documents and Settings\\El Diablo de la Vega\\Bureau\\Pack Lames de Feu v1\\Pack Lames de Feu v1\\mangosd.exe:*:Enabled:mangosd"
    "E:\\Documents and Settings\\El Diablo de la Vega\\Application Data\\tmp3C.tmp.exe"="E:\\Documents and Settings\\El Diablo de la Vega"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "E:\\Program Files\\AOL 9.0\\waol.exe"="E:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
    "E:\\Program Files\\MSN Messenger\\msncall.exe"="E:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="E:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "E:\\Program Files\\MSN Messenger\\msnmsgr.exe"="E:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "E:\\Program Files\\MSN Messenger\\livecall.exe"="E:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Listing Files with Hidden Attributes:

    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - Live In Leipzig (1993)[Link_found_at_www.MetalDonkey.com]\Thumbs.db
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - Live In Leipzig (1993)[Link_found_at_www.MetalDonkey.com]\Live in leipzig\AlbumArtSmall.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - Live In Leipzig (1993)[Link_found_at_www.MetalDonkey.com]\Live in leipzig\AlbumArt_{772A5466-46AB-4F02-A254-DDBBEFA6B8DA}_Large.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - Live In Leipzig (1993)[Link_found_at_www.MetalDonkey.com]\Live in leipzig\AlbumArt_{772A5466-46AB-4F02-A254-DDBBEFA6B8DA}_Small.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - Live In Leipzig (1993)[Link_found_at_www.MetalDonkey.com]\Live in leipzig\desktop.ini
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - Live In Leipzig (1993)[Link_found_at_www.MetalDonkey.com]\Live in leipzig\Folder.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - The Dawn Of The Black Hearts (Live - 1995)[Link_found_at_www.MetalDonkey.com]\1990 The Dawn Of The Black Hearts (Live In Sarpsbourg)\AlbumArtSmall.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Mayhem - The Dawn Of The Black Hearts (Live - 1995)[Link_found_at_www.MetalDonkey.com]\1990 The Dawn Of The Black Hearts (Live In Sarpsbourg)\Folder.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Old Funeral - The Older Ones (1999)[Link_found_at_www.MetalDonkey.com]\Old Funeral (NOR)\The Older Ones (LP 1991)\AlbumArtSmall.jpg
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\Musique\Old Funeral - The Older Ones (1999)[Link_found_at_www.MetalDonkey.com]\Old Funeral (NOR)\The Older Ones (LP 1991)\Folder.jpg
    E:\Documents and Settings\Catherine\Local Settings\Temp\~rnsetup\pncrt.dll
    E:\Program Files\eRightSoft\SUPER\cygwin1.dll
    E:\Program Files\eRightSoft\SUPER\cygz.dll
    E:\Program Files\eRightSoft\SUPER\_Setup.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
    E:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
    E:\Program Files\Shareaza\Downloads\anti_detect.dll
    E:\Program Files\World of Warcraft\AddOns\anti_detect.dll
    E:\Program Files\World of Warcraft\Interface\AddOns\anti_detect.dll
    E:\WINDOWS\system32\flvDX.dll
    E:\WINDOWS\system32\msfDX.dll
    E:\WINDOWS\system32\wodfamoh.dll
    E:\Program Files\AOL 9.0\aolphx.exe
    E:\Program Files\AOL 9.0\aoltray.exe
    E:\Program Files\AOL 9.0\RBM.exe
    E:\Program Files\eRightSoft\SUPER\Setup.exe
    E:\Program Files\Picasa2\setup.exe
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\World of Warcraft How to hack cheat crack WoW Account.rar
    E:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
    E:\Documents and Settings\El Diablo de la Vega\Mes documents\Others\World of Warcraft (play online free) KeyGen.zip

    Listing User Accounts:

    Administrateur ASPNET Catherine
    El Diablo de la Vega HelpAssistant Invit‚
    SUPPORT_388945a0
    La commande s'est termin‚e correctement.

    Finished

    VundoFix.txt de VundoFix
    _____________________________________________________

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 17:31:01 24/06/2007

    Listing files found while scanning....

    E:\windows\system32\dmimook.dll
    E:\windows\system32\exe2c70.dll

    Beginning removal...

    Attempting to delete E:\windows\system32\dmimook.dll
    E:\windows\system32\dmimook.dll Has been deleted!

    Attempting to delete E:\windows\system32\exe2c70.dll
    E:\windows\system32\exe2c70.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 17:35:55 24/06/2007

    Listing files found while scanning....

    E:\windows\system32\exe2c70.dll

    Beginning removal...

    Attempting to delete E:\windows\system32\exe2c70.dll
    E:\windows\system32\exe2c70.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete E:\windows\system32\exe2c70.dll
    E:\windows\system32\exe2c70.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Hijackthis.txt de Hijackthis
    ___________________________________________________
    Logfile of HijackThis v1.99.1
    Scan saved at 18:11:24, on 24/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Documents and Settings\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\Program Files\Unlocker\UnlockerAssistant.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    E:\Program Files\DAEMON Tools\daemon.exe
    E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    E:\Program Files\Fichiers communs\AOL\1157877778\ee\aolsoftware.exe
    E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    E:\Program Files\Xfire\xfire.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Documents and Settings\El Diablo de la Vega\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - E:\WINDOWS\system32\tmp3F.tmp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: (no name) - {feff1a09-5602-4ccf-934c-733a11f20ff0} - E:\WINDOWS\system32\exe2c70.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [HostManager] E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [winehq.org] rundll32.exe "E:\WINDOWS\yaaxwt.dll",realset
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DDC] E:\Documents and Settings\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WampServer.lnk = C:\Program Files\wamp\wampmanager.exe
    O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O18 - Filter: text/html - (no CLSID) - (no file)
    O20 - AppInit_DLLs: e:\windows\system32\sstqrpo.dll
    O20 - Winlogon Notify: exe2c70 - E:\WINDOWS\SYSTEM32\exe2c70.dll
    O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: DomainService - - E:\Documents and Settings\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: wampapache - Unknown owner - C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld (file missing)
    0
  3. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Télécharge combofix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    Double clique combofix.exe.

    Tape sur la touche Y (Yes) pour démarrer le scan.

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  4. Utilisateur anonyme
     
    petit clin d'oeil en passant...
    ""E:\\Program Files\\eMule\\emule.exe"="E:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
    "E:\\Program Files\\Kazaa\\kazaa.exe"="E:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa" "
    ;-) parfois on se demande mais d'où diable viennent ces foutus virus...

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    cela je ne te le fais pas dire!!!mais bon!! à force!!vont peut être comprendre!!!!
    0
  7. Utilisateur anonyme
     
    En, tous ca j'admire ton sens de l'entraide.
    Ceci dit ne perds pas de vue ceci: yaaxwt.dll
    a+
    0
  8. Gaeldas Messages postés 14 Statut Membre
     
    Hum... Kazaa et Emule sont depuis longtemps désinstallés de mon PC (un an et demi si mes souvenirs sont bons).
    Je pense avoir saisi le clin d'oeil, et je suppose que l'on aime pas trop ces deux softs sur ce site
    (et ceux qui les utilisent) mais bon... comme je l'ai dit précédement, je ne les utilise plus
    (pour ce que je faisait avec... bof ^^) et ma foi, si je m'expose à des poursuites judiciaires,
    ça n'engage que moi ;)
    Cependant, ça ne m'étonne pas que ces deux fichiers soient infectés...
    en tout cas merci pour ton aide papyber.
    Je vais suivre la prochaine procédure...
    0
    1. papyber Messages postés 6430 Statut Contributeur sécurité 257
       
      pas de soucis
      fais la manip avec Combofix et poste le rapport obtenu et un nouveau hijack
      0
  9. Utilisateur anonyme
     
    salut à tous,
    si je puis me permettre quelques suggestions pour faire avancer la désinfection:
    ------------------------------
    fais ctrl+alt+del
    onglet processus/termine ce processus.
    E:\Documents and Settings\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    --------------------------------------

    Désinstalles Hijackthis avec lui-même.
    Réinstall dans ton cas dans E:\Hijackthis
    (comment faire, regarde le lien en dessous"pour info du pourquoi ")
    --------------------------------------------------------------
    ensuite renome Hijackthis en ce que tu veux-----> ex:
    scanner.exe
    machin.exe
    ect...
    pour info du pourquoi ? ici---->
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    ----------------------------------------------
    Ensuite cocher+ fixer ces lignes
    Comment faire ?
    https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html
    ------------------------------------------------------------------------
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - E:\WINDOWS\system32\tmp3F.tmp.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    Inconnu
    O2 - BHO: (no name) - {feff1a09-5602-4ccf-934c-733a11f20ff0} - E:\WINDOWS\system32\exe2c70.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    Inconnu
    O4 - HKLM\..\Run: [winehq.org] rundll32.exe "E:\WINDOWS\yaaxwt.dll",realset
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [DDC] E:\Documents and Settings\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O18 - Filter: text/html - (no CLSID) - (no file)
    Inconnu
    O20 - AppInit_DLLs: e:\windows\system32\sstqrpo.dll
    Inconnu
    O20 - Winlogon Notify: exe2c70 - E:\WINDOWS\SYSTEM32\exe2c70.dll
    O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (file missing)
    O23 - Service: DomainService - - E:\Documents and Settings\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    -------------------------------------------------
    Ensuite fais ceci:
    https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
    + colle le rapport
    --------------------------
    + colles rapport Hijackthis (renommé, ne pas oublier !)
    ----------------------------------------
    *****Dans chaque église, il y a toujours quelque chose qui cloche******
    Je n'ai pas la prétention de résoudre les problèmes, j'essaie simplement de rendre service ;-)
    0
    1. papyber Messages postés 6430 Statut Contributeur sécurité 257
       
      vundo a déjà été recherché post 1 2 avec SDFix!
      combofix est prescrit car il supprime certaines dll non éradiquées par Vundofix
      il faut donc attendre le rapport combofx pour voir ce qu'il restera à ôter....
      0
  10. Utilisateur anonyme
     
    les élèments cachés, recherché par Blacklight (inclus dans Navilog1.cmd) sont importants, vu le niveau assez sévère de l'infection...
    J'aurais proposé ceci pour Vundo:
    https://leblogdeclaude.blogspot.com/2007/05/procdure-vundofix.html
    dans ce cas-ci je propose ceci:
    https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
    rien à voir Vundo.( ce qui m'intéresse c'est Blacklight)
    mais la procédure Navilog1.cmd est plus facile pour le "helpé" (en cas d'infection détectée) que la classique ici:
    https://leblogdeclaude.blogspot.com/2007/02/informatique-coller-un-rapport.html
    A+
    0
  11. Gaeldas Messages postés 14 Statut Membre
     
    Alors, j'ai continué à suivre la procédure que Papyber m'indiquait... faut pas m'embrouiller,
    je suis un gros débutant =)

    PS : désolé pour le temps que j'ai mis à poster les rapports, j'ai eu de gros orages hier par chez moi
    (d'ailleurs faut que je me dépêche, ça recommence ^^).

    Bon, les rapports :

    Combo-quarantined-files de ComboFix
    ___________________________________________________________

    [code]
    2007-05-18 19:16 8179 --a------ E:\Qoobox\Quarantine\E\WINDOWS\system32\gebcdde.dll.vir
    2007-06-13 03:59 37437 --a------ E:\Qoobox\Quarantine\E\WINDOWS\system32\exe2c70.dll.vir
    2007-06-13 03:59 47899 --a------ E:\Qoobox\Quarantine\E\WINDOWS\system32\mljge.exe.vir
    2007-06-24 05:36 122880 --a------ E:\Qoobox\Quarantine\E\DOCUME~1\El Diablo de la Vega\Application Data\tmp3C.tmp.exe.vir
    2007-06-24 05:39 128212 --a------ E:\Qoobox\Quarantine\E\DOCUME~1\El Diablo de la Vega\Application Data\tmp3E.tmp.exe.vir
    2007-06-24 05:40 73920 --a------ E:\Qoobox\Quarantine\E\DOCUME~1\El Diablo de la Vega\Application Data\tmp3F.tmp.exe.vir
    2007-06-25 17:44 1098 --a------ E:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
    2007-06-25 17:44 3536 --a------ E:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
    2007-06-25 17:44 830 --a------ E:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_LOG.reg.cf
    2007-06-25 17:45 53 --a------ E:\Qoobox\Quarantine\catchme.log

    Structure du dossier
    Le num‚ro de s‚rie du volume est F0B1-A009
    E:\QOOBOX
    \---Quarantine
    | catchme.log
    |
    +---E
    | +---DOCUME~1
    | | \---El Diablo de la Vega
    | | \---Application Data
    | | tmp3C.tmp.exe.vir
    | | tmp3E.tmp.exe.vir
    | | tmp3F.tmp.exe.vir
    | |
    | \---WINDOWS
    | \---system32
    | exe2c70.dll.vir
    | gebcdde.dll.vir
    | mljge.exe.vir
    |
    \---Registry_backups
    LEGACY_DOMAINSERVICE.reg.cf
    LEGACY_WINDOWS_LOG.reg.cf
    services_DomainService.reg.cf

    [/code]

    log de ComboFix (je suppose ^^)
    ___________________________________________________________

    "El Diablo de la Vega" - 2007-06-25 17:41:52 - ComboFix 07-06-23.5 - Service Pack 2 NTFS

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

    E:\WINDOWS\system32\gebcdde.dll
    E:\WINDOWS\system32\mljge.exe
    E:\WINDOWS\system32\exe2c70.dll

    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    E:\DOCUME~1\El Diablo de la Vega\Application Data\tmp3C.tmp.exe
    E:\DOCUME~1\El Diablo de la Vega\Application Data\tmp3E.tmp.exe
    E:\DOCUME~1\El Diablo de la Vega\Application Data\tmp3F.tmp.exe
    E:\WINDOWS\b136.exe

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_WINDOWS_LOG
    -------\DomainService

    ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))

    2007-06-25 17:41 49,152 --a------ E:\WINDOWS\nircmd.exe
    2007-06-24 20:51 <REP> d-------- E:\Program Files\Nioubomatik Antrix
    2007-06-24 17:31 <REP> d-------- E:\VundoFix Backups
    2007-06-24 11:04 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll
    2007-06-24 05:40 59,414 --a------ E:\WINDOWS\system32\tmp3F.tmp.dll
    2007-06-24 05:40 134,837 --a------ E:\WINDOWS\yaaxwt.dll
    2007-06-14 07:21 <REP> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\GoldWaveCDDB
    2007-06-13 17:28 <REP> d-------- E:\Program Files\Multi_Media
    2007-06-13 02:26 <REP> d--h----- E:\WINDOWS\PIF
    2007-06-12 20:57 <REP> d-------- E:\Program Files\Stellarium
    2007-06-12 19:56 974,848 --a------ E:\WINDOWS\system32\mfc70.dll
    2007-06-12 19:56 90,112 --a------ E:\WINDOWS\system32\agsaami.dll
    2007-06-12 19:56 610,304 --a------ E:\WINDOWS\system32\agsaamg.dll
    2007-06-12 19:56 53,760 --a------ E:\WINDOWS\system\ppacklib.dll
    2007-06-12 19:56 487,424 --a------ E:\WINDOWS\system32\msvcp70.dll
    2007-06-12 19:56 44 --a------ E:\WINDOWS\system32\winitn.dll
    2007-06-12 19:56 372,736 --a------ E:\WINDOWS\system32\agsaamc.dll
    2007-06-12 19:56 237,568 --a------ E:\WINDOWS\system32\lame_enc.dll
    2007-06-12 19:56 2,535,424 --a------ E:\WINDOWS\system32\agsaamj.dll
    2007-06-12 19:56 1 --a------ E:\WINDOWS\klzdlt.dll
    2007-06-12 19:56 <REP> d-------- E:\Program Files\ALO Power Audio Converter
    2007-06-10 18:38 <REP> d-------- E:\Program Files\GoldWave
    2007-06-09 00:51 719,872 --a------ E:\WINDOWS\system32\devil.dll
    2007-06-09 00:51 70,656 --a------ E:\WINDOWS\system32\yv12vfw.dll
    2007-06-09 00:51 70,656 --a------ E:\WINDOWS\system32\i420vfw.dll
    2007-06-09 00:51 66,560 --a------ E:\WINDOWS\MOTA113.exe
    2007-06-09 00:51 502,784 --a------ E:\WINDOWS\x2.64.exe
    2007-06-09 00:51 471,552 --a------ E:\WINDOWS\system32\Smab.dll
    2007-06-09 00:51 31,232 -r-hs---- E:\WINDOWS\system32\msfDX.dll
    2007-06-09 00:51 306,688 --a------ E:\WINDOWS\system32\avisynth.dll
    2007-06-09 00:51 27,648 --a------ E:\WINDOWS\system32\AVSredirect.dll
    2007-06-09 00:51 240,128 --a------ E:\WINDOWS\system32\x.264.exe
    2007-06-09 00:51 217,073 --a------ E:\WINDOWS\meta4.exe
    2007-06-09 00:51 163,328 -r-hs---- E:\WINDOWS\system32\flvDX.dll
    2007-06-09 00:51 <REP> d-------- E:\Program Files\AviSynth 2.5
    2007-06-09 00:50 <REP> d-------- E:\Program Files\eRightSoft
    2007-06-09 00:29 <REP> d-------- E:\WINDOWS\FLV Player
    2007-06-09 00:29 <REP> d-------- E:\Program Files\FLV Player
    2007-06-08 19:31 <REP> d-------- E:\Program Files\Vstplugins
    2007-06-08 19:30 <REP> d-------- E:\Program Files\Sony
    2007-06-08 18:41 <REP> d-------- E:\Program Files\Sony Setup
    2007-05-31 08:45 524,288 --a------ E:\WINDOWS\system32\DivXsm.exe
    2007-05-31 08:44 823,296 --a------ E:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 08:44 823,296 --a------ E:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 08:44 802,816 --a------ E:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 08:44 740,442 --a------ E:\WINDOWS\system32\DivX.dll

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-11-03 00:18:32 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\Dossier de téléchargement Share-to-Web
    2007-06-25 15:56:25 -------- d-s---w E:\Program Files\Xfire
    2007-06-25 15:17:44 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\Xfire
    2007-06-24 19:11:02 -------- d-----w E:\Program Files\World of Warcraft
    2007-06-23 22:24:06 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\SQLyog
    2007-06-23 13:28:28 -------- d-----w E:\Program Files\Teamspeak2_RC2
    2007-06-18 15:49:27 -------- d-----w E:\Program Files\DivX
    2007-06-13 13:18:24 -------- d--h--w E:\Program Files\InstallShield Installation Information
    2007-06-10 12:07:36 76,384 ----a-w E:\WINDOWS\system32\perfc00C.dat
    2007-06-10 12:07:36 471,246 ----a-w E:\WINDOWS\system32\perfh00C.dat
    2007-06-09 00:49:57 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\Publish Providers
    2007-06-09 00:49:57 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\NetMedia Providers
    2007-06-08 17:09:57 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\Sony
    2007-06-08 16:42:54 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\Sony Setup
    2007-05-18 17:22:29 34,696 ----a-w E:\WINDOWS\system32\jkhhe.exe
    2007-05-16 15:13:53 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
    2007-05-16 14:52:20 -------- d-----w E:\DOCUME~1\El Diablo de la Vega\Application Data\teamspeak2
    2007-04-25 14:22:35 144,896 ----a-w E:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 ----a-w E:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 ----a-w E:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:14:18 2,854,400 ----a-w E:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w E:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w E:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w E:\WINDOWS\system32\wups2.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {0EEDB912-C5FA-486F-8334-57288578C627}=C:\Program Files\Shareaza\Plugins\RazaWebHook.dll [2004-07-12 09:22]
    {1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=E:\WINDOWS\system32\tmp3F.tmp.dll [2007-06-24 05:40]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=e:\program files\google\googletoolbar2.dll [2007-02-08 22:42]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-25 22:17]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "EM_EXEC"="E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE" [2002-07-01 10:50]
    "AOLSAV"="E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe" [2004-11-10 16:18]
    "AOLDialer"="E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2006-11-17 13:41]
    "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-03-02 19:48]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 E:\WINDOWS\soundman.exe]
    "avast!"="E:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-01-15 19:28]
    "SpeedTouch USB Diagnostics"="E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
    "Share-to-Web Namespace Daemon"="E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19]
    "UnlockerAssistant"="E:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-03-03 10:39]
    "HostManager"="E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe" [2006-11-17 15:16]
    "Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18]
    "DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
    "ATICCC"="E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
    "Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" []
    "TkBellExe"="E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-05 22:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54]
    "LDM"="E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-03-01 23:07]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    E:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=e:\windows\system32\sstqrpo.dll

    *Newly Created Service* - ATWPKT2

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-25 17:56:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-25 17:58:21 - machine was rebooted
    E:\ComboFix-quarantined-files.txt ... 2007-06-25 17:58

    --- E O F ---

    hijackthis.txt de Hijackthis
    ______________________________________________________________

    Logfile of HijackThis v1.99.1
    Scan saved at 18:00, on 25/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\cmd.exe
    E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\Program Files\Unlocker\UnlockerAssistant.exe
    E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    E:\Program Files\DAEMON Tools\daemon.exe
    E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    E:\Program Files\Xfire\xfire.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Documents and Settings\El Diablo de la Vega\Bureau\Utilitaires - Nettoyage\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - E:\WINDOWS\system32\tmp3F.tmp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [HostManager] E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O20 - AppInit_DLLs: e:\windows\system32\sstqrpo.dll
    O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    0
  12. Utilisateur anonyme
     
    ok , pas de soucis je te laisse avec papyber.
    ;-)
    bonne soirée.
    0
  13. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    j'ai eu aussi une "panne" de Pc hier
    je regarde tes rapports
    0
  14. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Combofix a bien travaillé!
    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,

    C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    e:\windows\system32\sstqrpo.dll

    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.
    dans ce cas tu ne le fais pas et tu fais ceci avant de redémarrer le PC
    Ouvre le Bloc-note
    et copie-colle les lignes entre --- ci-dessous (y compris la ligne vide à la fin)

    -----------------------------------------------------------------------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    --------------------------------------------------------------------------------------------------------------
    lance hijack pour un scan et coche les lignes suivantes si tu les trouves
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - E:\WINDOWS\system32\tmp3F.tmp.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file
    O20 - AppInit_DLLs: e:\windows\system32\sstqrpo.dll
    O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (file missing)
    ferme toutes tes fenêtres y compris internet et clic sur fixer l'objet

    redémarre ton Pc
    et dis moi comment çà va?
    0
    1. Gaeldas Messages postés 14 Statut Membre
       
      Hum... voici le rapport :

      C:\Program Files\Shareaza\Plugins\RazaWebHook.dll unregistered successfully.
      C:\Program Files\Shareaza\Plugins\RazaWebHook.dll moved successfully.
      E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe moved successfully.
      File/Folder e:\windows\system32\sstqrpo.dll not found.

      Created on 06/26/2007 16:12:06




      Mais les lignes que je dois copier (y compris la ligne de fin), je les copie où exactement ? Dans le rapport OTMoveIt ?
      0
      1. papyber Messages postés 6430 Statut Contributeur sécurité 257 > Gaeldas Messages postés 14 Statut Membre
         
        Ouvre le Bloc-note
        et copie-colle les lignes entre --- ci-dessous (y compris la ligne vide à la fin)

        -----------------------------------------------------------------------------------
        REGEDIT4

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""
        0
  15. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    j'aimerais bien que tu mes copies colles le contenu de ceci, merci
    E:\ComboFix-quarantined-files.txt
    0
  16. Gaeldas Messages postés 14 Statut Membre
     
    Bon, j'ai fixé les objets que tu m'as indiqué... ou du moins ceux que j'ai trouvé.
    Par contre je n'ai pas compris à quoi cela servait de coller les lignes dans le bloc notes ^^.

    Bon... voilà le rapport ComboFix quarantined que tu m'avais demandé :

    [code]
    2007-05-18 19:16 8179 --a------ E:\Qoobox\Quarantine\E\WINDOWS\system32\gebcdde.dll.vir
    2007-06-13 03:59 37437 --a------ E:\Qoobox\Quarantine\E\WINDOWS\system32\exe2c70.dll.vir
    2007-06-13 03:59 47899 --a------ E:\Qoobox\Quarantine\E\WINDOWS\system32\mljge.exe.vir
    2007-06-24 05:36 122880 --a------ E:\Qoobox\Quarantine\E\DOCUME~1\El Diablo de la Vega\Application Data\tmp3C.tmp.exe.vir
    2007-06-24 05:39 128212 --a------ E:\Qoobox\Quarantine\E\DOCUME~1\El Diablo de la Vega\Application Data\tmp3E.tmp.exe.vir
    2007-06-24 05:40 73920 --a------ E:\Qoobox\Quarantine\E\DOCUME~1\El Diablo de la Vega\Application Data\tmp3F.tmp.exe.vir
    2007-06-25 17:44 1098 --a------ E:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
    2007-06-25 17:44 3536 --a------ E:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
    2007-06-25 17:44 830 --a------ E:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_LOG.reg.cf
    2007-06-25 17:45 53 --a------ E:\Qoobox\Quarantine\catchme.log

    Structure du dossier
    Le num‚ro de s‚rie du volume est F0B1-A009
    E:\QOOBOX
    \---Quarantine
    | catchme.log
    |
    +---E
    | +---DOCUME~1
    | | \---El Diablo de la Vega
    | | \---Application Data
    | | tmp3C.tmp.exe.vir
    | | tmp3E.tmp.exe.vir
    | | tmp3F.tmp.exe.vir
    | |
    | \---WINDOWS
    | \---system32
    | exe2c70.dll.vir
    | gebcdde.dll.vir
    | mljge.exe.vir
    |
    \---Registry_backups
    LEGACY_DOMAINSERVICE.reg.cf
    LEGACY_WINDOWS_LOG.reg.cf
    services_DomainService.reg.cf

    [/code]

    Il a changé depuis la dernière fois ? ^^

    Et un autre Hijackthis par la même occasion :

    Logfile of HijackThis v1.99.1
    Scan saved at 17:14, on 26/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\Program Files\Unlocker\UnlockerAssistant.exe
    E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    E:\Program Files\DAEMON Tools\daemon.exe
    E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    E:\Program Files\Xfire\xfire.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Documents and Settings\El Diablo de la Vega\Bureau\Utilitaires - Nettoyage\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [HostManager] E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    0
  17. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    la manip en entier, désolé, je devais partir et j'en ai "loupé" un bout
    fais le
    Ouvre le Bloc-note
    et copie-colle les lignes entre --- ci-dessous (y compris la ligne vide à la fin)

    -----------------------------------------------------------------------------------
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    --------------------------------------------------------------------------------------------------------------

    Enregistre ce fichier sur ton bureau (Nom du fichier : "Fixme.reg " -sans inclure les guillemets- ; Type : Tous les fichiers).

    Double-clique sur Fixme.reg et clique sur Oui lorsqu'on te demande confirmation pour Fusionner.
    Lorsque tu reçois un message du bon déroulement, supprime le fichier Fixme.reg.

    poste moi un nouveau rapport HijackThis
    0
    1. Gaeldas Messages postés 14 Statut Membre
       
      Il me met un message d'erreur comme quoi il m'est impossible d'importer ce fichier.

      "Impossible d'importer E:\Documents and Settings\El Diablo de la Vega\Bureau\Fixme.reg : Le fichier
      spécifié n'est pas un script du registre.
      Vous pouvez uniquement importer des fichiers du registre binaires à partir de l'éditeur du Registre."

      Ce message apparaît une fois que j'ai double-cliqué sur le fichier et que j'ai cliqué sur "oui" à la question qu'il
      me posait.

      Voilà, tu as une solution ?
      0
      1. Gaeldas Messages postés 14 Statut Membre > Gaeldas Messages postés 14 Statut Membre
         
        Non, en fait ça marche, désolé, je te poste le rapport Hijackthis ^^
        0
  18. Gaeldas Messages postés 14 Statut Membre
     
    Voilà le nouveau Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 21:50, on 26/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    E:\Program Files\Unlocker\UnlockerAssistant.exe
    E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    E:\Program Files\DAEMON Tools\daemon.exe
    E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    E:\Program Files\Xfire\xfire.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Documents and Settings\El Diablo de la Vega\Bureau\Utilitaires - Nettoyage\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [HostManager] E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    0
  19. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    faire un scan antivirus en ligne avec internet explorer et accepter l'activex
    poster le rapport ici ensuite
    https://www.bitdefender.fr/

    En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    Dans la nouvelle fenêtre, clique sur I agree
    La fenêtre change encore, clique sur Click here to scan
    Les signatures se chargent, etc.

    tuto en image
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    0
    1. Gaeldas Messages postés 14 Statut Membre
       
      Hum... petit problème, bitdefender a bien réalisé le scan et a bien supprimé les fichiers infectés
      qu'il a trouvé. Cependant je n'ai pas eu le temps de copier le rapport de l'analyse, étant donné
      que la fenêtre d'analyse est partie sans son reste ^^.
      Bref voilà, je reposte un rapport Hijackthis pour la forme.

      PS : un fichier nommé VundoFix faisait partie des fichiers supprimés.




      Logfile of HijackThis v1.99.1
      Scan saved at 18:18, on 27/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\system32\Ati2evxx.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\system32\Ati2evxx.exe
      E:\WINDOWS\system32\spoolsv.exe
      E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
      E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      E:\Program Files\Alwil Software\Avast4\ashServ.exe
      E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      E:\WINDOWS\system32\svchost.exe
      E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      E:\WINDOWS\Explorer.EXE
      E:\WINDOWS\System32\svchost.exe
      E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
      E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
      E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      E:\Program Files\QuickTime\qttask.exe
      E:\WINDOWS\SOUNDMAN.EXE
      E:\Program Files\Alwil Software\Avast4\ashDisp.exe
      E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      E:\Program Files\Unlocker\UnlockerAssistant.exe
      E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
      E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
      E:\Program Files\DAEMON Tools\daemon.exe
      E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      E:\WINDOWS\system32\ctfmon.exe
      E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      E:\Program Files\Google\Google Updater\GoogleUpdater.exe
      E:\Program Files\Xfire\xfire.exe
      E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      E:\Program Files\Mozilla Firefox\firefox.exe
      E:\Documents and Settings\El Diablo de la Vega\Bureau\Utilitaires - Nettoyage\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
      O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MouseWare\SYSTEM\EM_EXEC.EXE
      O4 - HKLM\..\Run: [AOLSAV] E:\PROGRA~1\TechCity Solutions\AOLSAV\AOLAgent.exe
      O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [avast!] "E:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [HostManager] E:\Program Files\Fichiers communs\AOL\1157877778\ee\AOLSoftware.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
      O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = ?
      O4 - Global Startup: AOL 9.0 Icône AOL.lnk = E:\Program Files\AOL 9.0\aoltray.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Outil de mise à jour Google.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
      O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\msgrapp.8.1.0178.00.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      0
  20. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    si tout va bien supprime tout ce qu'on a utilisé car ce ne sera plus utile désormais
    conserve néanmoins ccleaner et effectue le nettoyage tous les jours avant de couper le PC

    installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
    AVG Antispyware
    https://www.avg.com/en-ww/free-antivirus-download

    mode d'utilisation :
    Lance AVG Anti-Spyware, mets le à jour,
    Clique sur le bouton « Analyse »
    Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
    Retour à l'onglet Analyse.
    Clique sur Analyse complète du système.
    A la fin du scan, choisis " Appliquer toutes les actions "
    Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    tu peux le coupler avec celui-ci
    spybot search and destroy
    https://www.safer-networking.org/?page=download

    défragmente

    pense à bien te protéger, j'ai découvert ce lien qui est plutôt pas mal à ce sujet

    https://forum.pcastuces.com/default.asp

    désactive ta restauration
    clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
    redémarre ton PC
    clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer
    démarrer/tous les programmes/ outils système/ restauration du système/ créer un point de restauration

    la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...

    et bon surf
    0
    1. Gaeldas Messages postés 14 Statut Membre
       
      Merci beaucoup pour toute l'aide que tu m'as apporté et pour ta patience.
      J'ai copié/collé ton dernier message en tant que procédure à suivre régulièrement.
      Concernant l'anti spyware, je possède déja Ad-Aware (SE Personal), est ce qu'il suffit ?

      Encore merci pour tout et bonne continuation =)
      0
  21. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    il est bon fais des analyses régulièrement
    0