Sujet Précédent Sujet Suivant

Désinfection complète du PC ?

kaktusrouge -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour.
J'ai des problèmes avec mon pc. Il rame beaucoup, surtout les pages internet (la connexion tourne toujours à plein régime ?!! , les pages se bloquent...). J'aimerais nettoyer mon systeme de fond en comble, éliminer toutes les merdes qui traînent. Vous avez une recette miracle ?
Merci à vous.
A voir également:

8 réponses

Réponse 1 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

Télécharge ceci sur ton bureau :

Lien : hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
kaktusrouge
 
Résultat :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:16, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
C:\WINXP\SYSTEM32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\CopernicAgentExt.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl"); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2D411106-1766-4182-A7A4-0F8E8E0996D5} - C:\WINXP\system32\ssttu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINXP\system32\tuvsrol.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINXP\system32\qctnnooi.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\CopernicAgentExt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\ycomp5_3_18_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINXP\TEMP\win37A.tmp.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINXP\system32\rpcc.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINXP\system32\ehraucqy.dll",sitypnow
O4 - HKLM\..\RunOnce: [RemoveWGA] C:\Documents and Settings\Administrateur\Mes documents\RemoveWGA.exe -startup
O4 - HKLM\..\RunOnce: [VundoFix] "C:\\vundofix.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2266] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9579] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Fichiers communs\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINXP\system32\Macromed\Flash\GetFlash.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8325] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6463] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [dlmMgr] "C:\Program Files\Fichiers communs\Adobe\ESD\AdobeDownloadManager.exe" restart=1 (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-861567501-220523388-725345543-500 Startup: Registration Brothers In Arms.LNK = E:\Support\Register\RegistrationReminder.exe (User '?')
O4 - Startup: Registration Brothers In Arms.LNK = E:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8CD391-D887-43D6-869C-589622ABB6BA}: NameServer = 86.64.145.144 84.103.237.144
O20 - AppInit_DLLs: x?sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ssttu - C:\WINXP\system32\ssttu.dll
O20 - Winlogon Notify: tuvsrol - C:\WINXP\SYSTEM32\tuvsrol.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 2 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
il y a des bébéttes en plus ... :)

Téléchargez VundoFix.exe (par Atribune) sur ton Bureau :

http://www.atribune.org/ccount/click.php?id=4

*Double-clique VundoFix.exe afin de le lancer.
* Cliquez sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquez sur le bouton Remove Vundo.
* Une invite vous demandera supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* le PC va s'éteindre ("shutdown") : clique OK
* Démarrez votre PC à nouveau
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

++
0
kaktusrouge
 
Alors le rapport du vundo :


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 17:49:21 29/07/2007

Listing files found while scanning....

C:\WINXP\system32\ssttu.dll
C:\WINXP\system32\uttss.bak2
C:\WINXP\system32\uttss.ini

Beginning removal...

Attempting to delete C:\WINXP\system32\ssttu.dll
C:\WINXP\system32\ssttu.dll Could not be deleted.

Attempting to delete C:\WINXP\system32\uttss.bak2
C:\WINXP\system32\uttss.bak2 Has been deleted!

Attempting to delete C:\WINXP\system32\uttss.ini
C:\WINXP\system32\uttss.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 23:11:28 29/07/2007

Listing files found while scanning....

C:\WINXP\system32\ssttu.dll
C:\WINXP\system32\uttss.bak1
C:\WINXP\system32\uttss.ini
C:\WINXP\system32\uttss.tmp

Beginning removal...

Attempting to delete C:\WINXP\system32\ssttu.dll
C:\WINXP\system32\ssttu.dll Could not be deleted.

Attempting to delete C:\WINXP\system32\uttss.bak1
C:\WINXP\system32\uttss.bak1 Has been deleted!

Attempting to delete C:\WINXP\system32\uttss.ini
C:\WINXP\system32\uttss.ini Has been deleted!

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------------------------------------------


Rapport du hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:19, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
C:\WINXP\SYSTEM32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\system32\rundll32.exe
C:\Scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl"); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
O2 - BHO: (no name) - {510A7CEE-7095-417B-A0AF-108E0BB28ADB} - C:\WINXP\system32\ssttu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A4A2D56-931A-4733-9121-033A2D95A274} - C:\WINXP\SYSTEM32\tuvsrol.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINXP\system32\ehraucqy.dll",sitypnow
O4 - HKLM\..\RunOnce: [VundoFix] "C:\\vundofix.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2266] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9579] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINXP\system32\Macromed\Flash\GetFlash.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8325] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6463] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8CD391-D887-43D6-869C-589622ABB6BA}: NameServer = 84.103.237.140 86.64.145.140
O20 - AppInit_DLLs: x?sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: ssttu - C:\WINXP\system32\ssttu.dll
O20 - Winlogon Notify: tuvsrol - C:\WINXP\SYSTEM32\tuvsrol.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 3 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
pas mal de bébéttes, mais des classics !

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

++
0
kaktusrouge
 
Alors voila le rapport VBG :


[07/29/2007, 23:33:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[07/29/2007, 23:33:38] - Detected System Information:
[07/29/2007, 23:33:38] - Windows Version: 5.1.2600, Service Pack 2
[07/29/2007, 23:33:38] - Current Username: Administrateur (Admin)
[07/29/2007, 23:33:38] - Windows is in NORMAL mode.
[07/29/2007, 23:33:38] - Searching for Browser Helper Objects:
[07/29/2007, 23:33:38] - BHO 1: {510A7CEE-7095-417B-A0AF-108E0BB28ADB} ()
[07/29/2007, 23:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:33:38] - Checking for HKLM\...\Winlogon\Notify\ssttu
[07/29/2007, 23:33:38] - Found: HKLM\...\Winlogon\Notify\ssttu - This is probably Virtumundo.
[07/29/2007, 23:33:38] - Assigning {510A7CEE-7095-417B-A0AF-108E0BB28ADB} MSEvents Object
[07/29/2007, 23:33:38] - BHO list has been changed! Starting over...
[07/29/2007, 23:33:38] - BHO 1: {510A7CEE-7095-417B-A0AF-108E0BB28ADB} (MSEvents Object)
[07/29/2007, 23:33:38] - ALERT: Found MSEvents Object!
[07/29/2007, 23:33:38] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/29/2007, 23:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:33:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/29/2007, 23:33:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/29/2007, 23:33:38] - BHO 3: {5A4A2D56-931A-4733-9121-033A2D95A274} ()
[07/29/2007, 23:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:33:38] - Checking for HKLM\...\Winlogon\Notify\tuvsrol
[07/29/2007, 23:33:38] - Found: HKLM\...\Winlogon\Notify\tuvsrol - This is probably Virtumundo.
[07/29/2007, 23:33:38] - Assigning {5A4A2D56-931A-4733-9121-033A2D95A274} MSEvents Object
[07/29/2007, 23:33:38] - BHO list has been changed! Starting over...
[07/29/2007, 23:33:38] - BHO 1: {510A7CEE-7095-417B-A0AF-108E0BB28ADB} (MSEvents Object)
[07/29/2007, 23:33:38] - ALERT: Found MSEvents Object!
[07/29/2007, 23:33:38] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/29/2007, 23:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:33:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/29/2007, 23:33:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/29/2007, 23:33:38] - BHO 3: {5A4A2D56-931A-4733-9121-033A2D95A274} (MSEvents Object)
[07/29/2007, 23:33:38] - ALERT: Found MSEvents Object!
[07/29/2007, 23:33:38] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/29/2007, 23:33:38] - BHO 5: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[07/29/2007, 23:33:38] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[07/29/2007, 23:33:38] - BHO 7: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/29/2007, 23:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:33:38] - Checking for HKLM\...\Winlogon\Notify\tnboslow
[07/29/2007, 23:33:38] - Key not found: HKLM\...\Winlogon\Notify\tnboslow, continuing.
[07/29/2007, 23:33:38] - Finished Searching Browser Helper Objects
[07/29/2007, 23:33:38] - *** Detected MSEvents Object
[07/29/2007, 23:33:38] - Trying to remove MSEvents Object...
[07/29/2007, 23:33:39] - Terminating Process: IEXPLORE.EXE
[07/29/2007, 23:33:39] - Terminating Process: RUNDLL32.EXE
[07/29/2007, 23:33:39] - Disabling Automatic Shell Restart
[07/29/2007, 23:33:39] - Terminating Process: EXPLORER.EXE
[07/29/2007, 23:33:40] - Suspending the NT Session Manager System Service
[07/29/2007, 23:33:40] - Terminating Windows NT Logon/Logoff Manager
[07/29/2007, 23:38:42] - Re-enabling Automatic Shell Restart
[07/29/2007, 23:38:42] - File to disable: C:\WINXP\system32\ssttu.dll
[07/29/2007, 23:38:42] - Renaming C:\WINXP\system32\ssttu.dll -> C:\WINXP\system32\ssttu.dll.vir
[07/29/2007, 23:38:42] - File successfully renamed!
[07/29/2007, 23:38:42] - Removing HKLM\...\Browser Helper Objects\{510A7CEE-7095-417B-A0AF-108E0BB28ADB}
[07/29/2007, 23:38:42] - Removing HKCR\CLSID\{510A7CEE-7095-417B-A0AF-108E0BB28ADB}
[07/29/2007, 23:38:42] - Adding Kill Bit for ActiveX for GUID: {510A7CEE-7095-417B-A0AF-108E0BB28ADB}
[07/29/2007, 23:38:42] - Deleting ATLEvents/MSEvents Registry entries
[07/29/2007, 23:38:42] - Removing HKLM\...\Winlogon\Notify\ssttu
[07/29/2007, 23:38:42] - Searching for Browser Helper Objects:
[07/29/2007, 23:38:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/29/2007, 23:38:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:38:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/29/2007, 23:38:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/29/2007, 23:38:42] - BHO 2: {5A4A2D56-931A-4733-9121-033A2D95A274} (MSEvents Object)
[07/29/2007, 23:38:42] - ALERT: Found MSEvents Object!
[07/29/2007, 23:38:42] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/29/2007, 23:38:42] - BHO 4: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[07/29/2007, 23:38:42] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[07/29/2007, 23:38:42] - BHO 6: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/29/2007, 23:38:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:38:42] - Checking for HKLM\...\Winlogon\Notify\tnboslow
[07/29/2007, 23:38:42] - Key not found: HKLM\...\Winlogon\Notify\tnboslow, continuing.
[07/29/2007, 23:38:42] - Finished Searching Browser Helper Objects
[07/29/2007, 23:38:42] - *** Detected MSEvents Object
[07/29/2007, 23:38:42] - Trying to remove MSEvents Object...
[07/29/2007, 23:38:43] - Terminating Process: IEXPLORE.EXE
[07/29/2007, 23:38:43] - Terminating Process: RUNDLL32.EXE
[07/29/2007, 23:38:43] - Disabling Automatic Shell Restart
[07/29/2007, 23:38:43] - Terminating Process: EXPLORER.EXE
[07/29/2007, 23:38:43] - Suspending the NT Session Manager System Service
[07/29/2007, 23:38:43] - Terminating Windows NT Logon/Logoff Manager
[07/29/2007, 23:38:43] - Re-enabling Automatic Shell Restart
[07/29/2007, 23:38:43] - File to disable: C:\WINXP\SYSTEM32\tuvsrol.dll
[07/29/2007, 23:38:43] - Renaming C:\WINXP\SYSTEM32\tuvsrol.dll -> C:\WINXP\SYSTEM32\tuvsrol.dll.vir
[07/29/2007, 23:38:43] - File successfully renamed!
[07/29/2007, 23:38:43] - Removing HKLM\...\Browser Helper Objects\{5A4A2D56-931A-4733-9121-033A2D95A274}
[07/29/2007, 23:38:43] - Removing HKCR\CLSID\{5A4A2D56-931A-4733-9121-033A2D95A274}
[07/29/2007, 23:38:43] - Adding Kill Bit for ActiveX for GUID: {5A4A2D56-931A-4733-9121-033A2D95A274}
[07/29/2007, 23:38:43] - Deleting ATLEvents/MSEvents Registry entries
[07/29/2007, 23:38:43] - Removing HKLM\...\Winlogon\Notify\tuvsrol
[07/29/2007, 23:38:43] - Searching for Browser Helper Objects:
[07/29/2007, 23:38:43] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/29/2007, 23:38:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:38:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/29/2007, 23:38:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/29/2007, 23:38:43] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/29/2007, 23:38:43] - BHO 3: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[07/29/2007, 23:38:43] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[07/29/2007, 23:38:43] - BHO 5: {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} ()
[07/29/2007, 23:38:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2007, 23:38:43] - Checking for HKLM\...\Winlogon\Notify\tnboslow
[07/29/2007, 23:38:43] - Key not found: HKLM\...\Winlogon\Notify\tnboslow, continuing.
[07/29/2007, 23:38:43] - Finished Searching Browser Helper Objects
[07/29/2007, 23:38:43] - Finishing up...
[07/29/2007, 23:38:43] - A restart is needed.
[07/29/2007, 23:39:00] - Attempting to Restart via STOP error (Blue Screen!)

------------------------------------------------------------------------------------------------------------------------

Et le rapport hijack (d'ailleurs il met plus de 5minutes à partir de l'étape 4, ca a peut etre pas de rapport ?...) en tout cas c'est long... :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:03, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
C:\WINXP\SYSTEM32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl"); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINXP\system32\tnboslow.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINXP\system32\xhveoqcj.dll",sitypnow
O4 - HKLM\..\RunOnce: [VundoFix] "C:\\vundofix.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2266] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9579] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINXP\system32\Macromed\Flash\GetFlash.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8325] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6463] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8CD391-D887-43D6-869C-589622ABB6BA}: NameServer = 86.64.145.142 84.103.237.142
O20 - AppInit_DLLs: x?sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 4 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Pour la lenteur, l'infection peut l'expliquer entre autre ... il y a des lignes vraiment "space", jamais vu auparavant ...

on continue : Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://www.techsupportforum.com/sectools/combofix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites

Poste le rapport!

++
0
kaktusrouge
 
Tu me fais flipper... des lignes "space" ? :-) la c'est en train de scanner donc ca va etre un peu long je pense...
0
kaktusrouge
 
Voila le rapport !


"Administrateur" - 2007-07-30 0:07:22 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINXP\system32\qyeyovne.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1.\DriveCleaner Free
C:\DOCUME~1\ADMINI~1\APPLIC~1.\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\ADMINI~1\Bureau.\internet explorer.lnk
C:\Program Files\Fichiers communs\drivecleaner free
C:\WINXP\NDNuninstall5_48.exe
C:\WINXP\NDNuninstall5_64.exe
C:\WINXP\NDNuninstall6_10.exe
C:\WINXP\NDNuninstall6_22.exe
C:\WINXP\smsys.dat
C:\WINXP\system32\nvs2.inf
C:\WINXP\system32\ondffcfc.exe
C:\WINXP\system32\pbehpudf.exe
C:\WINXP\system32\pgylutqu.exe
C:\WINXP\system32\rpcc.exe
C:\WINXP\ws386.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\LEGACY_NTIO256


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-30 00:06 51,200 --a------ C:\WINXP\nircmd.exe
2007-07-29 23:22 69,184 --a------ C:\WINXP\system32\tnboslow.dll
2007-07-29 23:21 723,982 ---hs---- C:\WINXP\system32\uttss.bak1
2007-07-29 23:21 126,016 --a------ C:\WINXP\system32\xhveoqcj.dll
2007-07-29 22:54 <REP> d----c--- C:\backups
2007-07-29 17:59 126,016 --a------ C:\WINXP\system32\ehraucqy.dll
2007-07-29 17:49 109,056 --a--c--- C:\VundoFix.exe
2007-07-29 17:49 <REP> d----c--- C:\VundoFix Backups
2007-07-29 17:02 401,720 --a--c--- C:\Scan.exe
2007-07-29 15:48 69,184 --a------ C:\WINXP\system32\qctnnooi.dll
2007-07-29 15:45 126,016 --a------ C:\WINXP\system32\nrkifsln.dll
2007-07-29 02:21 31,254 --a------ C:\WINXP\system32\gebyxut.dll
2007-07-29 02:21 <REP> d-------- C:\WINXP\system32\?ystem32
2007-07-29 02:21 <REP> d-------- C:\WINXP\system32\?asks
2007-07-29 00:07 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-07-29 00:06 22,528 --a------ C:\WINXP\system32\drivers\AVHook.sys
2007-07-29 00:06 15,872 --a------ C:\WINXP\system32\drivers\AVRec.sys
2007-07-29 00:06 15,872 --a------ C:\WINXP\system32\drivers\AVFilter.sys
2007-07-29 00:06 <REP> d-------- C:\Program Files\PC Tools AntiVirus
2007-07-29 00:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Tools
2007-07-28 15:53 228,960 --a------ C:\WINXP\system32\ssttu.dll.vir
2007-07-28 15:44 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-28 15:44 13,312 --a------ C:\WINXP\system32\s2f.exe
2007-07-28 15:43 31,254 --a------ C:\WINXP\system32\xxyabya.dll
2007-07-28 15:43 31,254 --a------ C:\WINXP\system32\tuvsrol.dll.vir
2007-07-28 15:43 <REP> d---s---- C:\WINXP\system32\?icrosoft
2007-07-28 15:43 <REP> d-------- C:\WINXP\A?pPatch
2007-07-28 15:43 <REP> d-------- C:\WINXP\?ecurity
2007-07-28 15:43 <REP> d-------- C:\WINXP\??stem
2007-07-28 15:43 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\?ecurity
2007-07-28 15:43 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\??stem
2007-07-28 15:30 <REP> d-------- C:\Program Files\coolpro2
2007-07-02 21:41 200,704 --a--c--- C:\WINXP\system32\ssldivx.dll
2007-07-02 21:41 1,044,480 --a--c--- C:\WINXP\system32\libdivx.dll
2007-06-24 01:29 <REP> d-------- C:\Program Files\Propellerhead
2007-06-19 22:02 80,272 --a------ C:\WINXP\system32\drivers\sscdbus.sys
2007-06-19 22:02 137,884 --a------ C:\WINXP\system32\drivers\sscdmdm.sys
2007-06-19 22:02 11,877 --a------ C:\WINXP\system32\drivers\sscdcmnt.sys
2007-06-19 22:02 11,877 --a------ C:\WINXP\system32\drivers\sscdcm.sys
2007-06-19 22:02 11,188 --a------ C:\WINXP\system32\drivers\sscdwhnt.sys
2007-06-19 22:02 11,188 --a------ C:\WINXP\system32\drivers\sscdwh.sys
2007-06-19 22:02 10,864 --a------ C:\WINXP\system32\drivers\sscdmdfl.sys
2007-06-19 22:00 <REP> d-------- C:\Program Files\Samsung
2007-06-04 23:42 880,640 --a------ C:\WINXP\system32\NCTAudioEditor2.dll
2007-06-04 23:42 835,584 --a------ C:\WINXP\system32\NCTAudioCDGrabber2.dll
2007-06-04 23:42 602,112 --a------ C:\WINXP\system32\NCTAudioTransform2.dll
2007-06-04 23:42 479,232 --a------ C:\WINXP\system32\NCTAudioVisualization2.dll
2007-06-04 23:42 458,752 --a------ C:\WINXP\system32\NCTAudioRecord2.dll
2007-06-04 23:42 458,752 --a------ C:\WINXP\system32\NCTAudioPlayer2.dll
2007-06-04 23:42 417,792 --a------ C:\WINXP\system32\NCTAudioDisplay2.dll
2007-06-04 23:42 348,160 --a------ C:\WINXP\system32\NCTWMAFile2.dll
2007-06-04 23:42 2,084,864 --a------ C:\WINXP\system32\NCTAudioDesign2.dll
2007-06-04 23:42 1,986,560 --a------ C:\WINXP\system32\NCTAudioFile2.dll
2007-06-04 23:42 1,212,416 --a------ C:\WINXP\system32\NCTAudioInformation2.dll
2007-06-04 23:42 <REP> d-------- C:\Program Files\Audio Editor Gold
2007-06-04 23:26 <REP> d-------- C:\DOCUME~1\ADMINI~1\.mp3splt-gtk
2007-06-04 23:00 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sibelius Software
2007-06-04 22:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sibelius Software
2007-06-04 22:48 <REP> d-------- C:\Program Files\Sibelius Software
2007-06-04 22:24 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2007-06-04 22:24 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
2007-06-02 00:15 59,904 --a------ C:\WINXP\system32\Mscc2fr.dll
2007-06-02 00:15 516,173 --a------ C:\WINXP\system32\MSVCP60D.DLL
2007-06-02 00:15 385,100 --a------ C:\WINXP\system32\MSVCRTD.DLL
2007-06-02 00:15 32,768 --a------ C:\WINXP\system32\CMDLGFR.DLL
2007-06-02 00:15 21,504 --a------ C:\WINXP\system32\TABCTFR.DLL
2007-06-02 00:15 15,360 --a------ C:\WINXP\system32\inetfr.DLL
2007-06-02 00:15 141,312 --a------ C:\WINXP\system32\MSCMCFR.DLL
2007-06-02 00:15 101,888 --a------ C:\WINXP\system32\VB6STKIT.DLL
2007-06-02 00:15 <REP> d-------- C:\Program Files\Free Audio Pack
2007-06-01 21:13 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers
2007-06-01 21:13 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NetMedia Providers
2007-06-01 21:12 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 15:08:51 -------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-07-29 00:21:46 -------- d-----w C:\Program Files\Common Files
2007-07-28 13:43:29 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\??stem
2007-07-28 13:43:28 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\?ecurity
2007-07-25 22:07:36 -------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-07-20 18:32:33 -------- d-----w C:\Program Files\eMule2
2007-07-12 01:22:03 468,490 -c--a-w C:\WINXP\system32\perfh00C.dat
2007-07-12 01:22:02 75,506 -c--a-w C:\WINXP\system32\perfc00C.dat
2007-07-11 13:58:39 -------- d-----w C:\Program Files\DivX
2007-06-23 22:22:59 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-19 20:25:06 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
2007-06-04 20:56:09 604 ---ha-w C:\Program Files\STLL Notifier
2007-06-04 20:46:01 -------- d-----w C:\Program Files\Sony
2007-06-04 20:38:57 -------- d-----w C:\Program Files\Xilisoft
2007-05-27 18:49:18 9 -c-ha-w C:\WINXP\system32\wxmmin.dll
2007-05-16 15:13:53 683,520 -c--a-w C:\WINXP\system32\inetcomm.dll
2007-05-01 15:35:12 146,432 ----a-w C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe~
2006-05-06 23:07:30 353,273 -c--a-w C:\Program Files\ColourOptionsSetup_4.1_Setup.nolink Sims 2.exe
2005-05-18 18:48:25 262,144 -c--a-w C:\Program Files\Uninstall My Web Search.dll
2004-03-01 14:11:34 18,810,320 -c--a-w C:\Program Files\AdbeRdr60_fra_full.exe
2004-02-23 11:12:48 7,503,221 -c--a-w C:\Program Files\Instant Photo Scanner.exe
2004-02-23 02:05:45 28,672 -c--a-w C:\Program Files\Scanwise driver.exe
1997-06-24 23:51:46 2,318,848 -c--a-w C:\Program Files\AcroRd32.exe
2004-10-28 12:43:52 56 -csh--r C:\WINXP\system32\9C0477CB55.sys
2004-10-28 12:43:52 1,682 -csha-w C:\WINXP\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-29 23:22 69184 --a------ C:\WINXP\system32\tnboslow.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="C:\PROGRA~1\Softwin\BitDefender8\bdmcon.exe" [2005-12-15 10:32]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-12-15 10:32]
"BDSwitchAgent"="C:\Program Files\Softwin\BitDefender8\bdswitch.exe" [2005-12-15 10:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-09 14:24]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 11:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 20:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 11:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DAEMON Tools 4.03 Setup"="C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe"
"FlashPlayerUpdate"=C:\WINXP\system32\Macromed\Flash\GetFlash.exe
"SpybotDeletingB8325"=command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
"SpybotDeletingD6463"=cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"VundoFix"="C:\\vundofix.exe"
"SpybotDeletingA2266"=command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
"SpybotDeletingC9579"=cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"combofix"=C:\WINXP\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users.WINXP\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2002-10-25 15:18:40]
DSLMON.lnk - C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe [2003-12-04 21:01:24]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"=1 (0x1)
"DisableLocalMachineRunOnce"=1 (0x1)
"DisableCurrentUserRunOnce"=1 (0x1)
"DisableCurrentUserRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=x?sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^H3 The Shadow of Death(TM).lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\H3 The Shadow of Death(TM).lnk
backup=C:\WINXP\pss\H3 The Shadow of Death(TM).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
backup=C:\WINXP\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINXP^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=C:\Documents and Settings\All Users.WINXP\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=C:\WINXP\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINXP^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=C:\Documents and Settings\All Users.WINXP\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=C:\WINXP\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINXP^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users.WINXP\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINXP\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINXP^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINXP\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINXP\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINXP^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users.WINXP\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
backup=C:\WINXP\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
adiras.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINXP\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrWebScheduler]
C:\Program Files\DrWeb\DRWEBSCD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINXP\System32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoZip]
C:\DOCUME~1\ADMINI~1\MESDOC~1\UTILIT~1\PicoZip\PicoZipTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpIDerMail]
"C:\Program Files\DrWeb\spiderml.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpIDerNT]
C:\PROGRA~1\DrWeb\spidernt.exe /agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransTask]
"C:\Program Files\Tweak-XP Pro 4\transtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c6223b5-cf0c-11db-8b4f-4d6564696130}]
Auto\command- E:\AdobeR.exe e
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a52e7bf-2f88-11db-8a81-4d6564696130}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab17a70b-1293-11dc-8b9d-4d6564696130}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b69157e8-8718-11db-8afa-806dda9da512}]
Auto\command- F:\AdobeR.exe e
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3984c1a-ed01-11db-8b70-4d6564696130}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

*Newly Created Service* - NTIO256

Contents of the 'Scheduled Tasks' folder
2007-07-29 22:15:00 C:\WINXP\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 00:13:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINXP\system32\protector.exe [292] 0x81EFDDA0


scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Assign a keyboard shortcut - An example\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Assign a keyboard shortcut - An example\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Assign a keyboard shortcut - An example\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Basic scripting\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Basic scripting\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Basic scripting\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Basic scripting\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a custom toolbar\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a custom toolbar\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a custom toolbar\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a custom toolbar\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a dialog Preset - An example\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a dialog Preset - An example\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a dialog Preset - An example\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a dialog Preset - An example\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a tool Preset - An example\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a tool Preset - An example\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a tool Preset - An example\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Create a tool Preset - An example\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Rename multiple files simultaneously\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Rename multiple files simultaneously\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Rename multiple files simultaneously\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Rename multiple files simultaneously\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Run a script on multiple files\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Run a script on multiple files\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Run a script on multiple files\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Separate a tool from its flyout\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Separate a tool from its flyout\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Automation and Customization\Separate a tool from its flyout\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Create a new image\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Create a new image\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Create a new image\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Create a new image\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Crop an image\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Crop an image\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Crop an image\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Crop an image\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\E-mail an image\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\E-mail an image\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\E-mail an image\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\E-mail an image\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Open a saved image\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Open a saved image\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Open a saved image\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Open a saved image\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Resize an image\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Resize an image\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Resize an image\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Resize an image\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Rotate a photo\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Rotate a photo\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Rotate a photo\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Rotate a photo\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take a Window screen capture\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take a Window screen capture\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take a Window screen capture\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take a Window screen capture\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take an Area screen capture\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take an Area screen capture\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take an Area screen capture\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Basic Tasks\Take an Area screen capture\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Correct perspective distortion\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Correct perspective distortion\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Correct perspective distortion\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Correct perspective distortion\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Fix a photo\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Fix a photo\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Fix a photo\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Fix a photo\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Remove red-eye\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Remove red-eye\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Remove red-eye\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Remove red-eye\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Straighten a crooked photo\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Straighten a crooked photo\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Straighten a crooked photo\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Correcting Photos\Straighten a crooked photo\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a drop shadow and caption\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a drop shadow and caption\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a drop shadow and caption\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a picture frame\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a picture frame\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a picture frame\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add a picture frame\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a path - An example\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a path - An example\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a path - An example\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a path - An example\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a separate layer\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a separate layer\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a separate layer\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Add text on a separate layer\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Create a seamless tiled image\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Create a seamless tiled image\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Create a seamless tiled image\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Graphics Projects\Create a seamless tiled image\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Convert a photo into a greeting card\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Convert a photo into a greeting card\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Convert a photo into a greeting card\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Convert a photo into a greeting card\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create depth of field\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create depth of field\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create depth of field\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create depth of field\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 1\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 1\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 1\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 1\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 2\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 2\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 2\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Create soft focus - Method 2\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Erase an image background\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Erase an image background\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Erase an image background\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Erase an image background\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a photo look old\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a photo look old\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a photo look old\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a photo look old\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a selection greyscale\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a selection greyscale\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a selection greyscale\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Make a selection greyscale\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Modify a photo via blend modes\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Modify a photo via blend modes\CSS\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Modify a photo via blend modes\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Modify a photo via blend modes\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Upload photos to a PhotoSharing site\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Upload photos to a PhotoSharing site\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Upload photos to a PhotoSharing site\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Upload photos to a PhotoSharing site\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Basic\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Basic\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Basic\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Basic\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Intermediate\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Intermediate\css\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Intermediate\Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Quick Guides\Photo Projects\Using Mask Layers - Intermediate\Scripts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Sample Images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Scripts-Restricted\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Scripts-Trusted\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Selections\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Styled Lines\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Swatches\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Textures\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Learning Center\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\PostScript Resources\Fonts\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\PostScript Resources\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Commands\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Workspaces\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\PhotoServices\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\DLLs\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\compiler\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\distutils\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\distutils\command\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\email\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\encodings\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\hotshot\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\lib-old\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\lib-tk\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\site-packages\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\xml\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\xml\dom\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\xml\parsers\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\Lib\xml\sax\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\dde1.1\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\encoding\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\http1.0\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\http2.3\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\msgcat1.0\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\opt0.4\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\reg1.0\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tcl8.3\tcltest1.0\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tk8.3\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tk8.3\demos\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tk8.3\demos\images\"=""
"C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Python Libraries\TCL\tk8.3\images\"=""
"C:\Documents and Settings\All Users.WINXP\Menu D\xe9marrer\Programmes\Jasc Software\"=""
"C:\WINXP\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\"=""
"C:\Documents and Settings\All Users.WINXP\Application Data\Adobe\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Apps\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Adobe\Photoshop Album\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Apps\components\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\database\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\"="1"
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Apps\components\tables\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\workflow_icons\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\widgets\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\upsell\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Apps\plugins\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\tag_palette\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\project_window\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\navigator\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\media_player\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\main_window\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\edit_window\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\custom_window\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\layouts\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\database\odbc\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\pim\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\bitmaps\authoring_wiz\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\bitmaps\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\olsplugins\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Apps\Legal\"=""
"C:\Documents and Settings\All Users.WINXP\Application Data\Adobe\Photoshop Album\Catalogues\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\create\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\fix\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\nav\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\overview\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\organize\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\getphoto\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\generateditems\"=""
"C:\Program Files\Adobe\Photoshop Album Edition D\x00e9couverte\2.0\Shared_Assets\locales\fr_fr\getting_started\quick_guide\share\"=""
"C:\WINXP\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\"=""
"C:\Program Files\Adobe\Acrobat 6.0\"="1"
"C:\Program Files\Adobe\Acrobat 6.0\Reader\"="1"
"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\"=""
"C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\"=""
"C:\Program Files\Adobe\Acrobat 6.0\Resource\CMap\"=""
"C:\Program Files\Adobe\Acrobat 6.0\Resource\"=""
"C:\Program Files\Adobe\Acrobat 6.0\Resource\Font\"=""
"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Annotations\"=""
"C:\WINXP\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\"=""
"C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\"=""
"C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer\iTunes\SC Info\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer\iTunes\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer\"="1"
"C:\WINXP\Installer\{00FC6799-866E-44A1-A60C-DCF394CF56FD}\"=""
"C:\Program Files\Ontrack\EasyRecovery Professional Essai\"=""
"C:\Program Files\Ontrack\"=""
"C:\Program Files\Ontrack\EasyRecovery Professional Essai\Language\"=""
"C:\Program Files\Ontrack\SharedFiles\"=""
"C:\WINXP\Installer\{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93}\"=""
"C:\Program Files\Microsoft Office\OFFICE11\"="1"
"C:\Program Files\Fichiers communs\ODBC\Data Sources\"="1"
"C:\Program Files\Microsoft Office\OFFICE11\Biblioth\xe8que\"="1"
"C:\Program Files\Microsoft Office\OFFICE11\QUERIES\"="1"
"C:\Program Files\Microsoft Office\OFFICE11\XLSTART\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft\OFFICE\DATA\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft\OFFICE\"="1"
"C:\Program Files\Microsoft Office\OFFICE11\1036\011\"="1"
"C:\Program Files\Microsoft Office\OFFICE11\1036\"="1"
"C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\OFFICE\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft\MSDAIPP\OFFLINE\"="1"
"C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft\MSDAIPP\"="1"
"C:\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\LISTS\"="1"
"C:\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\"="1"
"C:\WINXP\PCHEALTH\ERRORREP\QHEADLES\"="1"
"C:\WINXP\PCHEALTH\ERRORREP\"="1"
"C:\WINXP\PCHEALTH\ERRORREP\QSIGNOFF\"="1"
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\MODI\11.0\DRIVERS\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\MODI\11.0\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\MODI\"=""
"C:\Program Files\Microsoft Office\OFFICE11\1033\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\LISTS\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Smart Tag\1036\"=""
"C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\"=""
"C:\Program Files\Microsoft Office\MEDIA\"=""
"C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1036\"=""
"C:\Program Files\Microsoft Office\MEDIA\OFFICE11\AUTOSHAP\"=""
"C:\Program Files\Microsoft Office\MEDIA\OFFICE11\"=""
"C:\Program Files\Microsoft Office\MEDIA\OFFICE11\BULLETS\"=""
"C:\Program Files\Microsoft Office\MEDIA\OFFICE11\LINES\"=""
"C:\Program Files\Microsoft Office\MEDIA\OFFICE11\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\AFTRNOON\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\ARCTIC\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\AXIS\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\BLENDS\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\BLUECALM\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\BREEZE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\CANYON\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\CAPSULES\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\CASCADE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\COMPASS\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\CONCRETE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\DEEPBLUE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\EDGE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\EVRGREEN\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\EXPEDITN\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\ICE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\IRIS\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\JOURNAL\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\NETWORK\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\PAPYRUS\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\PIXEL\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\PROFILE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\REFINED\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\RIPPLE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\SATIN\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\SKY\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\SLATE\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\SONORA\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\SPRING\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\SUMIPNTG\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\WATER\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\THEMES11\WATERMAR\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\MODI\11.0\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\60\BIN\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\60\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\MSORUN\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\DW\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\DW\1036\"=""
"C:\Program Files\Microsoft Office\OFFICE11\1036\DataServices\"=""
"C:\Program Files\Microsoft Office\OFFICE11\Migration\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Server Extensions\60\BIN\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\1033\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\1033\"=""
"C:\Program Files\Microsoft Office\OFFICE11\XLATORS\"=""
"C:\Program Files\Microsoft Office\OFFICE11\MEDIA\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\INK\"=""
"C:\Program Files\Microsoft Office\OFFICE11\ADDINS\"=""
"C:\Program Files\Fichiers communs\SYSTEM\OLE DB\resources\1033\"=""
"C:\Program Files\Fichiers communs\SYSTEM\OLE DB\resources\"=""
"C:\Program Files\Fichiers communs\SYSTEM\OLE DB\resources\1036\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\MSClientDataMgr\"=""
"C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\"=""
"C:\Documents and Settings\All Users.WINXP\Menu D\xe9marrer\Programmes\Microsoft Office\Outils Microsoft Office\"=""
"C:\Documents and Settings\All Users.WINXP\Menu D\xe9marrer\Programmes\Microsoft Office\"=""
"C:\WINXP\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\"=""
"C:\WINXP\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314600425}\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\"="1"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\"="1"
"C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\"="1"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\FRA\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\"=""
"C:\Program Files\Adobe\Acrobat 7.0\ActiveX\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\MPP\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Help\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\FRA\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Templates\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\images\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Resource\CMap\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Resource\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\PFM\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\FRA\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\ENU\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\FRA\Images\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\FRA\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\Javascripts\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\FRA\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\"=""
"C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\"=""
"C:\Program Files
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
J'oubliais, avec un nouveau hijack ! :)

++
0
kaktusrouge
 
Le rapport hijack :-) !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:33:05, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINXP\system32\pctspk.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
C:\WINXP\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.fr/?gws_rd=ssl"); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\ADMINISTRATEUR\Application Data\Mozilla\Profiles\default\wlzuudup.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINXP\system32\tnboslow.dll
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\RunOnce: [VundoFix] "C:\\vundofix.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2266] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9579] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [combofix] C:\WINXP\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINXP\system32\Macromed\Flash\GetFlash.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8325] command /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6463] cmd /c del "C:\WINXP\system32\winrzf32.dll_tobedeleted_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN (User '?')
O4 - HKUS\S-1-5-21-861567501-220523388-725345543-500\..\RunOnce: [DAEMON Tools 4.03 Setup] "C:\Documents and Settings\Administrateur\Mes documents\Utilitaires\daemon403-x86.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8CD391-D887-43D6-869C-589622ABB6BA}: NameServer = 86.64.145.141 84.103.237.141
O20 - AppInit_DLLs: x?sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINXP\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 6 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

o Prendre connaissance du contenu du lien suivant: http://www.f-secure.com/products/license-terms/eult_fra.pdf
o Vous avez donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que vous allez télécharger.
o Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
o Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
o Faire un clic droit sur navilog1.zip et choisir "tout extraire"
o Double-cliquez sur navilog1.bat
o Arriver au menu principal, choisir l'option 1 et valider.
o Patientez jusqu'au message : Analyse Termine le ...
o Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt), poste le stp
je verrai la suite demain !

++

0
Réponse 7 / 8
kaktusrouge
 
V'la le rapport chef !

Clean Navipromo version 2.0.5 commencé le 30/07/2007 à 0:42:17,90

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight

*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)

*** Suppression dossiers dans C:\WINXP ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\Documents and Settings\All Users.WINXP\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\Administrateur\Application Data ***

*** Suppression fichiers ***

C:\WINXP\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINXP\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\Local Settings\Temp effectué !

*** Sauvegarde du registre vers dossier Backupnavi***

sauvegarde du registre réalise avec succes !

*** Nettoyage registre ***

Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINXP\system32\uttss.bak1 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche et Suppression Heuristique :

*
**
C:\WINXP\System32\xdrfgvsjoi.dat trouvé !
Copie C:\WINXP\system32\xdrfgvsjoi.dat réalise avec succes !
C:\WINXP\system32\xdrfgvsjoi.dat supprimé !

***
****
*****
******
*******
********
C:\WINXP\System32\s2f.exe trouvé !
Copie C:\WINXP\system32\s2f.exe réalise avec succes !
C:\WINXP\system32\s2f.exe supprimé !

3)Contrôle présence clés Rootkit dans le registre :

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f"=C:\WINXP\system32\f.exe f trouvé !

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f"=C:\WINXP\system32\f.exe f trouvé !

Nettoyage complémentaire du registre....

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f"=C:\WINXP\system32\f.exe f !!ERREUR SUPPRESSION!!

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f"=C:\WINXP\system32\f.exe f !!ERREUR SUPPRESSION!!

4)Certificats :

*** Nettoyage termine le 30/07/2007 à 0:46:42,50 ***

J'attends les prochaines instructions ! ;-)
Merci et à demain
0
Réponse 8 / 8
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

tu es déjà passé à la suppression ( option 2 ) non ?

cherche et supprime le dossier en gras :

C:\WINXP

ensuite, reposte un hijack stp

++
0