(virus) infecté par virtumonde
miamiou
Messages postés
7
Statut
Membre
-
miamiou Messages postés 7 Statut Membre -
miamiou Messages postés 7 Statut Membre -
bonjour à tous
svp pourriez vous m'aider à virer l'adware virtumonde qui est actuellement sur mon pc
ci-joint rapport hijackthis
d'avance merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:48, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\HDD\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: https://www.impots.gouv.fr/
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB0F156-EA98-472F-A8F3-09EEE6226E29}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
svp pourriez vous m'aider à virer l'adware virtumonde qui est actuellement sur mon pc
ci-joint rapport hijackthis
d'avance merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:48, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\HDD\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: https://www.impots.gouv.fr/
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB0F156-EA98-472F-A8F3-09EEE6226E29}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- (virus) infecté par virtumonde
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Virus informatique - Guide
8 réponses
salut
Fais cette procedure : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Poste le rapport
Fais cette procedure : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Poste le rapport
scan avec vundo
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
et
https://www.broadcom.com/support/security-center
Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4
Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.
Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
puis :
virtumondebegone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
puis Symantec Vundo Remove Tool
https://www.broadcom.com/support/security-center
et
https://www.broadcom.com/support/security-center
bonjour
téléchargements effectués et ci-joint rapport vundo
VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 18:14:55 09/08/2007
Listing files found while scanning....
C:\windows\system32\mllmj.exe
Beginning removal...
Attempting to delete C:\windows\system32\mllmj.exe
C:\windows\system32\mllmj.exe Has been deleted!
Performing Repairs to the registry.
Done!
téléchargements effectués et ci-joint rapport vundo
VundoFix V6.5.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 18:14:55 09/08/2007
Listing files found while scanning....
C:\windows\system32\mllmj.exe
Beginning removal...
Attempting to delete C:\windows\system32\mllmj.exe
C:\windows\system32\mllmj.exe Has been deleted!
Performing Repairs to the registry.
Done!
une partie des vundo (virtumonde a été viré : encore des pbs?
si oui fait la suite
et
combofix (colle le rapport)
http://mickael.barroux.free.fr/securite/combofix.php
_________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
si il en reste donne le nom et les emplacement et colle un rapport hijackthis
si oui fait la suite
et
combofix (colle le rapport)
http://mickael.barroux.free.fr/securite/combofix.php
_________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
si il en reste donne le nom et les emplacement et colle un rapport hijackthis
ComboFix 07-08-09.3 - "HP_Propri‚taire" 2007-08-09 20:35:41.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\hgdaxv.dll
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\vxadgh.ini
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-09 20:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 19:25 <REP> d-------- C:\Navipromo
2007-08-09 17:51 <REP> d-------- C:\BFU
2007-08-09 12:24 <REP> d-------- C:\Program Files\Panda Security
2007-08-08 14:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-08 14:03 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-08 12:04 <REP> d-------- C:\!KillBox
2007-08-07 23:36 <REP> d-------- C:\HDD
2007-08-07 18:06 853 --a------ C:\reboot.cmd
2007-08-07 18:06 68,096 --a------ C:\diff.exe
2007-08-07 18:06 103,424 --a------ C:\grep.exe
2007-08-07 16:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 16:09 <REP> d-------- C:\VundoFix Backups
2007-08-07 14:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-08-06 23:05 <REP> d-------- C:\temp
2007-08-06 18:08 <REP> d-------- C:\Program Files\Skyline
2007-08-06 11:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
2007-08-03 23:47 <REP> d-------- C:\Program Files\MiniCap
2007-08-03 23:40 <REP> d-------- C:\Program Files\MaxCapture
2007-08-03 23:34 <REP> d-------- C:\Program Files\Spy Shot
2007-08-03 21:33 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-08-03 21:33 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-08-03 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-08-01 23:16 <REP> d-------- C:\Program Files\Real Alternative
2007-08-01 23:16 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Real
2007-08-01 23:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-08-01 23:12 <REP> d-------- C:\Program Files\QuickTime Alternative
2007-08-01 22:51 <REP> d-------- C:\Program Files\CamStudio
2007-08-01 21:54 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Media Player Classic
2007-08-01 18:21 <REP> d-------- C:\Program Files\Capturino 1.4
2007-08-01 14:48 <REP> d-------- C:\Program Files\PrintKey 2000 Fr
2007-08-01 12:23 <REP> d-------- C:\Program Files\WinAVI Video Capture
2007-07-30 19:39 <REP> d-------- C:\Program Files\Team MediaPortal
2007-07-28 10:02 <REP> d-------- C:\Program Files\Wallpaper
2007-07-27 21:42 <REP> d-------- C:\MyBackup
2007-07-27 21:34 <REP> d-------- C:\Program Files\Premium Booster
2007-07-23 12:51 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-23 12:51 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-23 12:51 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-23 12:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-23 12:51 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-23 12:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-23 12:51 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-22 21:35 5 --ahs---- C:\WINDOWS\system32\ebebcab_g.dll
2007-07-22 21:34 <REP> d-------- C:\Program Files\RegSupreme
2007-07-16 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ma-config.com
2007-07-12 12:19 <REP> d-------- C:\Program Files\Aide m‚moire
2007-07-10 00:02 1,013,406 ---hs---- C:\WINDOWS\uwaddd.ini2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-09 20:41 --------- d-------- C:\Program Files\Wanadoo
2007-08-09 15:04 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Skype
2007-08-09 12:25 11910 --a------ C:\WINDOWS\mozver.dat
2007-08-06 19:14 179 --a------ C:\handle.dat
2007-08-06 18:24 --------- d-------- C:\Program Files\Google
2007-08-06 14:50 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\OpenOffice.org2
2007-08-05 23:19 --------- d-------- C:\Program Files\CartaGoGo
2007-08-03 14:06 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-01 22:21 --------- d-------- C:\Program Files\Apple Software Update
2007-07-31 23:55 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ESTsoft
2007-07-30 14:01 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Wallpaper
2007-07-29 17:46 --------- d-------- C:\Program Files\Paint.NET
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-23 12:51 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-22 23:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-19 19:19 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-07-19 19:07 --------- d-------- C:\Program Files\Opera
2007-07-12 11:56 78192 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-12 11:56 55596 --a------ C:\WINDOWS\system32\perfc040.dat
2007-07-12 11:56 474410 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-12 11:56 419608 --a------ C:\WINDOWS\system32\perfh040.dat
2007-07-07 00:19 4952 -rahs---- C:\bootfont.bin
2007-07-07 00:02 24576 -r-hs---- C:\bootwiz.sys
2007-07-05 23:52 1079808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-07-01 23:33 --------- d-------- C:\Program Files\Movie Maker
2007-07-01 23:28 219648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-07-01 23:28 219648 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-07-01 23:28 133359 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-01 23:28 121 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-01 23:18 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ViStart
2007-06-30 23:52 --------- d-------- C:\Program Files\FeedReader30
2007-06-30 23:31 --------- d-------- C:\Program Files\Picasa2
2007-06-22 22:57 --------- d-------- C:\Program Files\Zylom Games
2007-06-20 19:31 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Spamihilator
2007-06-19 21:42 --------- d-------- C:\Program Files\Gcompris
2007-06-18 23:06 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\eXPert PDF Editor
2007-06-17 23:33 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\RTPlayer
2007-06-15 23:12 --------- d-------- C:\Program Files\Windows Defender
2007-06-15 22:35 --------- d-------- C:\Program Files\Fichiers communs\Agnitum Shared
2007-06-15 21:34 --------- d-------- C:\Program Files\Agnitum
2007-06-13 21:34 --------- d-------- C:\Program Files\Visagesoft
2007-05-28 22:51 8443 --------- C:\WINDOWS\system32\vtsqnnk.dll
2007-05-27 18:59 0 --ahs---- C:\CONFIG.SYS
2007-05-27 18:59 0 --ahs---- C:\AUTOEXEC.BAT
2007-05-27 18:57 23756 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 17:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-11 16:39 4082 --a--c--- C:\DOCUME~1\HP_PRO~1\APPLIC~1\wklnhst.dat
2007-01-17 20:10 22845992 --a------ C:\Program Files\AdbeRdr80_fr_FR.exe
2007-01-17 19:18 7218088 --a------ C:\Program Files\psa30se_fr_fr.exe
2006-12-12 01:21 1567504 --a------ C:\Program Files\WinRAR.rar
2005-09-23 13:46 97 --a------ C:\Program Files\VERSION
2005-05-12 07:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
--------- C:\Program Files\WebAnimé
--------- C:\Program Files\Aide mémoire
2005-12-19 09:30:31 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 18:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2006-04-27 17:14]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 16:32]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 15:08]
"Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-07-29 01:09]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Aide m‚moire.lnk - C:\Program Files\Aide m‚moire\TrayIcon.exe [2007-07-12 12:19:05 ]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=00000000
"NoChangeStartMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\vtsqnnk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Launchy.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Lancer le Gestionnaire Internet.lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Lancer le Gestionnaire Internet.lnk
backup=C:\WINDOWS\pss\Lancer le Gestionnaire Internet.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
c:\documents and settings\hp_propriétaire\mes documents\marc\bureaudepoche\monbureau\programmes\xmule_launcher\emule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Fichiers communs\Micro Application\Partition Suite\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\hgdaxv.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPic]
C:\Program Files\SmartPic\SmartPic.exe /minime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 SNMP;Service SNMP;C:\WINDOWS\System32\snmp.exe
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
R3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
S3 MPE;Filtre BDA MPE;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 SNMPTRAP;Service d'interruption SNMP;C:\WINDOWS\System32\snmptrap.exe
S3 StillCam;Pilote d'appareil photo numérique série;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
Contents of the 'Scheduled Tasks' folder
2007-08-04 11:00:00 C:\WINDOWS\Tasks\analyse antivirus avast.job
2007-08-06 11:00:00 C:\WINDOWS\Tasks\defrag.job - C:\WINDOWS\system32\defrag.exe
2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-09 18:29:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-07-17 07:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 20:41:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Document Viewer]
"UninstallString"="C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat"
"DisplayName"="HP Document Viewer 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions]
"UninstallString"="C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat"
"DisplayName"="HP Imaging Device Functions 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging]
"UninstallString"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat"
"DisplayName"="HP Image Zone 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools]
"UninstallString"="C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat"
"DisplayName"="HP Solution Center & Imaging Support Tools 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\Setup.ilg"
"StatusText"="L'installation easy Internet sign-up pr\xe9pare InstallShield Wizard, lequel vous guidera pour l'installation du logiciel. Veuillez patienter."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{AB61A692-5543-4C48-979B-8CEA1C52FE9C}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{AB61A692-5543-4C48-979B-8CEA1C52FE9C}\Setup.ilg"
"StatusText"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\Setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\Setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]
"DisplayName"="NVIDIA Drivers"
"UninstallString"="C:\WINDOWS\system32\nvudisp.exe UninstallGUI"
"UninstDataVerified"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers\SubComponents]
"nvdisp.nvu"="NVIDIA Display Driver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pywin32-py2.2]
"DisplayName"="Python 2.2 pywin32 extensions (build 203)"
"UninstallString"=""C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
"QuietDisplayName"="Shockwave Flash"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5"
"RequiresIESysFile"="4.70.0.1155"
"DisplayName"="Adobe Flash Player 9 ActiveX"
"UninstallString"="C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q"
"Publisher"="Adobe Systems"
"DisplayVersion"="9"
"VersionMajor"="9"
"VersionMinor"="0"
"HelpLink"="https://helpx.adobe.com/flash-player.html"
"URLUpdateInfo"="https://www.adobe.com/products/flashplayer.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
"DisplayName"="Windows Media Format Runtime"
"UninstallString"=""C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll"
"DisplayIcon"="C:\Program Files\Windows Media Player\wmplayer.exe"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows Updates"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]
"DisplayName"="Lecteur Windows Media\x00a010"
"UninstallString"=""C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall"
"DisplayIcon"="C:\Program Files\Windows Media Player\wmplayer.exe"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows Updates"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}]
"UninstallString"=""C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL"
"LogFile"="C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.ilg"
"UninstallPath"=str(2):""C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL"
"InstallLocation"=str(2):"C:\Program Files\InterVideo\Home Theater"
"Publisher"=str(2):"InterVideo Inc."
"VersionMajor"=dword:00000006
"VersionMinor"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}]
"UninstallString"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat"
"DisplayName"="HP Photosmart 330,380,420,470,7800,8000,8200 Series"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe,0"
"DisplayVersion"="8.1"
"Publisher"="HP"
"URLUpdateInfo"="https://support.hp.com/us-en?openCLC=true"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3912A629-0020-0005-3757-2FBA74D4DF0A}]
"DisplayName"="InterVideo WinDVD Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43B402B3-0027-0002-3757-3015BD2DE2CD}]
"DisplayName"="Home Theater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}]
"UninstallString"=""C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat"
"DisplayName"="HP PSC & OfficeJet 5.3.B"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe,0"
"Publisher"="HP"
"URLUpdateInfo"="https://support.hp.com/us-en?openCLC=true"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL"
"LogFile"="C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}]
"UninstallString"=""C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL"
"DisplayName"="InterVideo WinDVD Player"
"LogFile"="C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.ilg"
"UninstallPath"=str(2):""C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL"
"InstallLocation"=str(2):"C:\Program Files\InterVideo\WinDVD"
"Publisher"=str(2):"InterVideo Inc."
"VersionMajor"=dword:00000005
"VersionMinor"=dword:00000000
"NoRemove"=dword:00000000
"NoRepair"=dword:00000001
"NoModify"=dword:00000001
"HelpLink"="https://www.windvdpro.com/fr/"
"URLUpdateInfo"="https://www.windvdpro.com/fr/"
"Contact"="support@intervideo.com"
"Comments"=""
"DisplayVersion"="5.0-B11.896"
"DisplayIcon"=""C:\Program Files\InterVideo\WinDVD\WinDVD.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL"
"LogFile"="C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}]
"UninstallString"="C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat"
"DisplayName"="HP Appareils photos Photosmart 5.0"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe,0"
"DisplayVersion"="5.0"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://www8.hp.com/fr/fr/home.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7514465-E5F3-48E9-A952-327DAEF33DE6}]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL"
"DisplayName"="InterVideo Home Theater"
"LogFile"="C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.ilg"
"DisplayIcon"="C:\Program Files\InterVideo\Home Theater\IHT.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\OpenWithProgids]
"iTunes.itms"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf\OpenWithProgids]
"IVFfile"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids]
"QuickTime.mov"=hex(0):
"RealPlayer.qt.6"=hex(0):
"VLC.mov"=hex(0):
scanning hidden files ...
C:\WINDOWS\system32\ddccy.exe
scan completed successfully
hidden files: 1
**************************************************************************
Completion time: 2007-08-09 20:44:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 20:43
--- E O F ---
scan en ligne fait avec panda et je n'ai pas su recuperer le log,un adware virtumonde nettoyé et mis en quarantaine
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\hgdaxv.dll
C:\WINDOWS\system32\awvvs.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ssqpn.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\vxadgh.ini
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-09 20:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 19:25 <REP> d-------- C:\Navipromo
2007-08-09 17:51 <REP> d-------- C:\BFU
2007-08-09 12:24 <REP> d-------- C:\Program Files\Panda Security
2007-08-08 14:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-08 14:03 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-08 12:04 <REP> d-------- C:\!KillBox
2007-08-07 23:36 <REP> d-------- C:\HDD
2007-08-07 18:06 853 --a------ C:\reboot.cmd
2007-08-07 18:06 68,096 --a------ C:\diff.exe
2007-08-07 18:06 103,424 --a------ C:\grep.exe
2007-08-07 16:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 16:09 <REP> d-------- C:\VundoFix Backups
2007-08-07 14:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-08-06 23:05 <REP> d-------- C:\temp
2007-08-06 18:08 <REP> d-------- C:\Program Files\Skyline
2007-08-06 11:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
2007-08-03 23:47 <REP> d-------- C:\Program Files\MiniCap
2007-08-03 23:40 <REP> d-------- C:\Program Files\MaxCapture
2007-08-03 23:34 <REP> d-------- C:\Program Files\Spy Shot
2007-08-03 21:33 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-08-03 21:33 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-08-03 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-08-01 23:16 <REP> d-------- C:\Program Files\Real Alternative
2007-08-01 23:16 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Real
2007-08-01 23:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-08-01 23:12 <REP> d-------- C:\Program Files\QuickTime Alternative
2007-08-01 22:51 <REP> d-------- C:\Program Files\CamStudio
2007-08-01 21:54 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Media Player Classic
2007-08-01 18:21 <REP> d-------- C:\Program Files\Capturino 1.4
2007-08-01 14:48 <REP> d-------- C:\Program Files\PrintKey 2000 Fr
2007-08-01 12:23 <REP> d-------- C:\Program Files\WinAVI Video Capture
2007-07-30 19:39 <REP> d-------- C:\Program Files\Team MediaPortal
2007-07-28 10:02 <REP> d-------- C:\Program Files\Wallpaper
2007-07-27 21:42 <REP> d-------- C:\MyBackup
2007-07-27 21:34 <REP> d-------- C:\Program Files\Premium Booster
2007-07-23 12:51 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-07-23 12:51 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-23 12:51 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-23 12:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-23 12:51 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-23 12:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-23 12:51 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-22 21:35 5 --ahs---- C:\WINDOWS\system32\ebebcab_g.dll
2007-07-22 21:34 <REP> d-------- C:\Program Files\RegSupreme
2007-07-16 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ma-config.com
2007-07-12 12:19 <REP> d-------- C:\Program Files\Aide m‚moire
2007-07-10 00:02 1,013,406 ---hs---- C:\WINDOWS\uwaddd.ini2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-09 20:41 --------- d-------- C:\Program Files\Wanadoo
2007-08-09 15:04 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Skype
2007-08-09 12:25 11910 --a------ C:\WINDOWS\mozver.dat
2007-08-06 19:14 179 --a------ C:\handle.dat
2007-08-06 18:24 --------- d-------- C:\Program Files\Google
2007-08-06 14:50 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\OpenOffice.org2
2007-08-05 23:19 --------- d-------- C:\Program Files\CartaGoGo
2007-08-03 14:06 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-01 22:21 --------- d-------- C:\Program Files\Apple Software Update
2007-07-31 23:55 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ESTsoft
2007-07-30 14:01 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Wallpaper
2007-07-29 17:46 --------- d-------- C:\Program Files\Paint.NET
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-23 12:51 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-07-22 23:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-19 19:19 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-07-19 19:07 --------- d-------- C:\Program Files\Opera
2007-07-12 11:56 78192 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-12 11:56 55596 --a------ C:\WINDOWS\system32\perfc040.dat
2007-07-12 11:56 474410 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-12 11:56 419608 --a------ C:\WINDOWS\system32\perfh040.dat
2007-07-07 00:19 4952 -rahs---- C:\bootfont.bin
2007-07-07 00:02 24576 -r-hs---- C:\bootwiz.sys
2007-07-05 23:52 1079808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-07-01 23:33 --------- d-------- C:\Program Files\Movie Maker
2007-07-01 23:28 219648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-07-01 23:28 219648 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-07-01 23:28 133359 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-01 23:28 121 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-01 23:18 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ViStart
2007-06-30 23:52 --------- d-------- C:\Program Files\FeedReader30
2007-06-30 23:31 --------- d-------- C:\Program Files\Picasa2
2007-06-22 22:57 --------- d-------- C:\Program Files\Zylom Games
2007-06-20 19:31 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Spamihilator
2007-06-19 21:42 --------- d-------- C:\Program Files\Gcompris
2007-06-18 23:06 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\eXPert PDF Editor
2007-06-17 23:33 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\RTPlayer
2007-06-15 23:12 --------- d-------- C:\Program Files\Windows Defender
2007-06-15 22:35 --------- d-------- C:\Program Files\Fichiers communs\Agnitum Shared
2007-06-15 21:34 --------- d-------- C:\Program Files\Agnitum
2007-06-13 21:34 --------- d-------- C:\Program Files\Visagesoft
2007-05-28 22:51 8443 --------- C:\WINDOWS\system32\vtsqnnk.dll
2007-05-27 18:59 0 --ahs---- C:\CONFIG.SYS
2007-05-27 18:59 0 --ahs---- C:\AUTOEXEC.BAT
2007-05-27 18:57 23756 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 17:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-11 16:39 4082 --a--c--- C:\DOCUME~1\HP_PRO~1\APPLIC~1\wklnhst.dat
2007-01-17 20:10 22845992 --a------ C:\Program Files\AdbeRdr80_fr_FR.exe
2007-01-17 19:18 7218088 --a------ C:\Program Files\psa30se_fr_fr.exe
2006-12-12 01:21 1567504 --a------ C:\Program Files\WinRAR.rar
2005-09-23 13:46 97 --a------ C:\Program Files\VERSION
2005-05-12 07:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
--------- C:\Program Files\WebAnimé
--------- C:\Program Files\Aide mémoire
2005-12-19 09:30:31 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 18:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2006-04-27 17:14]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 16:32]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 15:08]
"Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-07-29 01:09]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Aide m‚moire.lnk - C:\Program Files\Aide m‚moire\TrayIcon.exe [2007-07-12 12:19:05 ]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=00000000
"NoChangeStartMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\vtsqnnk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Launchy.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Lancer le Gestionnaire Internet.lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Lancer le Gestionnaire Internet.lnk
backup=C:\WINDOWS\pss\Lancer le Gestionnaire Internet.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
c:\documents and settings\hp_propriétaire\mes documents\marc\bureaudepoche\monbureau\programmes\xmule_launcher\emule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Fichiers communs\Micro Application\Partition Suite\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\hgdaxv.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPic]
C:\Program Files\SmartPic\SmartPic.exe /minime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"=ALCXMNTR.EXE
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 SNMP;Service SNMP;C:\WINDOWS\System32\snmp.exe
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
R3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
S3 MPE;Filtre BDA MPE;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 SNMPTRAP;Service d'interruption SNMP;C:\WINDOWS\System32\snmptrap.exe
S3 StillCam;Pilote d'appareil photo numérique série;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
Contents of the 'Scheduled Tasks' folder
2007-08-04 11:00:00 C:\WINDOWS\Tasks\analyse antivirus avast.job
2007-08-06 11:00:00 C:\WINDOWS\Tasks\defrag.job - C:\WINDOWS\system32\defrag.exe
2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-09 18:29:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-07-17 07:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 20:41:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000eda
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Document Viewer]
"UninstallString"="C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat"
"DisplayName"="HP Document Viewer 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions]
"UninstallString"="C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat"
"DisplayName"="HP Imaging Device Functions 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging]
"UninstallString"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat"
"DisplayName"="HP Image Zone 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools]
"UninstallString"="C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat"
"DisplayName"="HP Solution Center & Imaging Support Tools 5.3"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe,0"
"DisplayVersion"="5.3"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\Setup.ilg"
"StatusText"="L'installation easy Internet sign-up pr\xe9pare InstallShield Wizard, lequel vous guidera pour l'installation du logiciel. Veuillez patienter."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{AB61A692-5543-4C48-979B-8CEA1C52FE9C}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{AB61A692-5543-4C48-979B-8CEA1C52FE9C}\Setup.ilg"
"StatusText"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\Setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
"LogFile"="C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\Setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]
"DisplayName"="NVIDIA Drivers"
"UninstallString"="C:\WINDOWS\system32\nvudisp.exe UninstallGUI"
"UninstDataVerified"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers\SubComponents]
"nvdisp.nvu"="NVIDIA Display Driver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pywin32-py2.2]
"DisplayName"="Python 2.2 pywin32 extensions (build 203)"
"UninstallString"=""C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
"QuietDisplayName"="Shockwave Flash"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5"
"RequiresIESysFile"="4.70.0.1155"
"DisplayName"="Adobe Flash Player 9 ActiveX"
"UninstallString"="C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q"
"Publisher"="Adobe Systems"
"DisplayVersion"="9"
"VersionMajor"="9"
"VersionMinor"="0"
"HelpLink"="https://helpx.adobe.com/flash-player.html"
"URLUpdateInfo"="https://www.adobe.com/products/flashplayer.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
"DisplayName"="Windows Media Format Runtime"
"UninstallString"=""C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll"
"DisplayIcon"="C:\Program Files\Windows Media Player\wmplayer.exe"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows Updates"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]
"DisplayName"="Lecteur Windows Media\x00a010"
"UninstallString"=""C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall"
"DisplayIcon"="C:\Program Files\Windows Media Player\wmplayer.exe"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows Updates"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}]
"UninstallString"=""C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL"
"LogFile"="C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.ilg"
"UninstallPath"=str(2):""C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL"
"InstallLocation"=str(2):"C:\Program Files\InterVideo\Home Theater"
"Publisher"=str(2):"InterVideo Inc."
"VersionMajor"=dword:00000006
"VersionMinor"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}]
"UninstallString"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat"
"DisplayName"="HP Photosmart 330,380,420,470,7800,8000,8200 Series"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe,0"
"DisplayVersion"="8.1"
"Publisher"="HP"
"URLUpdateInfo"="https://support.hp.com/us-en?openCLC=true"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3912A629-0020-0005-3757-2FBA74D4DF0A}]
"DisplayName"="InterVideo WinDVD Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43B402B3-0027-0002-3757-3015BD2DE2CD}]
"DisplayName"="Home Theater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}]
"UninstallString"=""C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat"
"DisplayName"="HP PSC & OfficeJet 5.3.B"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe,0"
"Publisher"="HP"
"URLUpdateInfo"="https://support.hp.com/us-en?openCLC=true"
"HelpLink"="https://support.hp.com/us-en?openCLC=true"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL"
"LogFile"="C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}]
"UninstallString"=""C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL"
"DisplayName"="InterVideo WinDVD Player"
"LogFile"="C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.ilg"
"UninstallPath"=str(2):""C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL"
"InstallLocation"=str(2):"C:\Program Files\InterVideo\WinDVD"
"Publisher"=str(2):"InterVideo Inc."
"VersionMajor"=dword:00000005
"VersionMinor"=dword:00000000
"NoRemove"=dword:00000000
"NoRepair"=dword:00000001
"NoModify"=dword:00000001
"HelpLink"="https://www.windvdpro.com/fr/"
"URLUpdateInfo"="https://www.windvdpro.com/fr/"
"Contact"="support@intervideo.com"
"Comments"=""
"DisplayVersion"="5.0-B11.896"
"DisplayIcon"=""C:\Program Files\InterVideo\WinDVD\WinDVD.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL"
"LogFile"="C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.ilg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}]
"UninstallString"="C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat"
"DisplayName"="HP Appareils photos Photosmart 5.0"
"DisplayIcon"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe,0"
"DisplayVersion"="5.0"
"Publisher"="HP"
"URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
"HelpLink"="https://www8.hp.com/fr/fr/home.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7514465-E5F3-48E9-A952-327DAEF33DE6}]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL"
"DisplayName"="InterVideo Home Theater"
"LogFile"="C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.ilg"
"DisplayIcon"="C:\Program Files\InterVideo\Home Theater\IHT.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\OpenWithProgids]
"iTunes.itms"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf\OpenWithProgids]
"IVFfile"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids]
"QuickTime.mov"=hex(0):
"RealPlayer.qt.6"=hex(0):
"VLC.mov"=hex(0):
scanning hidden files ...
C:\WINDOWS\system32\ddccy.exe
scan completed successfully
hidden files: 1
**************************************************************************
Completion time: 2007-08-09 20:44:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 20:43
--- E O F ---
scan en ligne fait avec panda et je n'ai pas su recuperer le log,un adware virtumonde nettoyé et mis en quarantaine
etape 1: je n'arrive pas à enregitrer le lien:http://metallica.geekstogo.com/EGDACCESS:comment dois je faire?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bouton droit enregistrer la cible du lien sous en utilisant firefox
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:57, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\HDD\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: https://www.impots.gouv.fr/
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Scan saved at 20:27:57, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\HDD\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: https://www.impots.gouv.fr/
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Salut,
1°) Ouvre hijackthis et coche
Télécharge Blacklight (de F-Secure) a l’une des 2 adresses
https://www.f-secure.com/en
https://www.f-secure.com/en
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
1°) Ouvre hijackthis et coche
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
Télécharge Blacklight (de F-Secure) a l’une des 2 adresses
https://www.f-secure.com/en
https://www.f-secure.com/en
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
salut
A priori avast ne signale plus adware virtumonde
08/10/07 11:22:43 [Info]: BlackLight Engine 1.0.64 initialized
08/10/07 11:22:43 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/10/07 11:22:43 [Note]: 7019 4
08/10/07 11:22:43 [Note]: 7005 0
08/10/07 11:23:58 [Note]: 7006 0
08/10/07 11:23:58 [Note]: 7011 2020
08/10/07 11:23:58 [Note]: 7026 0
08/10/07 11:23:58 [Note]: 7026 0
08/10/07 11:24:01 [Note]: FSRAW library version 1.7.1022
08/10/07 11:33:24 [Note]: 7007 0
A priori avast ne signale plus adware virtumonde
08/10/07 11:22:43 [Info]: BlackLight Engine 1.0.64 initialized
08/10/07 11:22:43 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/10/07 11:22:43 [Note]: 7019 4
08/10/07 11:22:43 [Note]: 7005 0
08/10/07 11:23:58 [Note]: 7006 0
08/10/07 11:23:58 [Note]: 7011 2020
08/10/07 11:23:58 [Note]: 7026 0
08/10/07 11:23:58 [Note]: 7026 0
08/10/07 11:24:01 [Note]: FSRAW library version 1.7.1022
08/10/07 11:33:24 [Note]: 7007 0
