Probleme de plantage,vraiment besoin d'aide.Fermé

Question

Bonjour,voila je vien vers vous parce que cela fais quelques jours que je galere.
Voila mon PC plante des qu'on ouvre une cession,peu importe l'utilisateur,ca plante.Donc je n'ai plus acces a mes programmes bref c'est chiant.
Heureusement mon pere lorsqu'il avai installé Windows XP l'avais installé 2 fois et n'avais jamais pris le temp de supprimé le 2em windows xp et donc c'est en passant par la que j'ai quand meme acces au net.
ET donc depuis quelques jours je fais des analyse antivirus (je possede avast) que je fais des scan via secuser ou autres,et que je supprime tout ce que les logiciels antivirus trouvent mais que rien ne s'arrange.Ca continue de planter si je vais dans la partie ou il y a tout d'installé et meme dans la partie ou j'ai acces au net ca rame et pas mal de fenetre me demandant d'installer WinAntivirusPro 2006 ou ancore WinAntiSpyware s'ouvrent bref j'aimerais bien sortir de tout ca.

J'ai trouvé comme virus Dialer970 (ou 790 je ne sait plus) et dans mes programmes recemment installé (vous savez quand on clic sur "Demarrer" puis qu'on va dans "Tous les programmes" j'en est un du nom de Del et quand je met ma souris dessus ca affiche "Internet Dialer".

Je vous met le rapport Hijackthis que je vien de faire:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\attrib.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\PIERROT\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\attrib.exe
O2 - BHO: (no name) - {02129DF5-3B05-4C9C-8AC4-A972EB859637} - C:\WINDOWS\System32\pmnnn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\gebcywt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - Winlogon Notify: gebcywt - C:\WINDOWS\SYSTEM32\gebcywt.dll
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: urqqron - C:\WINDOWS\SYSTEM32\urqqron.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: attrib - Unknown owner - C:\WINDOWS\attrib.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Utilisateur anonyme · Answer

Bonjour

Télécharge SDFix sur ton bureau 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume) 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.


ET


Télécharge Ad-Fix
http://home.tele2.fr/gchrispage/index/download/divers/Ad-Fix.zip

Dézippe tout le contenu dans le même dossier.
Clic sur Ad-Fix.bat et choisis l'otpion 1
Soit patient. 
A la fin du scan un rapport va s'ouvrir copie et colle le contenu ici.

julienEVO6 · Answer

Hello voila deja le rapport de SDFix,je ferais celui de AD fix plus tard:

SDFix: Version 1.101

Run by PIERROT on 30/08/2007 at 19:36

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\PIERROT\Bureau\SDFix\SDFix

Safe Mode:
Checking Services: 

Name:
DomainService

ImagePath:
C:\WINDOWS\System32\lwcqlicf.exe /service

DomainService - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CKKYBNK.EXE - Deleted


Folder C:\Program Files\Fichiers communs\delsim - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\PIERROT\Bureau\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\attrib.exe
C:\WINDOWS\system32\bdksuffw.exe
C:\WINDOWS\system32\chunnkgs.exe
C:\WINDOWS\system32\csmnjza.exe
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\system32\cyioc.exe
C:\WINDOWS\system32\dqsrrnn.exe
C:\WINDOWS\system32\evueki.exe
C:\WINDOWS\system32\jbitl.exe
C:\WINDOWS\system32\jergwvm.exe
C:\WINDOWS\system32\kand.exe
C:\WINDOWS\system32\kbumlrd.exe
C:\WINDOWS\system32\khlvwoj.exe
C:\WINDOWS\system32\lnffknqe.exe
C:\WINDOWS\system32\mirkrrx.exe
C:\WINDOWS\system32\omlebde.exe
C:\WINDOWS\system32\pipfpvpl.exe
C:\WINDOWS\system32	phm.exe
C:\WINDOWS\system32\wzhawmr.exe
C:\WINDOWS\system32\ynkvwfq.exe
C:\WINDOWS\system32\ysxhsna.exe

                                 Finished

Utilisateur anonyme · Answer

Ok, ça semble pas triste :-)

julienEVO6 · Answer

Arfff!!
Bon voici le scan Ad Fix:
 
         Ad-Fix v0.101a
         by gchris
 
 
OPTION 1 (Scan) :
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

                  Démarré à : 

23:40:52,07 30/08/2007  


                  Executé depuis : 

C:\Documents and Settings\PIERROT\Bureau\SDFix\Ad-Fix


                  Os : 

Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
            Recherche de fichier manquant
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
           Fichiers cachés (pas forcément mauvais)
 
 
    .exe dans System32 :

C:\WINDOWS\SYSTEM32\
   bdksuffw.exe   Sun 26 Aug 2007  21:48:26   A..H.         45 056    44,00 K
   chunnkgs.exe   Thu 23 Aug 2007  21:36:24   A..H.         25 504    24,91 K
   csmnjza.exe    Thu 23 Aug 2007  21:36:30   A..H.         10 884    10,63 K
   cyioc.exe      Thu 23 Aug 2007  21:39:40   A..H.         48 180    47,05 K
   dqsrrnn.exe    Thu 23 Aug 2007  21:59:56   A..H.         39 420    38,50 K
   evueki.exe     Thu 23 Aug 2007  21:37:40   A..H.         35 770    34,93 K
   jbitl.exe      Thu 23 Aug 2007  21:18:38   A..H.         26 868    26,24 K
   kand.exe       Thu 23 Aug 2007  21:15:58   A..H.         54 440    53,16 K
   kbumlrd.exe    Thu 23 Aug 2007  21:38:32   A..H.         31 390    30,65 K
   khlvwoj.exe    Thu 23 Aug 2007  21:39:34   A..H.         49 056    47,91 K
   lnffknqe.exe   Thu 23 Aug 2007  21:37:32   A..H.         34 898    34,08 K
   omlebde.exe    Thu 23 Aug 2007  21:18:10   A..H.         56 772    55,44 K
   pipfpvpl.exe   Thu 23 Aug 2007  21:17:18   A..H.          7 158     6,99 K
   rswv.exe       Thu 30 Aug 2007  19:46:28   A..H.         38 912    38,00 K
   tphm.exe       Thu 23 Aug 2007  21:19:18   A..H.         10 732    10,48 K
   wzhawmr.exe    Sun 26 Aug 2007  23:43:44   A..H.         29 864    29,16 K
   ynkvwfq.exe    Thu 23 Aug 2007  21:29:24   A..H.          4 380     4,28 K
   ysxhsna.exe    Tue 28 Aug 2007  22:02:58   A..H.          4 162     4,06 K

18 items found:  18 files, 0 directories.
   Total of file sizes:  553 446 bytes    540,47 K
 
    .dll dans System32 :

No matches found.
 
    .dat dans System32 :

No matches found.
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
           Analyse du registre
 

---------- USER AGENT -- POST PLATFORM

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

----------

----------  AppInit_DLLs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

----------
 
 
   Complete!
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
           Recherche de fichiers et dossiers
 
 
C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe     Détecté !
C:\WINDOWS\Downloaded Program Files\CONFLICT.?     Détecté !
C:\WINDOWS\Downloaded Program Files\CONFLICT.??     Détecté !
 
 
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Terminé à 23:45:16,20 


A vous de jouez :D

Utilisateur anonyme · Answer

ok, 
Redémarre en mode sans échec, (en tapotant F8 au démarrage). 

Lance de nouveau Ad-Fix 
Choisis l'option 2 
Le bureau ou les icônes vont disparaître, c'est normal. 
Quand c'est terminé, presse la touche "entrée" pour redémarrer l'ordinateur. 

Une fois redémarré, navigue dans le dossier Ad-Fix 
Double-clic sur le fichier "view_log.bat" ou "view_log" 
Et copie-colle ici, le contenu du nouveau rapport.


Ensuite, 
¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 30 days
- Registry Run Key
- installed applications

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.


Puis on supprimera les bestioles exotiques ;-)

julienEVO6 · Answer

Salut,quand je fais l'option 2 pour ADFix ca me lance un nettoyage du disque mais ca plante ,alors comme il est ecrit de faire annuler si ca plante et bien je fais annuler.Alors ADFix reprend mais reste bloqué sur "Supression des fichiers temporaires" veuillez patienter...
J'ai laisser en route toute la nuit je pense que j'ai assez patienter lol mais ca n'a plus avance.
Donc que faire ?
merci :(

Utilisateur anonyme · Answer

Fais la 2ème chose on reviendra dessus après ;-)

julienEVO6 · Answer

SystemScan - www.suspectfile.com - ver. 3.2.0 Running on: Windows XP HOME Edition (2600.5.1) System directory: C:\WINDOWS Date: 31/08/2007 Time: 19:43:40 Output limited to: -Recent files -Registry Run Keys -Installed Applications ===================== Recent files (30 days old)===================== ----- recent files in C:\ 23/08/2007 21:08:39 314 byte 8 days old -- boot.ini 23/08/2007 21:22:22 (DIR) 0 byte 8 days old -- System Volume Information 23/08/2007 22:07:50 (DIR) 0 byte 8 days old -- RECYCLER 24/08/2007 22:13:57 (DIR) 0 byte 7 days old -- Downloads 24/08/2007 22:56:19 (DIR) 0 byte 7 days old -- WA7PV 29/08/2007 22:11:48 (DIR) 0 byte 2 days old -- Documents and Settings 30/08/2007 23:12:52 (DIR) 0 byte 1 days old -- Program Files 31/08/2007 00:05:56 (DIR) 0 byte 0 days old -- WINDOWS 31/08/2007 00:45:31 1197 byte 0 days old -- Ad-Fix.cmd 31/08/2007 00:45:31 1161 byte 0 days old -- Ad-Fix.txt 31/08/2007 19:40:12 402653184 byte 0 days old -- pagefile.sys 31/08/2007 19:43:40 (DIR) 0 byte 0 days old -- suspectfile ----- recent files in C:\WINDOWS\ 23/08/2007 21:10:16 (DIR) 0 byte 8 days old -- Cursors 23/08/2007 21:11:15 37 byte 8 days old -- vbaddin.ini 23/08/2007 21:11:15 36 byte 8 days old -- vb.ini 23/08/2007 21:11:38 43 byte 8 days old -- removalfile.bat 23/08/2007 21:11:57 (DIR) 0 byte 8 days old -- Help 23/08/2007 21:12:12 (DIR) 0 byte 8 days old -- PCHEALTH 23/08/2007 21:13:01 (DIR) 0 byte 8 days old -- srchasst 23/08/2007 21:13:34 749 byte 8 days old -- WindowsShell.Manifest 23/08/2007 21:13:52 (DIR) 0 byte 8 days old -- Offline Web Pages 23/08/2007 21:15:48 (DIR) 0 byte 8 days old -- Registration 23/08/2007 21:16:01 4207 byte 8 days old -- ODBCINST.INI 23/08/2007 21:16:02 (DIR) 0 byte 8 days old -- Tasks 23/08/2007 21:16:14 299552 byte 8 days old -- WMSysPrx.prx 23/08/2007 21:16:30 504 byte 8 days old -- win.ini 23/08/2007 21:16:31 0 byte 8 days old -- control.ini 23/08/2007 21:16:41 (DIR) 0 byte 8 days old -- repair 23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- ime 23/08/2007 21:21:55 8192 byte 8 days old -- REGLOCS.OLD 23/08/2007 21:24:20 (DIR) 0 byte 8 days old -- Installer 23/08/2007 22:00:32 (DIR) 0 byte 8 days old -- WinSxS 23/08/2007 22:01:00 (DIR) 0 byte 8 days old -- system 23/08/2007 22:01:11 (DIR) 0 byte 8 days old -- Fonts 23/08/2007 22:01:12 231 byte 8 days old -- system.ini 24/08/2007 21:36:34 (DIR) 0 byte 7 days old -- security 24/08/2007 21:49:26 (DIR) 0 byte 7 days old -- SoftwareDistribution 24/08/2007 21:55:34 (DIR) 0 byte 7 days old -- $NtUninstallKB842773$ 24/08/2007 22:52:04 (DIR) 0 byte 7 days old -- inf 28/08/2007 21:02:13 645632 byte 3 days old -- attrib.exe 28/08/2007 22:09:27 8880 byte 3 days old -- ModemLog_Generic SoftK56.txt 28/08/2007 22:34:52 184 byte 3 days old -- cookies.ini 29/08/2007 19:44:55 286720 byte 2 days old -- PATCH.EXE 29/08/2007 19:44:56 69689 byte 2 days old -- UNZIP.DLL 29/08/2007 19:44:56 507904 byte 2 days old -- TMUPDATE.DLL 29/08/2007 19:45:14 (DIR) 0 byte 2 days old -- AU_Log 29/08/2007 19:45:19 170 byte 2 days old -- GetServer.ini 29/08/2007 20:19:20 29727481 byte 2 days old -- LPT$VPN.677 29/08/2007 20:19:20 1163344 byte 2 days old -- vsapi32.dll 29/08/2007 20:19:20 71749 byte 2 days old -- hcextoutput.dll 29/08/2007 20:19:20 29727481 byte 2 days old -- VPTNFILE.677 29/08/2007 20:19:20 86094 byte 2 days old -- BPMNT.dll 29/08/2007 20:19:21 (DIR) 0 byte 2 days old -- AU_Temp 29/08/2007 20:19:21 (DIR) 0 byte 2 days old -- AU_Backup 29/08/2007 20:19:21 1866050 byte 2 days old -- tsc.ptn 29/08/2007 20:19:21 267845 byte 2 days old -- tsc.exe 29/08/2007 20:19:47 (DIR) 0 byte 2 days old -- report 29/08/2007 20:19:56 823 byte 2 days old -- tsc.ini 30/08/2007 19:36:18 (DIR) 0 byte 1 days old -- ERUNT 30/08/2007 22:24:31 2328 byte 1 days old -- setupapi.log 30/08/2007 23:07:43 (DIR) 0 byte 1 days old -- Web 31/08/2007 00:05:30 (DIR) 0 byte 0 days old -- Downloaded Program Files 31/08/2007 00:05:56 0 byte 0 days old -- setuperr.log 31/08/2007 08:11:43 300 byte 0 days old -- setupact.log 31/08/2007 08:30:10 386806 byte 0 days old -- ntbtlog.txt 31/08/2007 19:40:15 2048 byte 0 days old -- bootstat.dat 31/08/2007 19:40:38 (DIR) 0 byte 0 days old -- Debug 31/08/2007 19:41:10 0 byte 0 days old -- 0.log 31/08/2007 19:41:46 (DIR) 0 byte 0 days old -- Prefetch 31/08/2007 19:42:30 25619 byte 0 days old -- WindowsUpdate.log 31/08/2007 19:42:30 2388 byte 0 days old -- SchedLgU.Txt 31/08/2007 19:43:09 (DIR) 0 byte 0 days old -- Temp 31/08/2007 19:43:32 (DIR) 0 byte 0 days old -- system32 ----- recent files in C:\WINDOWS\Downloaded Program Files\ 23/08/2007 21:13:52 65 byte 8 days old -- desktop.ini 30/08/2007 00:16:30 (DIR) 0 byte 1 days old -- CONFLICT.3 30/08/2007 00:16:30 (DIR) 0 byte 1 days old -- CONFLICT.2 30/08/2007 22:24:31 (DIR) 0 byte 1 days old -- CONFLICT.1 ----- recent files in C:\WINDOWS\system\ ----- recent files in C:\WINDOWS\system32\ 23/08/2007 21:08:58 (DIR) 0 byte 8 days old -- spool 23/08/2007 21:11:08 (DIR) 0 byte 8 days old -- MsDtc 23/08/2007 21:11:08 43542 byte 8 days old -- gebcywt.dll 23/08/2007 21:11:29 21892 byte 8 days old -- emptyregdb.dat 23/08/2007 21:11:31 (DIR) 0 byte 8 days old -- Com 23/08/2007 21:11:58 (DIR) 0 byte 8 days old -- Restore 23/08/2007 21:12:12 143360 byte 8 days old -- lgd.exe 23/08/2007 21:12:27 (DIR) 0 byte 8 days old -- oobe 23/08/2007 21:12:47 (DIR) 0 byte 8 days old -- Macromed 23/08/2007 21:12:48 (DIR) 0 byte 8 days old -- DirectX 23/08/2007 21:13:34 749 byte 8 days old -- sapi.cpl.manifest 23/08/2007 21:13:34 749 byte 8 days old -- wuaucpl.cpl.manifest 23/08/2007 21:13:34 749 byte 8 days old -- nwc.cpl.manifest 23/08/2007 21:13:34 749 byte 8 days old -- ncpa.cpl.manifest 23/08/2007 21:13:34 749 byte 8 days old -- cdplayer.exe.manifest 23/08/2007 21:13:51 488 byte 8 days old -- WindowsLogon.manifest 23/08/2007 21:13:51 488 byte 8 days old -- logonui.exe.manifest 23/08/2007 21:15:21 (DIR) 0 byte 8 days old -- ias 23/08/2007 21:15:57 54440 byte 8 days old -- kand.exe 23/08/2007 21:16:18 23392 byte 8 days old -- nscompat.tlb 23/08/2007 21:16:18 16832 byte 8 days old -- amcompat.tlb 23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- wbem 23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- xircom 23/08/2007 21:17:16 7158 byte 8 days old -- pipfpvpl.exe 23/08/2007 21:18:08 56772 byte 8 days old -- omlebde.exe 23/08/2007 21:18:36 26868 byte 8 days old -- jbitl.exe 23/08/2007 21:19:12 261 byte 8 days old -- $winnt$.inf 23/08/2007 21:19:16 10732 byte 8 days old -- tphm.exe 23/08/2007 21:21:47 90296 byte 8 days old -- FNTCACHE.DAT 23/08/2007 21:23:14 43542 byte 8 days old -- urqqron.dll 23/08/2007 21:24:15 25065 byte 8 days old -- wmpscheme.xml 23/08/2007 21:24:35 118 byte 8 days old -- vnggr.bat 23/08/2007 21:29:13 298080 byte 8 days old -- pmnnn.dll 23/08/2007 21:29:23 4380 byte 8 days old -- ynkvwfq.exe 23/08/2007 21:36:23 25504 byte 8 days old -- chunnkgs.exe 23/08/2007 21:36:28 10884 byte 8 days old -- csmnjza.exe 23/08/2007 21:37:31 34898 byte 8 days old -- lnffknqe.exe 23/08/2007 21:37:39 35770 byte 8 days old -- evueki.exe 23/08/2007 21:38:30 31390 byte 8 days old -- kbumlrd.exe 23/08/2007 21:39:32 49056 byte 8 days old -- khlvwoj.exe 23/08/2007 21:39:39 48180 byte 8 days old -- cyioc.exe 23/08/2007 21:39:41 134656 byte 8 days old -- sfc_os.dll 23/08/2007 21:39:41 475136 byte 8 days old -- jta.exe 23/08/2007 21:56:03 120 byte 8 days old -- wzcqyqd.bat 23/08/2007 21:59:55 39420 byte 8 days old -- dqsrrnn.exe 23/08/2007 22:00:40 (DIR) 0 byte 8 days old -- CatRoot 23/08/2007 22:03:06 120 byte 8 days old -- jzetcva.bat 23/08/2007 22:06:29 43542 byte 8 days old -- nnnnopn.dll 23/08/2007 22:08:18 0 byte 8 days old -- h323log.txt 23/08/2007 22:33:42 125504 byte 8 days old -- vttwmjql.dll 24/08/2007 20:37:08 43542 byte 7 days old -- awttttr.dll 24/08/2007 20:38:24 16896 byte 7 days old -- stszdvoi.exe 24/08/2007 21:00:56 43542 byte 7 days old -- ssqolkj.dll 24/08/2007 21:41:13 43542 byte 7 days old -- fccdawt.dll 24/08/2007 21:55:41 (DIR) 0 byte 7 days old -- bits 24/08/2007 21:55:42 (DIR) 0 byte 7 days old -- dllcache 24/08/2007 21:58:18 535 byte 7 days old -- lqjmwttv.ini 24/08/2007 21:58:27 43542 byte 7 days old -- ljjkklm.dll 24/08/2007 23:14:56 43542 byte 7 days old -- khfgebc.dll 24/08/2007 23:20:10 43542 byte 7 days old -- awtrqpp.dll 24/08/2007 23:23:49 16896 byte 7 days old -- vukota.exe 26/08/2007 21:38:30 13064 byte 5 days old -- wpa.dbl 26/08/2007 21:38:43 43542 byte 5 days old -- wvusrol.dll 26/08/2007 21:39:19 1263977 byte 5 days old -- enwbdgbq.ini 26/08/2007 21:44:00 43542 byte 5 days old -- opnkjkh.dll 26/08/2007 21:48:25 45056 byte 5 days old -- bdksuffw.exe 26/08/2007 22:58:36 3121 byte 5 days old -- CONFIG.NT 26/08/2007 22:58:37 (DIR) 0 byte 5 days old -- drivers 26/08/2007 23:39:45 43542 byte 5 days old -- hggfebc.dll 26/08/2007 23:43:42 29864 byte 5 days old -- wzhawmr.exe 27/08/2007 13:41:43 (DIR) 0 byte 4 days old -- config 27/08/2007 13:42:26 43542 byte 4 days old -- fccbywx.dll 27/08/2007 15:32:24 43542 byte 4 days old -- hggfggg.dll 27/08/2007 15:45:06 43542 byte 4 days old -- rqrrqnn.dll 27/08/2007 22:03:49 43542 byte 4 days old -- vturomn.dll 28/08/2007 21:01:40 43542 byte 3 days old -- jkkifda.dll 28/08/2007 21:13:27 43542 byte 3 days old -- qomklli.dll 28/08/2007 21:21:55 43542 byte 3 days old -- xxyyxyv.dll 28/08/2007 22:01:23 43542 byte 3 days old -- ssqpqol.dll 28/08/2007 22:02:06 75328 byte 3 days old -- ehhynepm.exe 28/08/2007 22:02:57 4162 byte 3 days old -- ysxhsna.exe 28/08/2007 22:08:13 1276065 byte 3 days old -- epffymnw.ini 28/08/2007 22:08:15 43542 byte 3 days old -- byxurrp.dll 28/08/2007 22:08:34 125504 byte 3 days old -- trz9.tmp 28/08/2007 22:11:01 70208 byte 3 days old -- trz8.tmp 28/08/2007 22:34:51 1276125 byte 3 days old -- djrmhpks.ini 29/08/2007 19:35:37 43542 byte 2 days old -- rqrpppo.dll 30/08/2007 19:43:01 43542 byte 1 days old -- iifgfcb.dll 30/08/2007 19:45:59 43542 byte 1 days old -- opnkhef.dll 30/08/2007 19:46:27 38912 byte 1 days old -- rswv.exe 30/08/2007 21:24:05 43542 byte 1 days old -- iiffddc.dll 30/08/2007 21:25:41 43542 byte 1 days old -- rqrrspp.dll 30/08/2007 21:28:45 43542 byte 1 days old -- khfgdbc.dll 30/08/2007 21:30:16 48856 byte 1 days old -- perfc00C.dat 30/08/2007 21:30:16 311740 byte 1 days old -- perfh009.dat 30/08/2007 21:30:16 40128 byte 1 days old -- perfc009.dat 30/08/2007 21:30:16 368076 byte 1 days old -- perfh00C.dat 30/08/2007 21:30:16 775210 byte 1 days old -- PerfStringBackup.INI 30/08/2007 22:03:06 824148 byte 1 days old -- nnnmp.bak2 30/08/2007 22:06:33 43542 byte 1 days old -- byxxxwu.dll 30/08/2007 22:09:50 70208 byte 1 days old -- brxxquyl.dll 30/08/2007 22:10:07 125504 byte 1 days old -- kybqqwmd.dll 30/08/2007 22:26:31 (DIR) 0 byte 1 days old -- CatRoot2 31/08/2007 19:40:35 17920 byte 0 days old -- tftp.exe 31/08/2007 19:40:35 44032 byte 0 days old -- ftp.exe 31/08/2007 19:43:42 722459 byte 0 days old -- nnnmp.ini ----- recent files in C:\WINDOWS\system32\drivers\ 30/08/2007 19:37:00 (DIR) 0 byte 1 days old -- etc ----- recent files in C:\WINDOWS emp\ 31/08/2007 08:04:18 16384 byte 0 days old -- Perflib_Perfdata_494.dat 31/08/2007 19:40:26 16384 byte 0 days old -- Perflib_Perfdata_4dc.dat 31/08/2007 19:43:24 (DIR) 0 byte 0 days old -- _avast4_ ----- recent files in C:\Program Files\ 23/08/2007 21:10:19 (DIR) 0 byte 8 days old -- Windows NT 23/08/2007 21:10:20 (DIR) 0 byte 8 days old -- MSN Gaming Zone 23/08/2007 21:10:38 (DIR) 0 byte 8 days old -- MSN 23/08/2007 21:11:52 (DIR) 0 byte 8 days old -- Outlook Express 23/08/2007 21:11:56 (DIR) 0 byte 8 days old -- NetMeeting 23/08/2007 21:12:31 (DIR) 0 byte 8 days old -- Movie Maker 23/08/2007 21:13:19 (DIR) 0 byte 8 days old -- Services en ligne 23/08/2007 21:13:50 (DIR) 0 byte 8 days old -- Internet Explorer 23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- xerox 23/08/2007 21:16:42 (DIR) 0 byte 8 days old -- microsoft frontpage 23/08/2007 21:24:09 (DIR) 0 byte 8 days old -- Uninstall Information 23/08/2007 21:24:14 (DIR) 0 byte 8 days old -- Messenger 23/08/2007 21:24:15 (DIR) 0 byte 8 days old -- Windows Media Player 23/08/2007 22:34:13 (DIR) 0 byte 8 days old -- WindowsUpdate 26/08/2007 21:57:59 (DIR) 0 byte 5 days old -- Spybot - Search & Destroy 26/08/2007 22:58:19 (DIR) 0 byte 5 days old -- Alwil Software 29/08/2007 22:03:42 (DIR) 0 byte 2 days old -- CCleaner 29/08/2007 22:06:16 (DIR) 0 byte 2 days old -- Grisoft 30/08/2007 23:02:07 (DIR) 0 byte 1 days old -- Fichiers communs ----- recent files in C:\Program Files\Fichiers communs\ 23/08/2007 21:11:44 (DIR) 0 byte 8 days old -- MSSoap 23/08/2007 21:11:52 (DIR) 0 byte 8 days old -- Services 23/08/2007 21:11:52 (DIR) 0 byte 8 days old -- System 23/08/2007 21:24:18 (DIR) 0 byte 8 days old -- Microsoft Shared 23/08/2007 22:01:13 (DIR) 0 byte 8 days old -- SpeechEngines 23/08/2007 22:01:16 (DIR) 0 byte 8 days old -- ODBC 26/08/2007 23:01:51 (DIR) 0 byte 5 days old -- delsim.1 ----- recent files in C:\Documents and Settings\PIERROT\Application Data\ 23/08/2007 21:24:14 (DIR) 0 byte 8 days old -- Identities 23/08/2007 22:00:51 62 byte 8 days old -- desktop.ini 24/08/2007 23:11:58 (DIR) 0 byte 7 days old -- WinAntiVirus Pro 2007 28/08/2007 22:30:29 (DIR) 0 byte 3 days old -- Microsoft 29/08/2007 22:06:28 (DIR) 0 byte 2 days old -- Grisoft ----- recent files in C:\DOCUME~1\PIERROT\LOCALS~1\Temp\ 30/08/2007 00:18:36 (DIR) 0 byte 1 days old -- _avast4_ 30/08/2007 00:22:36 (DIR) 0 byte 1 days old -- WER1.tmp.dir00 30/08/2007 19:26:55 (DIR) 0 byte 1 days old -- WER2.tmp.dir00 30/08/2007 19:43:06 (DIR) 0 byte 1 days old -- WER1.tmp.dir01 30/08/2007 21:31:59 (DIR) 0 byte 1 days old -- WER2.tmp.dir01 30/08/2007 22:06:34 43 byte 1 days old -- removalfile.bat 30/08/2007 22:07:06 (DIR) 0 byte 1 days old -- WER3.tmp.dir00 30/08/2007 22:19:29 (DIR) 0 byte 1 days old -- NI.UWA7PV_0001_N96M0206 30/08/2007 22:59:56 (DIR) 0 byte 1 days old -- ~offfilt 30/08/2007 23:37:56 (DIR) 0 byte 1 days old -- WER4.tmp.dir00 31/08/2007 08:34:20 (DIR) 0 byte 0 days old -- WER1.tmp.dir02 31/08/2007 08:34:20 0 byte 0 days old -- WER1.tmp 31/08/2007 19:42:23 0 byte 0 days old -- WER2.tmp 31/08/2007 19:42:23 (DIR) 0 byte 0 days old -- WER2.tmp.dir02 31/08/2007 19:42:42 16384 byte 0 days old -- ~DFBE5D.tmp 31/08/2007 19:42:43 (DIR) 0 byte 0 days old -- nsr4.tmp ===================== REGISTRY SCAN ===================== -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" "UserFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -u" "!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" "MSMSGS"="\"C:\Program Files\Messenger\msmsgs.exe\" /background" -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] "AppInit_DLLs"="" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"="" #### HKCR\CLSID\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}\InprocServer32 @="C:\WINDOWS\system32\gebcywt.dll" "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" #### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "Shell"="Explorer.exe %WINDIR%\attrib.exe" "System"="" "Userinit"="C:\WINDOWS\system32\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "UIHost"=expand:"logonui.exe" "LogonType"=dword:00000001 "WinStationsDisabled"="0" [Winlogon\GPExtensions] [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] "@="Quota du disque Microsoft" "DllName"=expand:"dskquota.dll" [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="Security" [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "DllName"=expand:"iedkcs32.dll" "@="Personnalisation de Internet Explorer" [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="EFS recovery" [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] "@="Installation de logiciel" "DllName"=expand:"appmgmts.dll" [Winlogon\Notify] [Winlogon\Notify\crypt32chain] "DllName"=expand:"crypt32.dll" "Logoff"="ChainWlxLogoffEvent" [Winlogon\Notify\cryptnet] "DllName"=expand:"cryptnet.dll" "Logoff"="CryptnetWlxLogoffEvent" [Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "StartShell"="WinlogonStartShellEvent" [Winlogon\Notify\gebcywt] "DllName"="gebcywt.dll" "Logon"="Logon" "Logoff"="Logoff" [Winlogon\Notify\pmnnn] "DllName"="C:\WINDOWS\System32\pmnnn.dll" "Startup"="RealLogon" "Logoff"="RealLogoff" [Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 [Winlogon\Notify\Schedule] "DllName"=expand:"wlnotify.dll" "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "DllName"=expand:"sclgntfy.dll" [Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" [Winlogon\Notify ermsrv] "DllName"=expand:"wlnotify.dll" "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [Winlogon\Notify\urqqron] "DllName"="urqqron.dll" "Logon"="Logon" "Logoff"="Logoff" [Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" [Winlogon\SpecialAccounts] [Winlogon\SpecialAccounts\UserList] "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "ParseAutoexec"="1" "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp" "BuildNumber"=dword:00000a28 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options----- [Image File Execution Options\Your Image File Name Here without a path] "Debugger"="ntsd -d" -----HKLM\System\CurrentControlSet\Control\Session Manager\----- [Session Manager] "BootExecute"=multi:"autocheck autochk *\00stera\00\00" [Session Manager\SubSystems] "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" -----HKLM\SYSTEM\CurrentControlSet\Control\WOW----- [WOW] "cmdline"=expand:"%SystemRoot%\system32 tvdm.exe" "wowcmdline"=expand:"%SystemRoot%\system32 tvdm.exe -a %SystemRoot%\system32\krnl386" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- [RunOnceEx] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- -----HKLM\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup----- -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run----- -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds dpwd\StartupPrograms----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler----- [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects----- [Browser Helper Objects] [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}] #### HKCR\CLSID\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}\InprocServer32 @="C:\WINDOWS\system32\gebcywt.dll" [Browser Helper Objects\{D1672E56-2A73-4FC6-B7FE-184EE91A3650}] #### HKCR\CLSID\{D1672E56-2A73-4FC6-B7FE-184EE91A3650}\InprocServer32 @="C:\WINDOWS\System32\pmnnn.dll" -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks----- [URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll" -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder----- -----HKCU\Control Panel\Desktop\----- [Desktop] "SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr" [Desktop\WindowMetrics] -----HKEY_CLASSES_ROOT\exefile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\comfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\batfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\piffile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\scrFile\shell\open\command----- [command] @="\"%1\" /S" -----HKEY_CLASSES_ROOT\htafile\shell\open\command----- [Command] @="C:\WINDOWS\system32\mshta.exe \"%1\" %*" -----HKEY_CLASSES_ROOT\logfile\shell\open\command----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL----- [URL] [URL\DefaultPrefix] @="http://" [URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa----- [Lsa] "Authentication Packages"=multi:"msv1_0\00\00" "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00" "LsaPid"=dword:0000022c "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000001 "restrictanonymoussam"=dword:00000001 "Notification Packages"=multi:"scecli\00\00" [Lsa\AccessProviders] "ProviderOrder"=multi:"Windows NT Access Provider\00\00" [Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=expand:"%SystemRoot%\system32 tmarta.dll" [Lsa\Data] @Class="1229466c" "Pattern"=hex:b1,fe,93,b7,8a,69,b5,9f,8e,a9,cd,52,09,59,18,db,31,32,32,39,34,\ 36,36,63,00,67,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\ 51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,15,18,cc,67 [Lsa\GBG] @Class="159a0941" "GrafBlumGroup"=hex:55,be,72,00,72,5a,6f,37,dc [Lsa\JD] @Class="ceef67bd" "Lookup"=hex:c4,ad,01,86,3d,47 [Lsa\Kerberos] [Lsa\Kerberos\Domains] [Lsa\Kerberos\SidCache] [Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [Lsa\Skew1] @Class="cc18ef85" "SkewMatrix"=hex:8d,fc,c5,7e,4f,d6,43,09,95,19,41,54,b4,05,54,4b [Lsa\SSO] [Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [Lsa\SspiCache] "Time"=hex:8e,5b,47,09,c1,e5,c7,01 [Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,e0,8c,f6,b8,2f,c1,01 "Type"=dword:00000031 [Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,e0,8c,f6,b8,2f,c1,01 "Type"=dword:00000031 [Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,e0,8c,f6,b8,2f,c1,01 "Type"=dword:00000031 -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----- [SharedAccess] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs" "DisplayName"="Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS)" "DependOnService"=multi:"Netman\00NLA\00RasMan\00ALG\00\00" "DependOnGroup"=multi:"\00" "ObjectName"="LocalSystem" "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique." [SharedAccess\Parameters] "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll" -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2----- -----HKLM\Software\Microsoft\Ole----- [Ole] "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\ 00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\ 5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\ 5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00 "EnableDCOM"="N" -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\----- [Security Center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\----- [SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001 "DSMin"=dword:000000c8 "DSMax"=dword:00000190 "RPSessionInterval"=dword:00000000 "RPGlobalInterval"=dword:00015180 "RPLifeInterval"=dword:0076a700 "CompressionBurst"=dword:0000003c "TimerInterval"=dword:00000078 "DiskPercent"=dword:0000000c "ThawInterval"=dword:00000384 [SystemRestore\Cfg] "DiskPercent"=dword:0000000c "MachineGuid"="{40666F75-94C6-4723-8EAB-D8C50119EA46}" [SystemRestore\SnapshotCallbacks] @="" -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings----- [VB and VBA Program Settings] [VB and VBA Program Settings\CCleaner] [VB and VBA Program Settings\CCleaner\Options] -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\----- [MountPoints2] [MountPoints2\A] "BaseClass"="Drive" [MountPoints2\C] "BaseClass"="Drive" [MountPoints2\D] "BaseClass"="Drive" [MountPoints2\E] "BaseClass"="Drive" [MountPoints2\F] "BaseClass"="Drive" [MountPoints2\G] "BaseClass"="Drive" [MountPoints2\H] "BaseClass"="Drive" [MountPoints2\I] "BaseClass"="Drive" [MountPoints2\J] "BaseClass"="Drive" [MountPoints2\{2cb00041-51b3-11dc-b187-8c61dd9d25dd}] "BaseClass"="Drive" [MountPoints2\{2cb00042-51b3-11dc-b187-8c61dd9d25dd}] "BaseClass"="Drive" [MountPoints2\{2cb00043-51b3-11dc-b187-8c61dd9d25dd}] "BaseClass"="Drive" [MountPoints2\{2cb00044-51b3-11dc-b187-8c61dd9d25dd}] "BaseClass"="Drive" [MountPoints2\{69569e78-c3d5-11d9-8f7c-806d6172696f}] "BaseClass"="Drive" [MountPoints2\{69569e79-c3d5-11d9-8f7c-806d6172696f}] "BaseClass"="Drive" [MountPoints2\{69569e7a-c3d5-11d9-8f7c-806d6172696f}] "BaseClass"="Drive" [MountPoints2\{69569e7b-c3d5-11d9-8f7c-806d6172696f}] "BaseClass"="Drive" [MountPoints2\{69569e7c-c3d5-11d9-8f7c-806d6172696f}] "BaseClass"="Drive" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- [AdvancedOptions] -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- -----HKLM\Software\Microsoft\Active Setup\Installed Components----- [Installed Components] [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] "@="Personnalisation du navigateur" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] "@="Rendu VML (Vector Graphics Rendering)" "ComponentID"="MSVML" [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\System32\msdxm.ocx" "ComponentID"="NetShow" "StubPath"="" [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\msdxm.ocx" "ComponentID"="Microsoft Windows Media Player" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT" "@="Lecteur Windows Media Microsoft 6.4" [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] #### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll" "@="DirectAnimation" "ComponentID"="DirectAnimation" [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] "@="Themes Setup" "ComponentID"="Theme Component" "StubPath"=expand:"%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll" [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] "@="Liaison de données Dynamic HTML pour Java" "ComponentID"="TridataJava" [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "@="Logiciel de navigation hors connexion" "ComponentID"="MobilePk" [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] "@="Uniscribe" "ComponentID"="USP10" [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] "@="Création avancée" "ComponentID"="AdvAuth" [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "@="Microsoft Outlook Express 6" "ComponentID"="MailNews" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] "@="NetMeeting 3.01" "ComponentID"="NetMeeting" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT" [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] "@="DirectShow" "ComponentID"="activemovie" [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] "@="DirectDrawEx" "ComponentID"="DirectDrawEx" [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] "@="Aide sur Internet Explorer" "ComponentID"="HelpCont" [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] "@="Classes Java DirectAnimation" "ComponentID"="DAJava" [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] "@="Microsoft Windows Script 5.6" "ComponentID"="MSVBScript" [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] "KeyFileName"="C:\Program Files\Messenger\msmsgs.exe" "@="Windows Messenger 4.0" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser" [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] "@="Outils d'installation Internet Explorer" "ComponentID"="GenSetup" [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "@="Améliorations pour la navigation" "ComponentID"="ExtraPack" "KeyFileName"="C:\WINDOWS\System32\msieftp.dll" [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\System32\wmp.ocx" "@="Microsoft Windows Media Player 8" "ComponentID"="Microsoft Windows Media Player 8" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub" [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] "@="Accès au site MSN" "ComponentID"="MSN_Auth" [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "@="Carnet d'adresses 6" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "@="Mise à jour du Bureau Windows" "ComponentID"="IE4Shell_NT" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "@="Internet Explorer 6" "ComponentID"="BASEIE40_W2K" "StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix] [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] "@="Liaison de données Dynamic HTML" "ComponentID"="Tridata" [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] "@="Accès Internet Explorer" "ComponentID"="IEACCESS" "StubPath"=expand:"rundll32 iesetup.dll,IEAccessUserInst" [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] "@="Polices de base Internet Explorer" "ComponentID"="Fontcore" [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] "@="Planificateur de tâches" "ComponentID"="MSTASK" [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] #### HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32 @="C:\WINDOWS\System32\macromed\flash\swflash.ocx" "@="Macromedia Shockwave Flash" "ComponentID"="Flash" [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] "@="Aide HTML" "ComponentID"="HTMLHelp" [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] "@="Active Directory Service Interface" "ComponentID"="ADSI" -----Comparing registry keys CCS1 vs CCS2 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000CFE9E046D41B36FCD41B35FC03000000000000000400000000000000CFE9E04658AD88FE01000000000000000400000000000000CFE9E046FFFFFF0033000000000000000400000000000000CFE9E04600093A8036000000000000000400000000000000CFE9E04658AD88FE35000000000000000100000000000000CFE9E04605000000 > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000FF8CE146D41B36FCD41B35FC03000000000000000400000000000000FF8CE14658AD88FE01000000000000000400000000000000FF8CE146FFFFFF0033000000000000000400000000000000FF8CE14600093A8036000000000000000400000000000000FF8CE14658AD88FE35000000000000000100000000000000FF8CE14605000000 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188842639 (0x46DC4C8F) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188884415 (0x46DCEFBF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189069439 (0x46DFC27F) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189111215 (0x46E065AF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188842639 (0x46DC4C8F) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188884415 (0x46DCEFBF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189069439 (0x46DFC27F) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189111215 (0x46E065AF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF) Result compared: Different -----Comparing registry keys CCS1 vs CCS3 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000CFE9E046D41B36FCD41B35FC03000000000000000400000000000000CFE9E04658AD88FE01000000000000000400000000000000CFE9E046FFFFFF0033000000000000000400000000000000CFE9E04600093A8036000000000000000400000000000000CFE9E04658AD88FE35000000000000000100000000000000CFE9E04605000000 > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} REG_BINARY 06000000000000000800000000000000FF8CE146D41B36FCD41B35FC03000000000000000400000000000000FF8CE14658AD88FE01000000000000000400000000000000FF8CE146FFFFFF0033000000000000000400000000000000FF8CE14600093A8036000000000000000400000000000000FF8CE14658AD88FE35000000000000000100000000000000FF8CE14605000000 > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188842639 (0x46DC4C8F) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T1 REG_DWORD 1188884415 (0x46DCEFBF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189069439 (0x46DFC27F) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} T2 REG_DWORD 1189111215 (0x46E065AF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7} LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188540239 (0x46D7AF4F) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1188582015 (0x46D8527F) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188842639 (0x46DC4C8F) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T1 REG_DWORD 1188884415 (0x46DCEFBF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189069439 (0x46DFC27F) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip T2 REG_DWORD 1189111215 (0x46E065AF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189145039 (0x46E0E9CF) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1BD5524A-9FD2-48F3-B0CB-CD34DC4678D7}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1189186815 (0x46E18CFF) Result compared: Different ===================== Installed Applications ===================== -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\AddressBook] [Uninstall\avast!] "DisplayName"="avast! Antivirus" "InstallSource"="C:\DOCUME~1\PIERROT\Bureau" "DisplayIcon"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe" "UninstallString"="rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup" [Uninstall\AVGAntiSpyware75] "DisplayName"="AVG Anti-Spyware 7.5" "UninstallString"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe" "DisplayIcon"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [Uninstall\Branding] [Uninstall\CCleaner] "DisplayName"="CCleaner (remove only)" "UninstallString"="\"C:\Program Files\CCleaner\uninst.exe\"" [Uninstall\Connection Manager] [Uninstall\DirectAnimation] [Uninstall\DirectDrawEx] [Uninstall\Fontcore] [Uninstall\HijackThis] "DisplayName"="HijackThis 2.0.0" "UninstallString"="\"C:\Documents and Settings\PIERROT\Bureau\HijackThis.exe\" /uninstall" "DisplayIcon"="C:\Documents and Settings\PIERROT\Bureau\HijackThis.exe" [Uninstall\ICW] [Uninstall\IE40] [Uninstall\IE4Data] [Uninstall\IE5BAKEX] [Uninstall\IEData] [Uninstall\KB842773] "DisplayName"="Correctif Windows XP - KB842773" "UninstallString"="C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe" [Uninstall\Microsoft NetShow Player 2.0] [Uninstall\MobileOptionPack] [Uninstall\MPlayer2] [Uninstall\NetMeeting] [Uninstall\OutlookExpress] [Uninstall\PCHealth] "UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf" [Uninstall\SchedulingAgent] [Uninstall\Spybot - Search & Destroy_is1] "DisplayName"="Spybot - Search & Destroy 1.4" "DisplayIcon"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" "UninstallString"="\"C:\Program Files\Spybot - Search & Destroy\unins000.exe\"" [Uninstall\WGA] "DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)" [Uninstall\{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}] "InstallSource"="C:\WINDOWS\System32\" "DisplayName"="WebFldrs XP" -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- ========================================== Scan completed in 0,4 minutes End of report

Utilisateur anonyme · Answer

Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous 


C:\Documents and Settings\PIERROT\Application Data\WinAntiVirus Pro 2007
C:\WINDOWS\system32
nnmp.ini
C:\WINDOWS\system32\kybqqwmd.dll
C:\WINDOWS\system32\brxxquyl.dll
C:\WINDOWS\system32\byxxxwu.dll
C:\WINDOWS\system32
nnmp.bak2
C:\WINDOWS\system32\khfgdbc.dll
C:\WINDOWS\system32qrrspp.dll
C:\WINDOWS\system32\iiffddc.dll
C:\WINDOWS\system32swv.exe
C:\WINDOWS\system32\opnkhef.dll
C:\WINDOWS\system32\iifgfcb.dll
C:\WINDOWS\system32qrpppo.dll
C:\WINDOWS\system32\djrmhpks.ini
C:\WINDOWS\system32	rz8.tmp
C:\WINDOWS\system32	rz9.tmp
C:\WINDOWS\system32\byxurrp.dll
C:\WINDOWS\system32\epffymnw.ini
C:\WINDOWS\system32\ysxhsna.exe
C:\WINDOWS\system32\ehhynepm.exe
C:\WINDOWS\system32\ssqpqol.dll
C:\WINDOWS\system32\xxyyxyv.dll
C:\WINDOWS\system32\qomklli.dll
C:\WINDOWS\system32\jkkifda.dll
C:\WINDOWS\system32\vturomn.dll
C:\WINDOWS\system32qrrqnn.dll
C:\WINDOWS\system32\hggfggg.dll
C:\WINDOWS\system32\fccbywx.dll
C:\WINDOWS\system32\wzhawmr.exe
C:\WINDOWS\system32\hggfebc.dll
C:\WINDOWS\system32\bdksuffw.exe
C:\WINDOWS\system32\opnkjkh.dll
C:\WINDOWS\system32\enwbdgbq.ini
C:\WINDOWS\system32\wvusrol.dll
C:\WINDOWS\system32\vukota.exe
C:\WINDOWS\system32\awtrqpp.dll
C:\WINDOWS\system32\khfgebc.dll
C:\WINDOWS\system32\ljjkklm.dll
C:\WINDOWS\system32\lqjmwttv.ini
C:\WINDOWS\system32\fccdawt.dll
C:\WINDOWS\system32\ssqolkj.dll
C:\WINDOWS\system32\stszdvoi.exe
C:\WINDOWS\system32\awttttr.dll
C:\WINDOWS\system32\vttwmjql.dll
C:\WINDOWS\system32
nnnopn.dll
C:\WINDOWS\system32\jzetcva.bat
C:\WINDOWS\system32\dqsrrnn.exe
C:\WINDOWS\system32\wzcqyqd.bat
C:\WINDOWS\system32\jta.exe
C:\WINDOWS\system32\cyioc.exe
C:\WINDOWS\system32\khlvwoj.exe
C:\WINDOWS\system32\kbumlrd.exe
C:\WINDOWS\system32\evueki.exe
C:\WINDOWS\system32\lnffknqe.exe
C:\WINDOWS\system32\csmnjza.exe
C:\WINDOWS\system32\chunnkgs.exe
C:\WINDOWS\system32\ynkvwfq.exe
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\vnggr.bat
C:\WINDOWS\system32\urqqron.dll
C:\WINDOWS\system32	phm.exe
C:\WINDOWS\system32\jbitl.exe
C:\WINDOWS\system32\omlebde.exe
C:\WINDOWS\system32\pipfpvpl.exe
C:\WINDOWS\system32\kand.exe
C:\WINDOWS\system32\gebcywt.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe
C:\WINDOWS\system32\bdksuffw.exe
C:\WINDOWS\system32\chunnkgs.exe
C:\WINDOWS\system32\csmnjza.exe
C:\WINDOWS\system32\cyioc.exe
C:\WINDOWS\system32\dqsrrnn.exe 
C:\WINDOWS\system32\evueki.exe 
C:\WINDOWS\system32\jbitl.exe
C:\WINDOWS\system32\kand.exe
C:\WINDOWS\system32\kbumlrd.exe
C:\WINDOWS\system32\khlvwoj.exe 
C:\WINDOWS\system32\lnffknqe.exe 
C:\WINDOWS\system32\omlebde.exe 
C:\WINDOWS\system32\pipfpvpl.exe
C:\WINDOWS\system32swv.exe
C:\WINDOWS\system32	phm.exe
C:\WINDOWS\system32\wzhawmr.exe
C:\WINDOWS\system32\ynkvwfq.exe
C:\WINDOWS\system32\ysxhsna.exe 
C:\Program Files\Fichiers communs\delsim.1

Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
Clic sur le boutton rouge Moveit et ferme OTMoveIt
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles



¤ Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4

Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu.. 

double clic dessus choisis "start for vundo" 
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt



¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité 

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gbom

Plus d'info :
-> https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall



¤ Puis remet un rapport hijackthis stp

julienEVO6 · Answer

Voila le rapport de OTMoveit:

C:\Documents and Settings\PIERROT\Application Data\WinAntiVirus Pro 2007\Logs moved successfully.
C:\Documents and Settings\PIERROT\Application Data\WinAntiVirus Pro 2007 moved successfully.
C:\WINDOWS\system32
nnmp.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\kybqqwmd.dll
C:\WINDOWS\system32\kybqqwmd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\kybqqwmd.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\brxxquyl.dll
C:\WINDOWS\system32\brxxquyl.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\brxxquyl.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxxxwu.dll
C:\WINDOWS\system32\byxxxwu.dll NOT unregistered.
C:\WINDOWS\system32\byxxxwu.dll moved successfully.
C:\WINDOWS\system32
nnmp.bak2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfgdbc.dll
C:\WINDOWS\system32\khfgdbc.dll NOT unregistered.
C:\WINDOWS\system32\khfgdbc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32qrrspp.dll
C:\WINDOWS\system32qrrspp.dll NOT unregistered.
C:\WINDOWS\system32qrrspp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iiffddc.dll
C:\WINDOWS\system32\iiffddc.dll NOT unregistered.
C:\WINDOWS\system32\iiffddc.dll moved successfully.
C:\WINDOWS\system32swv.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnkhef.dll
C:\WINDOWS\system32\opnkhef.dll NOT unregistered.
C:\WINDOWS\system32\opnkhef.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifgfcb.dll
C:\WINDOWS\system32\iifgfcb.dll NOT unregistered.
C:\WINDOWS\system32\iifgfcb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32qrpppo.dll
C:\WINDOWS\system32qrpppo.dll NOT unregistered.
C:\WINDOWS\system32qrpppo.dll moved successfully.
C:\WINDOWS\system32\djrmhpks.ini moved successfully.
C:\WINDOWS\system32	rz8.tmp moved successfully.
C:\WINDOWS\system32	rz9.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byxurrp.dll
C:\WINDOWS\system32\byxurrp.dll NOT unregistered.
C:\WINDOWS\system32\byxurrp.dll moved successfully.
C:\WINDOWS\system32\epffymnw.ini moved successfully.
C:\WINDOWS\system32\ysxhsna.exe moved successfully.
C:\WINDOWS\system32\ehhynepm.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqpqol.dll
C:\WINDOWS\system32\ssqpqol.dll NOT unregistered.
C:\WINDOWS\system32\ssqpqol.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyyxyv.dll
C:\WINDOWS\system32\xxyyxyv.dll NOT unregistered.
C:\WINDOWS\system32\xxyyxyv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qomklli.dll
C:\WINDOWS\system32\qomklli.dll NOT unregistered.
C:\WINDOWS\system32\qomklli.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkifda.dll
C:\WINDOWS\system32\jkkifda.dll NOT unregistered.
C:\WINDOWS\system32\jkkifda.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vturomn.dll
C:\WINDOWS\system32\vturomn.dll NOT unregistered.
C:\WINDOWS\system32\vturomn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32qrrqnn.dll
C:\WINDOWS\system32qrrqnn.dll NOT unregistered.
C:\WINDOWS\system32qrrqnn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hggfggg.dll
C:\WINDOWS\system32\hggfggg.dll NOT unregistered.
C:\WINDOWS\system32\hggfggg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccbywx.dll
C:\WINDOWS\system32\fccbywx.dll NOT unregistered.
C:\WINDOWS\system32\fccbywx.dll moved successfully.
C:\WINDOWS\system32\wzhawmr.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hggfebc.dll
C:\WINDOWS\system32\hggfebc.dll NOT unregistered.
C:\WINDOWS\system32\hggfebc.dll moved successfully.
C:\WINDOWS\system32\bdksuffw.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnkjkh.dll
C:\WINDOWS\system32\opnkjkh.dll NOT unregistered.
C:\WINDOWS\system32\opnkjkh.dll moved successfully.
C:\WINDOWS\system32\enwbdgbq.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvusrol.dll
C:\WINDOWS\system32\wvusrol.dll NOT unregistered.
C:\WINDOWS\system32\wvusrol.dll moved successfully.
C:\WINDOWS\system32\vukota.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtrqpp.dll
C:\WINDOWS\system32\awtrqpp.dll NOT unregistered.
C:\WINDOWS\system32\awtrqpp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfgebc.dll
C:\WINDOWS\system32\khfgebc.dll NOT unregistered.
C:\WINDOWS\system32\khfgebc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljjkklm.dll
C:\WINDOWS\system32\ljjkklm.dll NOT unregistered.
C:\WINDOWS\system32\ljjkklm.dll moved successfully.
C:\WINDOWS\system32\lqjmwttv.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fccdawt.dll
C:\WINDOWS\system32\fccdawt.dll NOT unregistered.
C:\WINDOWS\system32\fccdawt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqolkj.dll
C:\WINDOWS\system32\ssqolkj.dll NOT unregistered.
C:\WINDOWS\system32\ssqolkj.dll moved successfully.
C:\WINDOWS\system32\stszdvoi.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awttttr.dll
C:\WINDOWS\system32\awttttr.dll NOT unregistered.
C:\WINDOWS\system32\awttttr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vttwmjql.dll
C:\WINDOWS\system32\vttwmjql.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vttwmjql.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32
nnnopn.dll
C:\WINDOWS\system32
nnnopn.dll NOT unregistered.
C:\WINDOWS\system32
nnnopn.dll moved successfully.
C:\WINDOWS\system32\jzetcva.bat moved successfully.
C:\WINDOWS\system32\dqsrrnn.exe moved successfully.
C:\WINDOWS\system32\wzcqyqd.bat moved successfully.
C:\WINDOWS\system32\jta.exe moved successfully.
C:\WINDOWS\system32\cyioc.exe moved successfully.
C:\WINDOWS\system32\khlvwoj.exe moved successfully.
C:\WINDOWS\system32\kbumlrd.exe moved successfully.
C:\WINDOWS\system32\evueki.exe moved successfully.
C:\WINDOWS\system32\lnffknqe.exe moved successfully.
C:\WINDOWS\system32\csmnjza.exe moved successfully.
C:\WINDOWS\system32\chunnkgs.exe moved successfully.
C:\WINDOWS\system32\ynkvwfq.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\pmnnn.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\vnggr.bat moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqqron.dll
C:\WINDOWS\system32\urqqron.dll NOT unregistered.
C:\WINDOWS\system32\urqqron.dll moved successfully.
C:\WINDOWS\system32	phm.exe moved successfully.
C:\WINDOWS\system32\jbitl.exe moved successfully.
C:\WINDOWS\system32\omlebde.exe moved successfully.
C:\WINDOWS\system32\pipfpvpl.exe moved successfully.
C:\WINDOWS\system32\kand.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcywt.dll
C:\WINDOWS\system32\gebcywt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gebcywt.dll scheduled to be moved on reboot.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3 moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2 moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1 moved successfully.
File/Folder C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe not found.
File/Folder C:\WINDOWS\system32\bdksuffw.exe not found.
File/Folder C:\WINDOWS\system32\chunnkgs.exe not found.
File/Folder C:\WINDOWS\system32\csmnjza.exe not found.
File/Folder C:\WINDOWS\system32\cyioc.exe not found.
File/Folder C:\WINDOWS\system32\dqsrrnn.exe not found.
File/Folder C:\WINDOWS\system32\evueki.exe not found.
File/Folder C:\WINDOWS\system32\jbitl.exe not found.
File/Folder C:\WINDOWS\system32\kand.exe not found.
File/Folder C:\WINDOWS\system32\kbumlrd.exe not found.
File/Folder C:\WINDOWS\system32\khlvwoj.exe not found.
File/Folder C:\WINDOWS\system32\lnffknqe.exe not found.
File/Folder C:\WINDOWS\system32\omlebde.exe not found.
File/Folder C:\WINDOWS\system32\pipfpvpl.exe not found.
File/Folder C:\WINDOWS\system32swv.exe not found.
File/Folder C:\WINDOWS\system32	phm.exe not found.
File/Folder C:\WINDOWS\system32\wzhawmr.exe not found.
File/Folder C:\WINDOWS\system32\ynkvwfq.exe not found.
File/Folder C:\WINDOWS\system32\ysxhsna.exe not found.
C:\Program Files\Fichiers communs\delsim.1 moved successfully.
 
Created on 08/31/2007 20:31:51

julienEVO6 · Answer

Voila le rapport VundoFix:

VundoFix V6.5.7

Checking Java version...

Sun Java not detected
Scan started at 20:40:38 31/08/2007

Listing files found while scanning....

C:\WINDOWS\System32\mwaxnplk.dll
C:\WINDOWS\System32
nnmp.ini
C:\WINDOWS\System32\pmnnn.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\System32
nnmp.ini
C:\WINDOWS\System32
nnmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\System32\pmnnn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\System32
nnmp.ini
C:\WINDOWS\System32
nnmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\System32\pmnnn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

julienEVO6 · Answer

Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:57:40, on 31/08/2007
Platform: Windows XP  (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\attrib.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32undll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\PIERROT\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\attrib.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\gebcywt.dll
O2 - BHO: (no name) - {9503996D-D12F-4243-90F6-CD62CFB44425} - C:\WINDOWS\System32\pmnnn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/download/2007/download.php?file=2&aid=nm_ku_wav_meta_kw_mtrt_fr_fr_ed2&lid=wifi&affid=nm_941_1aefd47451af11dc80f5fff941fdffff_53e65491e63f44389a37064cce1db43b
O20 - Winlogon Notify: gebcywt - C:\WINDOWS\SYSTEM32\gebcywt.dll
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: urqqron - urqqron.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: attrib - Unknown owner - C:\WINDOWS\attrib.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32tayywor.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32
etdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Utilisateur anonyme · Answer

¤ Clic sur "démarrer", "exécuter", tape: services.msc 
Cherche dans la liste la ligne ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"

- DomainService
-  attrib



¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\attrib.exe
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\gebcywt.dll 
O2 - BHO: (no name) - {9503996D-D12F-4243-90F6-CD62CFB44425} - C:\WINDOWS\System32\pmnnn.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://fr.winantivirus.com/ 
O20 - Winlogon Notify: gebcywt - C:\WINDOWS\SYSTEM32\gebcywt.dll 
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\System32\pmnnn.dll 
O20 - Winlogon Notify: urqqron - urqqron.dll (file missing)



¤¤ Redémarre le PC en mode sans échec : Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu

* Clic sur démarrer, rechercher, tous les fichiers et dossiers, cherche et supprime si présent :

- attrib.exe
- rtayywor.exe
- pmnnn.dll
- gebcywt.dll

Dès qu'ils sont supprimès, vide ta corbeille et redémarre normalement.



¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe Kerio pour plus de sécurité 

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gbom

Plus d'info :
-> https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall



¤ Clic sur démarrer, panneau de configuration, connexions et réseau internet, options internet, vas dans l'onglet: 
- "Général" clci sur le bouton "Supprimer" puis clic sur "Tout supprimer"
- "Sécurité" et clic sur "niveau par défaut" 
- même chose avec l'onglet "Confidentialité" 
- "Contenu" effacer le SSL
- puis dans l'onglet "Avancé" clique sur "paramétres par défaut" puis "réinitialiser"

Appliquer, puis ok.


¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour  faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/

julienEVO6 · Answer

Comment je desactive le pare feu windows ?

Utilisateur anonyme · Answer

En installant Sunbelt il sera désactivé pas de problème ;-)

julienEVO6 · Answer

Alors
-attrib.exe a été supprimé
-rtayywor n'est pas trouvé
-pmnnn.dll et gelcywt ne peuvent etre supprimé car ressource utilisé par une autre personne ou par un autre programme.
Arff!C'est grave docteur ?

Utilisateur anonyme · Answer

même en mode sans échec ?

julienEVO6 · Answer

Oui,je n'ai essayé qu'en mode sans echec.

julienEVO6 · Answer

C'est bon je suis allé en mode sans echec dans la version de Windows XP ou je vais d'habitude (celle qui plante quoi) et j'ai supprimé pmnnn.dll et gebcywt.dll par contre ca ne trouve pas rtayywor.exe.

Je peux attaquer la suite ?


Bon allé je revien demain bonne nuit.

Utilisateur anonyme · Answer

Oui tu pourras faire la suite ;-)

Bonne nuit !

julienEVO6 · Answer

BitDefender Online Scanner
  
  
 
Scan report generated at: Sat, Sep 01, 2007 - 20:12:17
 
 
  
  
 
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
  
  
 
 
  
  
 
Statistics
 
Time
 01:09:47
 
Files
 286000
 
Folders
 8694
 
Boot Sectors
 3
 
Archives
 1379
 
Packed Files
 8805
 
  
  
 
Results
 
Identified Viruses 
 10
 
Infected Files 
 67
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 67
 
  
  
 
Engines Info
 
Virus Definitions
 750951
 
Engine build
 AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\PIERROT\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filA8407C40.dat=>(gzip)
 Infected with: Exploit.ADODB.Stream.BB
 
C:\Documents and Settings\PIERROT\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filA8407C40.dat=>(gzip)
 Disinfection failed
 
C:\Documents and Settings\PIERROT\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filA8407C40.dat=>(gzip)
 Deleted
 
C:\Documents and Settings\PIERROT\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filA8407C40.dat
 Updated
 
C:\Documents and Settings\PIERROT\Bureau\backups\backup-20070831-222624-687.dll
 Infected with: DeepScan:Generic.Virtumonde.1.010E6C47
 
C:\Documents and Settings\PIERROT\Bureau\backups\backup-20070831-222624-687.dll
 Disinfection failed
 
C:\Documents and Settings\PIERROT\Bureau\backups\backup-20070831-222624-687.dll
 Deleted
 
C:\Documents and Settings\PIERROT\Bureau\backups\backup-20070831-222624-947.dll
 Infected with: Trojan.Vundo.DMV
 
C:\Documents and Settings\PIERROT\Bureau\backups\backup-20070831-222624-947.dll
 Disinfection failed
 
C:\Documents and Settings\PIERROT\Bureau\backups\backup-20070831-222624-947.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0005186.dll
 Infected with: Trojan.Vundo.DMP
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0005186.dll
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0005186.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010333.exe
 Infected with: Packer.PESpin.A
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010333.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010333.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010353.dll
 Infected with: Trojan.Vundo.DMP
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010353.dll
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010353.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010358.dll
 Infected with: Trojan.Vundo.DMP
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010358.dll
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010358.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010371.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010371.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010371.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010373.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010373.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010373.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010374.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010374.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010374.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010376.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010376.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010377.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010377.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010379.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010379.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010381.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010381.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010381.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010382.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010382.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010382.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010383.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010383.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010387.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010387.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010387.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010388.exe
 Infected with: DeepScan:Generic.Ranky.9A469A4D
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010388.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010388.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010429.exe=>(NSIS o)
 Clean
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010468.exe
 Infected with: Trojan.Fotomoto.E
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010468.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010468.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010482.exe
 Infected with: Packer.PESpin.A
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010482.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0010482.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0011557.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0011557.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0011558.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0011558.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013574.exe
 Infected with: Trojan.Fotomoto.E
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013574.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013574.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013601.exe
 Infected with: Backdoor.RBot.XCT
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013601.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013619.exe
 Infected with: Trojan.Downloader.DAQ
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013619.exe
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0013619.exe
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0016671.dll
 Infected with: Trojan.Vundo.DMP
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0016671.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0016673.dll
 Infected with: Trojan.Vundo.DMP
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0016673.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0017796.dll
 Infected with: DeepScan:Generic.Virtumonde.1.010E6C47
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0017796.dll
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0017796.dll
 Deleted
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0017797.dll
 Infected with: Trojan.Vundo.DMV
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0017797.dll
 Disinfection failed
 
C:\System Volume Information\_restore{40666F75-94C6-4723-8EAB-D8C50119EA46}\RP0\A0017797.dll
 Deleted
 
C:\System Volume Information\_restore{4F8E9E85-C903-4C6D-B09C-BAF3B4870F8D}\RP742\A0362248.dll
 Infected with: DeepScan:Generic.Virtumonde.1.010E6C47
 
C:\System Volume Information\_restore{4F8E9E85-C903-4C6D-B09C-BAF3B4870F8D}\RP742\A0362248.dll
 Disinfection failed
 
C:\System Volume Information\_restore{4F8E9E85-C903-4C6D-B09C-BAF3B4870F8D}\RP742\A0362248.dll
 Deleted
 
C:\System Volume Information\_restore{4F8E9E85-C903-4C6D-B09C-BAF3B4870F8D}\RP742\A0362249.dll
 Infected with: Trojan.Vundo.DMV
 
C:\System Volume Information\_restore{4F8E9E85-C903-4C6D-B09C-BAF3B4870F8D}\RP742\A0362249.dll
 Disinfection failed
 
C:\System Volume Information\_restore{4F8E9E85-C903-4C6D-B09C-BAF3B4870F8D}\RP742\A0362249.dll
 Deleted
 
C:\WINDOWS\system32\jhjkowfr.exe
 Infected with: Trojan.Fotomoto.E
 
C:\WINDOWS\system32\jhjkowfr.exe
 Disinfection failed
 
C:\WINDOWS\system32\jhjkowfr.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\awtrqpp.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\awtrqpp.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\awtrqpp.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\awttttr.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\awttttr.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\awttttr.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bdksuffw.exe
 Infected with: Backdoor.RBot.XCT
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bdksuffw.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\byxurrp.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\byxurrp.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\byxurrp.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\byxxxwu.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\byxxxwu.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\byxxxwu.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\cyioc.exe
 Infected with: Backdoor.RBot.XCT
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\cyioc.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ehhynepm.exe
 Infected with: Trojan.Fotomoto.E
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ehhynepm.exe
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ehhynepm.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fccbywx.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fccbywx.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fccbywx.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fccdawt.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fccdawt.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\fccdawt.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hggfebc.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hggfebc.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hggfebc.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hggfggg.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hggfggg.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\hggfggg.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\iiffddc.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\iiffddc.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\iiffddc.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\iifgfcb.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\iifgfcb.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\iifgfcb.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jkkifda.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jkkifda.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jkkifda.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\kand.exe
 Infected with: Backdoor.RBot.XCT
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\kand.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khfgdbc.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khfgdbc.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khfgdbc.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khfgebc.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khfgebc.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khfgebc.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khlvwoj.exe
 Infected with: Backdoor.RBot.XCT
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\khlvwoj.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ljjkklm.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ljjkklm.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ljjkklm.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32
nnnopn.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32
nnnopn.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32
nnnopn.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\omlebde.exe
 Infected with: Backdoor.RBot.XCT
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\omlebde.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\opnkhef.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\opnkhef.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\opnkhef.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\opnkjkh.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\opnkjkh.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\opnkjkh.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qomklli.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qomklli.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qomklli.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrpppo.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrpppo.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrpppo.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrrqnn.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrrqnn.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrrqnn.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrrspp.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrrspp.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32qrrspp.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssqolkj.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssqolkj.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssqolkj.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssqpqol.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssqpqol.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ssqpqol.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\stszdvoi.exe
 Infected with: Trojan.Mexir.A
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\stszdvoi.exe
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\stszdvoi.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\urqqron.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\urqqron.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\urqqron.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vturomn.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vturomn.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vturomn.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vukota.exe
 Infected with: Trojan.Mexir.A
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vukota.exe
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vukota.exe
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wvusrol.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wvusrol.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wvusrol.dll
 Deleted
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xxyyxyv.dll
 Infected with: Trojan.Vundo.DMV
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xxyyxyv.dll
 Disinfection failed
 
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xxyyxyv.dll
 Deleted

julienEVO6 · Answer

Plus personne pour m'aider ?

julienEVO6 · Answer

Toujour pas ?

Probleme de plantage,vraiment besoin d'aide.

23 réponses

Discussions similaires

Newsletters