Sujet Précédent Sujet Suivant

Contamination virale sur Windows/system32

poolsim -  
 poolsim -
Bonjour,

J'ai déjà poster un message hier, et eu une réponsse de Darckiller. Mais en vein, je n'arrive pas à décontaminé mon PC portable.
Tout à commencer avec l'attaque de TratBHO sur Avast il y a deux semaines.
Ensuite, je me suis renseigner sur ce forum et j'ai éffectuer plusieurs manipulations qui n'ont pas marchées. J'ai changer Avast pour Antivir, mais celui-ci me signale des fichiers menacés dans le systeme32 à chaque démarage. J'ai beau supprimer ces fichiers, ils reviennent sans cesse. Les messages d'erreur ne cesse de m'avertir sur les meme fichiers lors du démarage de Windows. Je suis donc obliger de désactiver Antivir pour être tranquil. En effet, je travail en permanence sur mon ordinateur, et je ne peut m'en séparer.
Cerait-ce possible d'avoir quelques conseils qui me permettrais de résoudre définitivement ces problèmes?
je poste en meme temps des rapports que j'ai effectués avec différents logiciel:
Dans l'ordre: Totalscan puis Antivir.

Totalscan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-09 07:50:33
PROTECTIONS: 1
MALWARE: 44
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 7.0.1.201
No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\savenow
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wusn.1
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\whenusave
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\savenow
00027660 adware/savenow Adware No 0 Yes No c:\program files\save
00027660 adware/savenow Adware No 0 Yes No hkey_classes_root\wusn.1
00040735 adware/whenusearch Adware No 0 Yes No c:\documents and settings\mesmacque\menu démarrer\programmes\whenu
00040735 adware/whenusearch Adware No 0 Yes No c:\program files\fichiers communs\whenu
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.247realmedia.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@mediaplex[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@ccbill[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@revenue[1].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@www.myaffiliateprogram[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@fe.lea.lycos[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@hotlog[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@toplist[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@perf.overture[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.bs.serving-sys.com/]
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@as1.falkag[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@adtech[2].txt
00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@fe.lea.lycos[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@fl01.ct2.comclick[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.questionmarket.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.metriweb.be/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@metriweb[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@int.sitestat[3].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@int.sitestat[4].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@bluestreak[1].txt
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@cs.sexcounter[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.adultfriendfinder.com/]
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
00271752 Adware/Zango Adware No 0 Yes No C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Cookies\mesmacque@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Mesmacque\Application Data\Mozilla\Firefox\Profiles\wk828mjl.default\cookies.txt[.smartadserver.com/]
00294875 Adware/SaveNow Adware No 0 No No C:\Program Files\Save\ffext.mod[{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar][content/overlay.js]
00297197 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
00358465 application/myglobalsearch HackTools No 0 Yes No c:\program files\myglobalsearch
01279295 Adware/SaveNow Adware No 0 Yes No C:\Program Files\Save\SaveUninst.exe
02070830 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Mesmacque\f.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Mesmacque\Local Settings\Temporary Internet Files\Content.IE5\5U5H0WXR\gamadril20071203[1]
02889049 Trj/Dropper.ZN Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DDCCD.EXE
02889051 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\DDCCD.DLL
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Antivir:

AntiVir PersonalEdition Classic
Report file date: mardi 8 janvier 2008 09:32

Scanning for 1004794 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: XAVIER

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 23:58:38
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 23:58:38
ANTIVIR3.VDF : 7.0.1.201 143872 Bytes 08/01/2008 08:22:41
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 05/01/2008 23:58:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 05/01/2008 23:58:38
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 8 janvier 2008 09:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr .exe' - '1' Module(s) have been scanned
Scan process 'MouseAp.exe' - '1' Module(s) have been scanned
Scan process 'Magickey.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer .exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr .exe' - '1' Module(s) have been scanned
Scan process 'Apoint .exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe'
Scan process 'atiptaxx .exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey .exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl .exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Apoint2K\Apoint.exe'
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe'
Scan process 'ElkCtrl .exe' - '1' Module(s) have been scanned
Scan process 'CameraAssistant .exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe'
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\dla\tfswctrl.exe'
Scan process 'Ltmoh .exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX .EXE' - '1' Module(s) have been scanned
Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Logitech\Video\CameraAssistant.exe'
Scan process 'PadExe .exe' - '1' Module(s) have been scanned
Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\ElkCtrl.exe'
Scan process 'Ltmoh.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\ltmoh\Ltmoh.exe'
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\LVCOMSX.EXE'
Scan process 'hpgs2wnd .exe' - '1' Module(s) have been scanned
Scan process 'SmoothView .exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe'
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe'
Scan process 'realsched .exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe'
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned
Scan process 'TPTray .exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe'
Scan process 'TvsTray .exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\TOSHIBA\TouchPad\TPTray.exe'
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\TOSHIBA\Tvs\TvsTray.exe'
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PMSHost.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'TeaTimer.exe' has been terminated
Process 'Apoint.exe' has been terminated
Process 'atiptaxx.exe' has been terminated
Process 'CeEKey.exe' has been terminated
Process 'tfswctrl.exe' has been terminated
Process 'CameraAssistant.exe' has been terminated
Process 'ElkCtrl.exe' has been terminated
Process 'Ltmoh.exe' has been terminated
Process 'LVCOMSX.EXE' has been terminated
Process 'PadExe.exe' has been terminated
Process 'hpgs2wnd.exe' has been terminated
Process 'SmoothView.exe' has been terminated
Process 'realsched.exe' has been terminated
Process 'TPTray.exe' has been terminated
Process 'TvsTray.exe' has been terminated
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Apoint2K\Apoint.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\WINDOWS\system32\dla\tfswctrl.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Logitech\Video\CameraAssistant.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\WINDOWS\system32\ElkCtrl.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\ltmoh\Ltmoh.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\WINDOWS\system32\LVCOMSX.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!

94 processes with 79 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\PSDrvCheck.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\WINDOWS\system32\PSDrvCheck.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
C:\WINDOWS\system32\ljjkljj.dll
[DETECTION] Is the Trojan horse TR/Drop.Swizzor.A
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ljjkljj.dll
[DETECTION] Is the Trojan horse TR/Drop.Swizzor.A

The registry was scanned ( '46' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX6D.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX73.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX76.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX78.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX79.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX7F.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX80.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX82.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX84.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX88.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX89.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX8B.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX8E.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX92.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX93.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX94.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX95.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX97.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX99.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX9B.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX9C.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX9D.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX9E.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCX9F.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA1.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA3.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA5.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA6.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA7.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA8.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXA9.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXAA.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXAC.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXAF.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXB0.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXB2.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXB5.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXB6.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXB9.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXBB.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXBC.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXBE.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXBF.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXC4.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXCA.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXCD.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXD0.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temp\RCXD3.tmp
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temporary Internet Files\Content.IE5\UBSPMO4O\css4[1]
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Documents and Settings\Mesmacque\Local Settings\Temporary Internet Files\Content.IE5\VLHEO42I\ptch[1]
[DETECTION] Is the Trojan horse TR/Vundo.dvc.3
[INFO] The file was deleted!
C:\Program Files\D-Tools\daemon.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Logitech\Video\InstallHelper.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Toshiba\TOSHIBA Applet\HWSetup.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000046.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000048.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000049.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000050.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000051.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000052.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000053.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000054.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000055.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000056.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000057.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000058.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000059.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000060.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000061.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000062.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000063.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000064.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000065.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000066.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0000067.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001046.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001048.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001049.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001050.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001051.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001052.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001053.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001054.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001055.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001056.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001057.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001058.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001059.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001060.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001061.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001062.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001063.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001064.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001065.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001066.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001067.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001130.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001133.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001134.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001135.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001136.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001137.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001138.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001139.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001140.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001141.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001142.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001143.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001144.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001145.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001146.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001147.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001148.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001149.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001150.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001151.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001152.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001198.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001201.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001202.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001203.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001204.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001205.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001206.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001207.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001208.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001209.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001210.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001211.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001212.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001213.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001214.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001215.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001216.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001217.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001218.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001219.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001220.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001325.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001327.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001328.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001329.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001330.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001331.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001332.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001333.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001334.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001335.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001336.EXE
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001337.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001338.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001339.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001340.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001341.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001342.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001343.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001344.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001345.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP1\A0001346.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP2\A0001413.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO] The file was deleted!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP2\A0001415.exe
[DETECTION] Is the Trojan horse TR/Vundo.DVD
[INFO]
A voir également:

1 réponse

Réponse 1 / 1
poolsim
 
Je continue, je viens de refaire une analyse Totalscan, il me dit qu'il n'y a plus d'infections.
J'ai refais une analyse complète avec Hijack This. Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:24, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccd.exe
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\tepvaloa.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0