Virus

Question

Bonjour,

Je crois que mon PC est infécté par un spyware.
Voici le log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:53, on 15/01/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32
tos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cc4865ac] rundll32.exe "C:\WINDOWS\System32\csifujdn.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp · Answer

slt
ton windows n'est pas a jour et tu a pas d'antivirus?


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32
tos.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cc4865ac] rundll32.exe "C:\WINDOWS\System32\csifujdn.dll",b 

_______________________


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
__________________________________


scan avec des antiespions (en mode sans échec): 

spybot : 

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html 

voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
_____________________________________

installe si tu n'en as pas un antivirus
 ANTIVIR (en anglais mais très efficace)  et colle nous le rapport
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)


ou sinon:


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

____________________

recolle hijackthis et dis tes problemes

Manu86 · Answer

Re,

ok voila la première étape :


SDFix: Version 1.126

Run by Pain on 15/01/2008 at 11:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Pain\Bureau\NOUVEA~1\SDFix

Safe Mode:
Checking Services: 

Name:
runtime

Path:
\??\C:\WINDOWS\System32\driversuntime.sys 

runtime - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\18.TMP - Deleted
C:\19.TMP - Deleted
C:\WINDOWS\system32\*_exception.nls  - Deleted



Folder C:\WINDOWS\system32\wsnpoem - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 11:46:08
Windows 5.1.2600  NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Pain\Bureau\NOUVEA~1\SDFix\backups\backups.zip

Files with Hidden Attributes:


Finished! 

Je fais le reste et je te répond

merci à toi

a +

jlpjlp · Answer

ok a plus

Manu86 · Answer

Re,

j'ai installé Antivir et voici le rapport :

AntiVir PersonalEdition Classic
Report file date: mardi 15 janvier 2008  15:18

Scanning for 1036833 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (plain)  [5.1.2600]
Username:         SYSTEM
Computer name:    BRUNO

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14/12/2007 13:04:50
ANTIVIR2.VDF : 7.0.1.205    620544 Bytes  08/01/2008 13:04:50
ANTIVIR3.VDF : 7.0.1.240    282624 Bytes  15/01/2008 13:04:50
AVEWIN32.DLL : 7.6.0.46    3084800 Bytes  15/01/2008 13:04:52
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2      360488 Bytes  15/01/2008 13:04:53
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 15 janvier 2008  15:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\khfcabc.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DST
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\khfcabc.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DST

The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\12.tmp
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [INFO]      The file was deleted!
C:\14.tmp
      [DETECTION] Is the Trojan horse TR/Agent.AGGZ
      [INFO]      The file was deleted!
C:\16.tmp
      [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.no
      [INFO]      The file was deleted!
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035047.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062028.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DUP
      [INFO]      The file was deleted!
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062029.dll
      [DETECTION] Is the Trojan horse TR/Vundo.dvc.4
      [INFO]      The file was deleted!
C:\WINDOWS\system32\csifujdn.dll
      [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\drearysp.dll
      [DETECTION] Is the Trojan horse TR/Vundo.dvc.4
      [INFO]      The file was deleted!
C:\WINDOWS\system32\efcbb.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DVE
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\exjahhtg.dll
      [DETECTION] Is the Trojan horse TR/Vundo.dvc.4
      [INFO]      The file was deleted!
C:\WINDOWS\system32\gukjyyhw.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was deleted!
C:\WINDOWS\system32\iksyessw.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DUP
      [INFO]      The file was deleted!
C:\WINDOWS\system32\khfcabc.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DST
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\mljjkhh.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DST
      [INFO]      The file was deleted!
Begin scan in 'D:\'


End of the scan: mardi 15 janvier 2008  16:24
Used time:  1:05:43 min

The scan has been done completely.

   2963 Scanning directories
 132481 Files were scanned
     15 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
     12 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 132466 Files not concerned
    952 Archives were scanned
      5 Warnings
      0 Notes

Pour Spybot je suis en train de le faire

a +

Manu86 · Answer

Re, Voila le rapport Spybot (très long !) si tu as besoin d'autre chose... --- Search result list --- Win32.Agent.pz: [SBI $C8DD69EE] Réglages (Valeur du registre, fixed) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\UID Win32.Agent.pz: [SBI $0F1C75F7] Réglages (Valeur du registre, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID Alexa Related: [SBI $9263101F] Lien (Remplacer le fichier, fixed) C:\WINDOWS\Web elated.htm AstaKiller: [SBI $2F10E03B] Réglages (Valeur du registre, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Virtumonde: [SBI $42352499] Réglages utilisateur (Clé du registre, fixed) HKEY_USERS\S-1-5-21-861567501-507921405-1343024091-1003\Software\Microsoft dfa Virtumonde: [SBI $47E741CD] Réglages (Clé du registre, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws Virtumonde: [SBI $7342F9D9] Réglages (Clé du registre, fixed) HKEY_USERS\S-1-5-21-861567501-507921405-1343024091-1003\Software\Microsoft\aldd Virtumonde: [SBI $8F2A4A7E] Class ID (Clé du registre, fixed) HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Virtumonde.generic: [SBI $E7142B62] Réglages (Valeur du registre, fixed) HKEY_CLASSES_ROOTCLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\=...C:\WINDOWS\SYSTEM32\KHFCABC.DLL... Virtumonde.generic: [SBI $75DA8FD9] Bibliothèque (Fichier, fixed) C:\WINDOWS\system32\khfcabc.dll Virtumonde.generic: [SBI $FFB000DB] Réglages (Clé du registre, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\KHFCABC Virtumonde.generic: [SBI $1BB1339D] Browser helper object (Clé du registre, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} BlueStreak: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) CasinoPopupStuff: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) DoubleClick: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) Cassava: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) TagASaurus: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) LiveSVC.Wintrim: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) DirectTrack: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) MediaPlex: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) MediaPlex: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) Zedo: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) Virtumonde: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) MediaPlex: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) DirectTrack: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.5 (build: 20070830) --- 2007-08-31 blindman.exe (1.0.0.6) 2007-08-31 SDMain.exe (1.0.0.4) 2007-08-31 SDUpdate.exe (1.0.6.4) 2007-08-31 SDWinSec.exe (1.0.0.8) 2007-08-31 SpybotSD.exe (1.5.1.15) 2007-08-31 TeaTimer.exe (1.5.0.9) 2008-01-15 unins000.exe (51.46.0.0) 2007-08-31 Update.exe (1.4.0.5) 2007-08-31 advcheck.dll (1.5.3.0) 2007-04-02 aports.dll (2.1.0.0) 2007-04-02 DelZip179.dll (1.79.5.3) 2007-08-31 SDHelper.dll (1.5.0.8) 2007-08-31 Tools.dll (2.1.2.0) 2008-01-09 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-01-09 Includes\DialerC.sbi (*) 2008-01-09 Includes\HeavyDuty.sbi (*) 2007-12-26 Includes\Hijackers.sbi (*) 2008-01-09 Includes\HijackersC.sbi (*) 2007-10-04 Includes\Keyloggers.sbi (*) 2008-01-09 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-01-09 Includes\Malware.sbi (*) 2008-01-09 Includes\MalwareC.sbi (*) 2007-10-24 Includes\PUPS.sbi (*) 2008-01-09 Includes\PUPSC.sbi (*) 2008-01-09 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-01-09 Includes\SecurityC.sbi (*) 2007-11-07 Includes\Spybots.sbi (*) 2008-01-09 Includes\SpybotsC.sbi (*) 2007-11-06 Includes\Tracks.uti 2007-12-12 Includes\Trojans.sbi (*) 2008-01-09 Includes\TrojansC.sbi (*) 2008-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) (5.1.2600) / Windows XP / SP3: Windows Installer 3.1 (KB893803) --- Startup entries list --- Located: HK_LM:Run, avgnt command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe size: 249896 MD5: 6E898F5959E7195D64594C30E9251938 Located: HK_LM:Run, LVCOMS command: C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE file: C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE size: 135214 MD5: 25CF0DAE6043D8167B813ED7CDE5C76E Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, RealTray command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER file: C:\Program Files\Real\RealPlayer\RealPlay.exe size: 20480 MD5: 624B05CFE355595117DBFFE3E3B45AFE Located: HK_LM:Run, WooCnxMon command: C:\PROGRA~1\Wanadoo\CnxMon.exe file: C:\PROGRA~1\Wanadoo\CnxMon.exe size: 24576 MD5: 92B7B96A77D5FEEF8F2BACC1278EBC9F Located: HK_LM:Run, WOOTASKBARICON command: C:\PROGRA~1\Wanadoo\TaskbarIcon.exe file: C:\PROGRA~1\Wanadoo\TaskbarIcon.exe size: 49152 MD5: 7DED4604E031DD65D2E3C33434E51AFE Located: HK_LM:Run, WOOWATCH command: C:\PROGRA~1\Wanadoo\Watch.exe file: C:\PROGRA~1\Wanadoo\Watch.exe size: 24576 MD5: FFE42BA31D13E11DA37CBDC482EB991D Located: HK_LM:RunOnce, Spybot - Search & Destroy command: "C:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck file: C:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe size: 4943184 MD5: C92780F50B8BB7A89E919585916494A9 Located: HK_LM:RunOnce, SpybotDeletingA6313 command: command /c del "C:\WINDOWS\system32\khfcabc.dll_old" file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:RunOnce, SpybotDeletingC6885 command: cmd /c del "C:\WINDOWS\system32\khfcabc.dll_old" file: C:\WINDOWS\system32\cmd.exe size: 388096 MD5: 7C2769027921F5F798F5F482A80D2C06 Located: HK_CU:Run, CTFMON.EXE where: .DEFAULT... command: C:\WINDOWS\System32\CTFMON.EXE file: C:\WINDOWS\System32\CTFMON.EXE size: 13312 MD5: F95275CF5E7C30CEA58B0B1B7B40210F Located: HK_CU:Run, CTFMON.EXE where: S-1-5-21-861567501-507921405-1343024091-1003... command: C:\WINDOWS\System32\ctfmon.exe file: C:\WINDOWS\System32\ctfmon.exe size: 13312 MD5: F95275CF5E7C30CEA58B0B1B7B40210F Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-861567501-507921405-1343024091-1003... command: C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe size: 1460560 MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E Located: HK_CU:RunOnce, SpybotDeletingB6004 where: S-1-5-21-861567501-507921405-1343024091-1003... command: command /c del "C:\WINDOWS\system32\khfcabc.dll_old" file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:RunOnce, SpybotDeletingD1061 where: S-1-5-21-861567501-507921405-1343024091-1003... command: cmd /c del "C:\WINDOWS\system32\khfcabc.dll_old" file: C:\WINDOWS\system32\cmd.exe size: 388096 MD5: 7C2769027921F5F798F5F482A80D2C06 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-18... command: C:\WINDOWS\System32\CTFMON.EXE file: C:\WINDOWS\System32\CTFMON.EXE size: 13312 MD5: F95275CF5E7C30CEA58B0B1B7B40210F Located: Démarrage (tous utilisateurs), DSLMON.lnk where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage... command: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe file: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe size: 954475 MD5: 02386BB5189B2C93F1427D05756E1213 Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, khfcabc command: khfcabc.dll file: khfcabc.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {0de32587-9506-496a-982f-a337fe15c2b9} ({9b2c51ef-733a-f289-a694-605978523ed0}) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: {9b2c51ef-733a-f289-a694-605978523ed0} CLSID name: Path: C:\WINDOWS\System32\ Long name: gukjyyhw.dll {33ACE160-F987-416E-9B83-6AF94A628982} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Path: C:\WINDOWS\System32\ Long name: efcbb.dll Short name: Date (created): 14/12/2007 17:39:36 Date (last access): 15/01/2008 16:58:42 Date (last write): 14/12/2007 17:39:50 Filesize: 314624 Attributes: MD5: 90CA6C4B7D5A560B1D42134288018EA9 CRC32: 67FCF12F {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Path: C:\WINDOWS\system32\ Long name: khfcabc.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Google Toolbar Helper description: Google toolbar classification: Open for discussion known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_*.**-big.dll
Googletoolbar_en_*.*.**-deleon.dll info link: http://www.google.com/intl/fr/toolbar/ie/index.html info source: TonyKlein Path: c:\program files\google\ Long name: GoogleToolbar2.dll Short name: GOOGLE~2.DLL Date (created): 17/12/2007 09:49:50 Date (last access): 15/01/2008 16:44:42 Date (last write): 17/12/2007 09:49:50 Filesize: 2436160 Attributes: readonly archive MD5: 6D44E0C3B43D27484FBB355E470C4188 CRC32: 2DE875CD Version: 4.0.1601.4978 --- ActiveX list --- {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) DPF name: System Requirements Lab CLSID name: System Requirements Lab Class Installer: Codebase: https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: sysreqlab2.dll Short name: SYSREQ~1.DLL Date (created): 29/03/2007 11:07:12 Date (last access): 15/01/2008 17:12:38 Date (last write): 29/03/2007 11:07:12 Filesize: 206384 Attributes: archive MD5: ED3B0F1BA60554B9D2E5AE1B02AD9306 CRC32: E2F1D780 Version: 2.30.0.0 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_03 Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u3.inf Codebase: http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin pjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre1.6.0_03\bin\ Long name: npjpi160_03.dll Short name: NPJPI1~1.DLL Date (created): 24/09/2007 23:31:44 Date (last access): 15/01/2008 15:28:24 Date (last write): 25/09/2007 01:11:34 Filesize: 132496 Attributes: archive MD5: D6A4682A6FF41832A3F1A7AB9AE08199 CRC32: 9080B537 Version: 6.0.30.5 {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_03 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab Path: C:\Program Files\Java\jre1.6.0_03\bin\ Long name: npjpi160_03.dll Short name: NPJPI1~1.DLL Date (created): 24/09/2007 23:31:44 Date (last access): 15/01/2008 18:19:26 Date (last write): 25/09/2007 01:11:34 Filesize: 132496 Attributes: archive MD5: D6A4682A6FF41832A3F1A7AB9AE08199 CRC32: 9080B537 Version: 6.0.30.5 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_03 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre1.6.0_03\bin\ Long name: npjpi160_03.dll Short name: NPJPI1~1.DLL Date (created): 24/09/2007 23:31:44 Date (last access): 15/01/2008 18:19:26 Date (last write): 25/09/2007 01:11:34 Filesize: 132496 Attributes: archive MD5: D6A4682A6FF41832A3F1A7AB9AE08199 CRC32: 9080B537 Version: 6.0.30.5 --- Process list --- PID: 0 ( 0) [System] PID: 144 ( 0) \SystemRoot\System32\smss.exe size: 45568 PID: 196 ( 0) \??\C:\WINDOWS\system32\csrss.exe size: 4096 PID: 220 ( 0) \??\C:\WINDOWS\system32\winlogon.exe size: 434176 PID: 264 ( 0) C:\WINDOWS\system32\services.exe size: 101888 MD5: FC0691097471EE374907E1024EDCBD43 PID: 276 ( 0) C:\WINDOWS\system32\lsass.exe size: 11776 MD5: 2C2431B30A629123C1757582C9D93F38 PID: 484 ( 0) C:\WINDOWS\system32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 524 ( 0) C:\WINDOWS\system32\svchost.exe size: 12800 MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 PID: 752 ( 0) C:\WINDOWS\Explorer.EXE size: 1005056 MD5: 9E20A8EF0CA524446AFEE29F4423CC8F PID: 872 ( 0) C:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe size: 4943184 MD5: C92780F50B8BB7A89E919585916494A9 PID: 2992 ( 0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe size: 694272 MD5: F0A1BA703934FF58A2D596DB2CC72AD3 --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 15/01/2008 18:19:25 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page https://www.google.com/?gws_rd=ssl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar https://www.orange.fr/portail HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page https://www.orange.fr/portail HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/toolbar/ie8/sidebar.html HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal) uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft help link: https://www.adaware.com/ (AddressBook) Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX) uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe publisher: Adobe Systems Incorporated help link: https://helpx.adobe.com/flash-player.html Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic) uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE publisher: Avira GmbH help link: http://www.avira.com/classic-support (Branding) (Connection Manager) (DirectAnimation) (DirectDrawEx) Wanadoo (EspaceWanadoo.exe) uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe desinstall.shl (Fontcore) GameSpy Arcade (GameSpy Arcade) uninstall cmd: D:\PROGRA~1\GAMESP~1\UNWISE.EXE D:\PROGRA~1\GAMESP~1\INSTALL.LOG HijackThis 2.0.2 2.0.2 (HijackThis) uninstall cmd: "C:\Program Files\HijackThis\HijackThis.exe" /uninstall publisher: TrendMicro (ICW) (IE40) (IE4Data) (IE5BAKEX) (IEData) JPEG Compression 1.0 (JPEG Compression_is1) install location: C:\Program Files\JPEG Compression\ uninstall cmd: "C:\Program Files\JPEG Compression\unins000.exe" publisher: AZASOFT help link: http://azasoft.free.fr/JPEG/ (KB884016) (KB893803) Windows Installer 3.1 (KB893803) 3.1 (KB893803v2) uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available (Microsoft NetShow Player 2.0) (MobileOptionPack) (MPlayer2) (MSI30-Beta1) (MSI30-Beta2) (MSI30-KB884016) (MSI30-RC1) (MSI30-RC2) (MSI30a-KB884016) (MSI31-Beta) (MSI31-RC1) (NetMeeting) NVIDIA Drivers (NVIDIA Drivers) uninstall cmd: C:\WINDOWS\System32 vudisp.exe UninstallGUI (OutlookExpress) (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf RealPlayer 7 Basic (RealPlayer 6.0) uninstall cmd: C:\Program Files\Fichiers communs\Real\Update\rnuninst.exe RealNetworks|RealPlayer|6.0 (SchedulingAgent) 9.0.115.0 (ShockwaveFlash) nVidia Refresh Rate Fix MKII v2.21f E (ST6UNST #1) uninstall cmd: C:\WINDOWS\st6unst.exe -n "C:\Program Files Vidia Refresh Rate Fix MKII\ST6UNST.LOG" System Requirements Lab (SystemRequirementsLab) uninstall cmd: C:\Program Files\SystemRequirementsLab\Uninstall.exe The KMPlayer (remove only) (The KMPlayer) uninstall cmd: "C:\Program Files\KMP\The KMPlayer\uninstall.exe" VideoLAN VLC media player 0.8.6d 0.8.6d (VLC media player) uninstall cmd: C:\Program Files\VLC\uninstall.exe publisher: VideoLAN Team Wanadoo Messager (Wanadoo Messager) uninstall cmd: C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Archiveur WinRAR (WinRAR archiver) uninstall cmd: C:\Program Files\WinRar\uninstall.exe Xfire (remove only) (Xfire) uninstall cmd: "d:\Program Files\Xfire\uninst.exe" ZoneAlarm Pro 7.0.362.000 (ZoneAlarm Pro) uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe publisher: Check Point, Inc help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm Labtec WebCam 5.64.0000 ({0463B519-E4C8-4C16-84AA-4743D1ED91B5}) version: 88080384 version (major): 5 version (minor): 64 estimated size: 81192 install date: 20071217 install location: C:\Program Files\Labtec\WebCam\ install source: E:\QuickCam\fra\ uninstall cmd: MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5} publisher: Labtec contact: Service clientèle de Labtec help link: www.labtec.com help telephone: +33-(0) 1-43 62 34 14 readme: C:\Program Files\Labtec\WebCam\Readme.txt Medal of Honor débarquement allié ({0DEA94ED-915A-4834-A87E-388D012C8E02}) uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x40c AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC}) install location: C:\Program Files\Divx Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F}) uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030}) version: 17170432 version (major): 1 version (minor): 6 estimated size: 113998 install date: 20071217 install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/ uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} publisher: Sun Microsystems, Inc. contact: https://www.java.com/en/ help link: https://www.java.com/en/ readme: C:\Program Files\Java\jre1.6.0_03\README.txt WebFldrs XP 9.50.5318 ({350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154277062 version (major): 9 version (minor): 50 estimated size: 2668 install date: 20071213 install source: C:\WINDOWS\System32\ publisher: Microsoft Corporation help link: https://www.microsoft.com/en-us/windows/ Sid Meier's Civilization 4 - Warlords 1.00.0000 ({3E4B349F-10B5-4586-9D99-489A90A8B228}) version: 16777216 install date: 20080112 install location: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords install source: E:\ uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe" -l0x40c -removeonly publisher: Firaxis Games help link: https://2k.com/en-US/ readme: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Readme.htm Sid Meier's Civilization 4 1.00.0000 ({4377F918-E6C9-4ECA-A7F5-754B310B7ED8}) version: 16777216 version (major): 1 estimated size: 1968 install date: 20080109 install location: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\ install source: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}\ publisher: Firaxis Games contact: Customer Support Department help link: https://2k.com/en-US/ SAGEM F@st 800-840 ({4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c Windows Live Messenger 8.1.0178.00 ({571700F0-DB9D-4B3A-B03D-35A14BB5939F}) version: 134283442 version (major): 8 version (minor): 1 estimated size: 32095 install date: 20071217 install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} publisher: Microsoft Corporation ({62369F2F77534556AEF4C58152E3BDE5}) 6.5.1 ({7585478E9D9B42108671C12F8714CEFE}) install location: C:\Program Files\Divx uninstall cmd: C:\Program Files\Divx\DivXConverterUninstall.exe /CONVERTER publisher: DivX, Inc. Medal of Honor Débarquement allié(tm) En Formation ({7914BE1E-F186-4790-B8F4-9F63C52A41C1}) install location: d:\Program Files\MOHDA uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x40c DivX Codec 6.8.0 ({7B63B2922B174135AFC0E1377DD81EC2}) install location: C:\Program Files\Divx uninstall cmd: C:\Program Files\Divx\DivXCodecUninstall.exe /CODEC publisher: DivX, Inc. Rhapsody Player Engine 1.0.690 ({8A62A068-3FD6-495A-9F66-26FE94F32EC9}) version: 16777906 version (major): 1 estimated size: 1529 install date: 20071217 install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\IXP000.TMP\ uninstall cmd: MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} publisher: RealNetworks comments: The Rhapsody Player Engine is a Web browser plugin used for Rhapsody On The Web. contact: RealNetworks help link: https://us.napster.com/ DivX Player 6.6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9}) install location: C:\Program Files\Divx uninstall cmd: C:\Program Files\Divx\DivXPlayerUninstall.exe /PLAYER Adobe Reader 8.1.0 - Français 8.1.0 ({AC76BA86-7AD7-1036-7B44-A81000000003}) version: 134283264 version (major): 8 version (minor): 1 estimated size: 149605 install date: 20071219 install location: C:\Program Files\Adobe\Reader 8.0\Reader\ install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\Adobe Reader 8\ uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} publisher: Adobe Systems Incorporated comments: contact: Support clientèle help link: https://helpx.adobe.com/support.html readme: C:\Program Files\Adobe\Reader 8.0\Reader\Lisezmoi.htm DivX Converter 6.5.1 ({B13A7C41581B411290FBC0395694E2A9}) install location: C:\Program Files\Divx uninstall cmd: C:\Program Files\Divx\DivXConverterUninstall.exe /CONVERTER publisher: DivX, Inc. Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) install date: 20080115 install location: C:\Program Files\Spybot\Spybot - Search & Destroy\ uninstall cmd: "C:\Program Files\Spybot\Spybot - Search & Destroy\unins000.exe" publisher: Safer Networking Limited help link: https://www.safer-networking.org/?page=support DivX Web Player 1.4.0 ({B7050CBDB2504B34BC2A9CA0A692CC29}) install location: C:\Program Files\Divx uninstall cmd: C:\Program Files\Divx\DivXWebPlayerUninstall.exe /PLUGIN publisher: DivX,Inc. Medal of Honor Débarquement allié En Formation ({BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}) uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}\Setup.exe" -l0x40c Sid Meier's Civilization 4 1.61 ({CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) version: 20774912 install date: 20080109 install location: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4 install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\byeA.tmp\Disk1\ uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly publisher: Firaxis Games help link: https://2k.com/en-US/ readme: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Readme.htm DivX Content Uploader 1.2.1 ({D050D7362D214723AD585B541FFB6C11}) install location: C:\Program Files\Divx uninstall cmd: C:\Program Files\Divx\DivXContentUploaderUninstall.exe /CUPLOADER publisher: DivX, Inc. Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29}) version: 67108864 version (major): 4 install date: 20071217 install source: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_03/sp1/ uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} publisher: Google Inc. --- System Services --- Service (registry key): Abiosdsk Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote ACPI Microsoft Image path: System32\DRIVERS\ACPI.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ADILOADER Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: General Purpose USB Driver (adildr.sys) Image path: System32\Drivers\adildr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): adiusbaw Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: USB ADSL WAN Adapter Image path: System32\DRIVERS\adiusbaw.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): adpu160m Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): aec Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Suppresseur d'écho acoustique (Noyau Microsoft) Image path: system32\drivers\aec.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Environnement de prise en charge de réseau AFD Image path: \SystemRoot\System32\drivers\afd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): Aha154x Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Alerter Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Avertissement Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service de la passerelle de la couche Application Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 40960 Image MD5: 55D226818B6C3D99741432D37657BA73 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): amsint Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): AntiVirScheduler Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AntiVir PersonalEdition Classic Scheduler Description: Service to schedule AntiVir jobs and updates. Object name: LocalSystem Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" Image size: 63016 Image MD5: A6FA9C14E649B2F3DE15390A1840774D Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 1 Service (registry key): AntiVirService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AntiVir PersonalEdition Classic Guard Description: Offers permanent protection against viruses and malware with the AntiVir search engine. Object name: LocalSystem Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" Image size: 214056 Image MD5: F640EA98231D7B1DB730385813BFCE79 Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 1 Service (registry key): AppMgmt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Gestion d'applications Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): asc Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): AsyncMac Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: System32\DRIVERS\asyncmac.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Contrôleur de disque dur IDE/ESDI standard Image path: System32\DRIVERS\atapi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 0 Service (registry key): Atmarpc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Protocole client ATM ARP Description: Protocole client ATM ARP Image path: System32\DRIVERS\atmarpc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): AudioSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Audio Windows Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): audstub Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote audio Stub Image path: System32\DRIVERS\audstub.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): avgntdd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avgntdd Image path: SYSTEM32\DRIVERS\avgntdd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Depends On services: avgntmgr Service (registry key): avgntmgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avgntmgr Image path: SYSTEM32\DRIVERS\avgntmgr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 1 Service (registry key): avipbb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avipbb Description: Avira's Driver for RootKit Detection Image path: System32\DRIVERS\avipbb.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): basic2 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\DRIVERS\HSF_BSC2.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): BattC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BITS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service de transfert intelligent en arrière-plan Description: Utilise la bande passante réseau inactive pour transférer des données. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,RpcSs Service (registry key): Browser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Explorateur d'ordinateur Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): catchme Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \??\C:\DOCUME~1\Pain\LOCALS~1\Temp\catchme.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): cbidf2k Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): CCDECODE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Décodeur sous-titre fermé Image path: System32\DRIVERS\CCDECODE.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): cd20xrnt Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): Cdrom Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de CD-ROM Image path: System32\DRIVERS\cdrom.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): cisvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service d'indexation Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible. Object name: LocalSystem Image path: C:\WINDOWS\System32\cisvc.exe Image size: 5120 Image MD5: 7901AF03767C140467671C7CEEB2C3FE Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): ClipSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Gestionnaire de l'Album Description: Active le Gestionnaire de l'Album afin de stocker les informations et les partager avec des ordinateurs à distance. Si le service est arrêté, le Gestionnaire de l'Album ne pourra pas partager les informations avec des ordinateurs à distance. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 30720 Image MD5: 3D1AAB2963FABCAFEB507B5C9D67BFBC Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): CmdIde Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): COMSysApp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Application système COM+ Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer. Object name: LocalSystem Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 4608 Image MD5: 17681E6109A67F3AEA66AD6AAE2434E6 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): ContentFilter Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): CryptSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Services de cryptographie Description: Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): ctljystk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Creative SBLive! Port de jeux Image path: System32\DRIVERS\ctljystk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): ctlntsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): dac2w2k Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 0 Service (registry key): dac960nt Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Dhcp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Client DHCP Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de disque Image path: System32\DRIVERS\disk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): dmadmin Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service d'administration du Gestionnaire de disque logique Description: Configure les lecteurs de disque durs et les volumes. Le service ne s'exécute que pour les processus de configurations puis s'arrête. Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 205312 Image MD5: F03B6377293A2CA253E02366B6F817D3 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay,DmServer Service (registry key): dmboot Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\drivers\dmboot.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de Gestionnaire de disque logique Image path: System32\drivers\dmio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): dmload Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\drivers\dmload.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): dmserver Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Gestionnaire de disque logique Description: Détecte et analyse de nouveaux lecteurs de disque durs et envoie les informations de volume de disque au service gestionnaire administratif de disque logique pour la configuration. Si ce service est arrêté, l'état des disques dynamiques et les informations de configuration peuvent devenir obsolètes. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): DMusic Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Synthétiseur DLS du noyau Microsoft Image path: system32\drivers\DMusic.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Client DNS Description: Résout et met en cache les noms DNS pour cet ordinateur. Si ce service est arrêté, l'ordinateur ne pourra pas résoudre les noms DNS et trouver les contrôleurs de domaine Active Directory. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 12800 Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): dpti2o Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): drmkaud Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Filtre de décodeur DRM (Noyau Microsoft) Image path: system32\drivers\drmkaud.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): emu10k Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Creative SB Live! (WDM) Image path: system32\drivers\emu10k1m.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): emu10k1 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote du Gestionnaire d'interface Creative (WDM) Image path: system32\drivers\ctlfacem.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ERSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service de rapport d'erreurs Desc

Manu86 · Answer

Re,

J'ai aussi fait un scan avec BitDefender :

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Tue, Jan 15, 2008 - 20:14:00
 
 
  
  
 
Voie d'analyse: A:\;C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 01:31:14
 
Fichiers
 133474
 
Directoires
 2981
 
Secteurs de boot
 3
 
Archives
 972
 
Paquets programmes
 7304
 
  
  
 
Résultats
 
Virus identifiés
 2
 
Fichiers infectés
 123
 
Fichiers suspects
 2
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 125
 
  
  
 
Info sur les moteurs
 
Définition virus
 890355
 
Version des moteurs
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Analyse des plugins
 14
 
Archive des plugins
 38
 
Unpack des plugins
 7
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 *;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b99a.qua
 Infecté par: Trojan.Vundo.DVC
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b99a.qua
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b99a.qua
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b9a1.qua
 Infecté par: Trojan.Vundo.DVC
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b9a1.qua
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b9a1.qua
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7b9cb.qua
 Infecté par: Trojan.Vundo.DVC
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7b9cb.qua
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7b9cb.qua
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7bfe7.qua
 Infecté par: Trojan.Vundo.DVC
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7bfe7.qua
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7bfe7.qua
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP10\A0017495.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP10\A0017495.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP10\A0017495.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP11\A0017496.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP11\A0017496.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP11\A0017496.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP12\A0017497.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP12\A0017497.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP12\A0017497.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP13\A0017499.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP13\A0017499.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP13\A0017499.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0017504.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0017504.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0017504.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0018489.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0018489.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0018489.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019488.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019488.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019488.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019504.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019504.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019504.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0019510.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0019510.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0019510.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0020504.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0020504.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0020504.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020510.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020510.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020510.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020522.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020522.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020522.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0021522.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0021522.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0021522.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022522.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022522.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022522.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022541.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022541.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022541.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0023541.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0023541.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0023541.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0024541.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0024541.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0024541.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP17\A0024548.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP17\A0024548.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP17\A0024548.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024552.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024552.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024552.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024564.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024564.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024564.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024593.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024593.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024593.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024608.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024608.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024608.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0025608.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0025608.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0025608.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025614.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025614.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025614.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025622.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025622.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025622.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP20\A0025630.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP20\A0025630.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP20\A0025630.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0025691.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0025691.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0025691.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026627.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026627.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026627.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026649.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026649.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026649.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026677.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026677.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026677.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0027677.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0027677.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0027677.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027685.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027685.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027685.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027692.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027692.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027692.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027700.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027700.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027700.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027710.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027710.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027710.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027722.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027722.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027722.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0028724.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0028724.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0028724.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028769.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028769.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028769.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028831.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028831.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028831.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028874.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028874.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028874.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028885.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028885.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028885.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0029885.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0029885.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0029885.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030885.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030885.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030885.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030897.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030897.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030897.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP25\A0031910.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP25\A0031910.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP25\A0031910.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0031928.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0031928.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0031928.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0032013.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0032013.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0032013.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033013.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033013.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033013.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033027.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033027.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033027.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034027.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034027.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034027.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034038.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034038.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034038.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034050.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034050.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034050.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035053.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035053.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035053.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035055.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035055.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035055.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035064.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035064.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035064.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036064.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036064.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036064.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036077.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036077.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036077.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036094.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036094.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036094.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0037094.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0037094.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0037094.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038094.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038094.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038094.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038099.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038099.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038099.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038108.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038108.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038108.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038113.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038113.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038113.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038143.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038143.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038143.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038160.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038160.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038160.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP29\A0038162.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP29\A0038162.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP29\A0038162.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041185.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041185.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041185.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041191.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041191.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041191.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041210.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041210.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041210.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041218.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041218.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041218.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0042218.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0042218.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0042218.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0042220.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0042220.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0042220.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0043218.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0043218.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0043218.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044218.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044218.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044218.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044226.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044226.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044226.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0045226.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0045226.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0045226.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0046226.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0046226.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0046226.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0047226.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0047226.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0047226.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0048226.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0048226.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0048226.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048235.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048235.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048235.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048265.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048265.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048265.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048274.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048274.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048274.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0048278.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0048278.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0048278.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0050352.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0050352.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0050352.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP34\A0050356.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP34\A0050356.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP34\A0050356.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0051385.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0051385.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0051385.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0052379.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0052379.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0052379.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0053379.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0053379.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0053379.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054379.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054379.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054379.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054387.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054387.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054387.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP36\A0054395.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP36\A0054395.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP36\A0054395.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057405.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057405.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057405.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057415.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057415.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057415.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057423.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057423.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057423.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP38\A0057452.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP38\A0057452.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP38\A0057452.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057608.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057608.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057608.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057617.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057617.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057617.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP40\A0057803.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP40\A0057803.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP40\A0057803.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057880.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057880.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057880.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057885.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057885.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057885.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0058885.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0058885.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0058885.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059885.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059885.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059885.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059903.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059903.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059903.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062110.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062110.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062110.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0011225.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0011225.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0011225.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0012225.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0012225.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0012225.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0013225.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0013225.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0013225.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0014225.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0014225.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0014225.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015225.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015225.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015225.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015254.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015254.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015254.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0016254.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0016254.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0016254.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016333.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016333.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016333.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016400.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016400.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016400.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016414.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016414.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016414.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016422.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016422.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016422.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016432.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016432.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016432.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016442.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016442.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016442.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016488.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016488.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016488.ini
 Supprimé
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0017488.ini
 Infecté par: Trojan.Vundo.DVS
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0017488.ini
 Echec de la désinfection
 
C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0017488.ini
 Supprimé
 
C:\WINDOWS\system32\iifgdde.dll
 Suspecté de: Trojan.Vundo.GH
 
C:\WINDOWS\system32\iifgdde.dll
 Echec de la désinfection
 
C:\WINDOWS\system32\iifgdde.dll
 Supprimé
 
C:\WINDOWS\system32	uvtrpp.dll
 Suspecté de: Trojan.Vundo.GH
 
C:\WINDOWS\system32	uvtrpp.dll
 Echec de la désinfection
 
C:\WINDOWS\system32	uvtrpp.dll
 Supprimé
 
  
 Merci de me répondre

a +

jlpjlp · Answer

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

___________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
____________________

vire ce qui est en quarantaine dans antivir

_____________________

si tout s'est bien passé
désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_______________________
recolle un rapport antivir et hijackthis et dis tes soucis

Manu86 · Answer

Salut,

Je ne sais pas si ça a marché car Antivir m'envoi toujours des messages pour me dire qu'il à détecté un virus.
Le rapport de ComboFix :

ComboFix 08-01-16.4 - Pain 2008-01-16 12:46:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.304 [GMT 1:00]
Running from: C:\Program Files\ComboFix\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbcfe.ini
C:\WINDOWS\system32\bbcfe.ini2
C:\WINDOWS\system32\wsseyski.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RUNTIME

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-16 12:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 12:44 . 2008-01-16 12:45 <REP> d-------- C:\Program Files\ComboFix
2008-01-16 11:43 . 2008-01-16 12:40 <REP> d-------- C:\VundoFix Backups
2008-01-16 11:41 . 2008-01-16 11:42 <REP> d-------- C:\Program Files\VundoFix
2008-01-15 18:34 . 2008-01-15 20:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-15 18:18 . 2008-01-15 18:18 94 --a------ C:\WINDOWS\wininit.ini
2008-01-15 12:02 . 2008-01-15 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 12:00 . 2008-01-15 12:00 <REP> d-------- C:\Program Files\Avira
2008-01-15 12:00 . 2008-01-15 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-15 11:51 . 2008-01-15 12:02 <REP> d-------- C:\Program Files\Spybot
2008-01-15 11:41 . 2008-01-15 11:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-14 23:33 . 2008-01-15 09:58 474 ---hs---- C:\WINDOWS\system32\ndjufisc.ini
2008-01-09 21:13 . 2008-01-09 21:13 <REP> d-------- C:\Documents and Settings\Pain\Application Data\My Games
2008-01-09 21:04 . 2008-01-09 21:04 <REP> d-------- C:\Documents and Settings\Pain\Application Data\Xfire
2008-01-09 20:50 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-09 17:18 . 2008-01-09 17:40 <REP> d-------- C:\Program Files\JPEG Compression
2008-01-05 23:40 . 2008-01-05 23:40 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-27 12:50 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-12-27 12:50 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-26 22:41 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-26 22:41 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-26 22:41 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-26 14:29 . 2007-12-26 14:32 <REP> d-------- C:\Documents and Settings\Pain\Application Data\DivX
2007-12-26 14:18 . 2007-12-26 14:28 <REP> d-------- C:\Program Files\Divx
2007-12-24 17:56 . 2002-12-17 15:40 753,664 --a--c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
2007-12-24 17:56 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-24 17:54 . 2002-12-12 20:04 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-12-24 01:44 . 2007-12-24 01:44 <REP> d-------- C:\Documents and Settings\Pain\Application Data\vlc
2007-12-24 01:13 . 2007-12-24 01:43 <REP> d-------- C:\Program Files\VLC
2007-12-23 15:11 . 2007-12-23 15:11 40,870 --a------ C:\17.tmp
2007-12-23 15:11 . 2007-12-23 15:11 34,304 --a------ C:\15.tmp
2007-12-19 17:18 . 2007-12-19 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-17 11:03 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-12-17 11:03 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-12-17 10:59 . 2007-12-17 10:59 <REP> d-------- C:\Program Files\directx
2007-12-17 10:59 . 2003-09-04 10:47 360,448 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-12-17 10:59 . 2003-09-04 10:46 172,032 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-12-17 10:59 . 2003-09-04 10:38 152,576 --a------ C:\WINDOWS\system32\drivers\LV532AV.SYS
2007-12-17 10:59 . 2003-09-04 10:45 135,214 --a------ C:\WINDOWS\system32\LVComS.exe
2007-12-17 10:59 . 2003-09-04 10:47 122,880 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-12-17 10:59 . 2003-09-04 10:49 86,016 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-12-17 10:59 . 2003-09-04 10:45 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
2007-12-17 10:59 . 2003-09-04 10:53 49,152 --a------ C:\WINDOWS\system32\vatee.ax
2007-12-17 10:59 . 2003-09-04 10:30 15,387 --a------ C:\WINDOWS\system32\lvcoinst.ini
2007-12-17 10:59 . 2003-09-04 10:40 12,112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-12-17 10:58 . 2007-12-17 10:59 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-12-17 10:58 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-17 10:57 . 2007-12-17 10:58 512 --a------ C:\WINDOWS\_delis32.ini
2007-12-17 10:11 . 2007-12-17 10:11 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-17 10:11 . 2007-12-17 10:11 24,064 --a------ C:\WINDOWS\system32\prefscpl.cpl
2007-12-17 10:05 . 2007-12-17 10:57 <REP> d-------- C:\Program Files\Labtec
2007-12-17 09:47 . 2007-12-17 12:18 <REP> d-------- C:\Documents and Settings\Pain\Contacts
2007-12-17 09:46 . 2007-12-17 09:46 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-17 09:46 . 2007-12-17 10:11 <REP> d-------- C:\Program Files\Real
2007-12-17 09:45 . 2007-12-17 09:45 <REP> d-------- C:\WINDOWS\Sun
2007-12-17 09:45 . 2007-12-17 09:46 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-17 09:45 . 2007-12-17 10:23 <REP> d-------- C:\Program Files\Google
2007-12-17 09:44 . 2007-12-17 09:44 <REP> d-------- C:\Program Files\Java
2007-12-17 09:44 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 09:39 . 2007-12-17 09:39 <REP> d-------- C:\Program Files\Fichiers communs\Java

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 11:43 --------- d-----w C:\Program Files\Wanadoo
2008-01-12 10:59 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-01-09 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 17:15 193,536 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-17 17:13 1,930,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-17 13:04 19,800,458 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_17_10_29_48_full.dmp.zip
2007-12-17 08:12 16,202,178 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_14_10_09_26_full.dmp.zip
2007-12-17 08:11 19,694,279 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_13_18_25_52_full.dmp.zip
2007-12-14 16:39 314,624 ------w C:\WINDOWS\system32\efcbb.dll
2007-12-14 16:16 --------- d-----w C:\Program Files\KMP
2007-12-14 00:03 --------- d-----w C:\Documents and Settings\Pain\Application Data\Lavasoft
2007-12-13 17:32 1,908,224 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-13 14:10 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-13 14:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-13 13:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-13 12:55 --------- d-----w C:\Program Files\Lavasoft
2007-12-13 12:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-13 12:50 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-13 12:50 --------- d-----w C:\Program Files\nVidia Refresh Rate Fix MKII
2007-12-13 12:17 22 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-13 12:17 --------- d-----w C:\Program Files\Wanadoo Messager
2007-12-13 12:17 --------- d-----w C:\Program Files\SAGEM
2007-12-13 12:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-13 12:05 --------- d-----w C:\Program Files\Services en ligne
2007-12-13 12:03 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-13 11:55 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-12-13 11:55 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0de32587-9506-496a-982f-a337fe15c2b9}]
C:\WINDOWS\System32\gukjyyhw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2958B-8A62-499A-9B1B-AB5947CD8C58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A7443B6-ECEB-40DE-A7FA-A5568436B0AF}]
2007-12-14 17:39 314624 --------- C:\WINDOWS\System32\efcbb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B09D3836-251C-4BCD-B175-EFED78054169}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-04 12:54 13312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 09:28 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 09:28 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 09:28 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-17 10:11 20480]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-15 14:04 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-04 12:54 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcabc]
khfcabc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\efcbb.dll

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 12:51:03
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 12:53:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 11:52:01

Je t'envoi le reste dès que le Scan d'Antivir est fini.

a +

jlpjlp · Answer

ok aplus colle antivir et dis tes problemes

Manu86 · Answer

Re,

Ok voila Antivir :

---------------------------------------------------------------------------

AntiVir PersonalEdition Classic
Report file date: mercredi 16 janvier 2008  13:06

Scanning for 1042372 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (plain)  [5.1.2600]
Username:         SYSTEM
Computer name:    BRUNO

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14/12/2007 13:04:50
ANTIVIR2.VDF : 7.0.2.0      948736 Bytes  15/01/2008 11:17:27
ANTIVIR3.VDF : 7.0.2.5       16896 Bytes  16/01/2008 11:17:27
AVEWIN32.DLL : 7.6.0.48    3080704 Bytes  16/01/2008 11:17:28
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  16/01/2008 11:17:28
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 16 janvier 2008  13:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\efcbb.dll
      [DETECTION] Is the Trojan horse TR/Vundo.DVE
      [WARNING]   The file could not be deleted!
Begin scan in 'D:\'


End of the scan: mercredi 16 janvier 2008  14:49
Used time:  1:43:26 min

The scan has been done completely.

   2956 Scanning directories
 134109 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 134108 Files not concerned
    977 Archives were scanned
      3 Warnings
      1 Notes



Et le rapport HijackThis :

------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:09, on 16/01/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {9b2c51ef-733a-f289-a694-605978523ed0} - {0de32587-9506-496a-982f-a337fe15c2b9} - C:\WINDOWS\System32\gukjyyhw.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F2958B-8A62-499A-9B1B-AB5947CD8C58} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9A7443B6-ECEB-40DE-A7FA-A5568436B0AF} - C:\WINDOWS\System32\efcbb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B09D3836-251C-4BCD-B175-EFED78054169} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.1 80.10.246.132
O20 - Winlogon Notify: khfcabc - khfcabc.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp · Answer

desactive le tea timer le temps de la desinfection
_______________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

O2 - BHO: {9b2c51ef-733a-f289-a694-605978523ed0} - {0de32587-9506-496a-982f-a337fe15c2b9} - C:\WINDOWS\System32\gukjyyhw.dll (file missing)

O2 - BHO: (no name) - {54F2958B-8A62-499A-9B1B-AB5947CD8C58} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9A7443B6-ECEB-40DE-A7FA-A5568436B0AF} - C:\WINDOWS\System32\efcbb.dll

O2 - BHO: (no name) - {B09D3836-251C-4BCD-B175-EFED78054169} - (no file)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

O20 - Winlogon Notify: khfcabc - khfcabc.dll (file missing) 

_______________________


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 

C:\WINDOWS\System32\efcbb.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

___________________________

installe spywareblster qui protegera en partie contre vundo qui t'inféctait mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

______________________
navigue avec firefox ou opera a la place de internet explorer
http://www.mozilla-europe.org/fr/products/firefox/

________________________


ton windows n'est pas a jour c'est normal?
DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE

Virus

11 réponses

Votre réponse

Discussions similaires

Newsletters