Virus

Manu86 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je crois que mon PC est infécté par un spyware.
Voici le log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:53, on 15/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cc4865ac] rundll32.exe "C:\WINDOWS\System32\csifujdn.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4721 bytes

Merci de votre aide

a +
Configuration: Windows XP
Internet Explorer 6.0

11 réponses

  1. jlpjlp
     
    slt
    ton windows n'est pas a jour et tu a pas d'antivirus?

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32\ntos.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [cc4865ac] rundll32.exe "C:\WINDOWS\System32\csifujdn.dll",b

    _______________________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    __________________________________

    scan avec des antiespions (en mode sans échec):

    spybot :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    voir demo d utilisation (merci Balltrap)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    _____________________________________

    installe si tu n'en as pas un antivirus
    ANTIVIR (en anglais mais très efficace) et colle nous le rapport
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    ou sinon:

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    ____________________

    recolle hijackthis et dis tes problemes
    0
  2. Manu86
     
    Re,

    ok voila la première étape :

    SDFix: Version 1.126

    Run by Pain on 15/01/2008 at 11:42

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Pain\Bureau\NOUVEA~1\SDFix

    Safe Mode:
    Checking Services:

    Name:
    runtime

    Path:
    \??\C:\WINDOWS\System32\drivers\runtime.sys

    runtime - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\18.TMP - Deleted
    C:\19.TMP - Deleted
    C:\WINDOWS\system32\*_exception.nls - Deleted

    Folder C:\WINDOWS\system32\wsnpoem - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-15 11:46:08
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\Pain\Bureau\NOUVEA~1\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Finished!

    Je fais le reste et je te répond

    merci à toi

    a +
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok a plus
    0
  4. Manu86
     
    Re,

    j'ai installé Antivir et voici le rapport :

    AntiVir PersonalEdition Classic
    Report file date: mardi 15 janvier 2008 15:18

    Scanning for 1036833 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: SYSTEM
    Computer name: BRUNO

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:04:50
    ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 13:04:50
    ANTIVIR3.VDF : 7.0.1.240 282624 Bytes 15/01/2008 13:04:50
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 15/01/2008 13:04:52
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 15/01/2008 13:04:53
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 15 janvier 2008 15:18

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'devldr32.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'realplay.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    27 processes with 27 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\khfcabc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DST
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\khfcabc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DST

    The registry was scanned ( '33' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\12.tmp
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was deleted!
    C:\14.tmp
    [DETECTION] Is the Trojan horse TR/Agent.AGGZ
    [INFO] The file was deleted!
    C:\16.tmp
    [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.no
    [INFO] The file was deleted!
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035047.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062028.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DUP
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062029.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvc.4
    [INFO] The file was deleted!
    C:\WINDOWS\system32\csifujdn.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drearysp.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvc.4
    [INFO] The file was deleted!
    C:\WINDOWS\system32\efcbb.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DVE
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\exjahhtg.dll
    [DETECTION] Is the Trojan horse TR/Vundo.dvc.4
    [INFO] The file was deleted!
    C:\WINDOWS\system32\gukjyyhw.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\iksyessw.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DUP
    [INFO] The file was deleted!
    C:\WINDOWS\system32\khfcabc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DST
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\mljjkhh.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DST
    [INFO] The file was deleted!
    Begin scan in 'D:\'

    End of the scan: mardi 15 janvier 2008 16:24
    Used time: 1:05:43 min

    The scan has been done completely.

    2963 Scanning directories
    132481 Files were scanned
    15 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    12 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    132466 Files not concerned
    952 Archives were scanned
    5 Warnings
    0 Notes

    Pour Spybot je suis en train de le faire

    a +
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Manu86
     
    Re,

    Voila le rapport Spybot (très long !) si tu as besoin d'autre chose...

    --- Search result list ---
    Win32.Agent.pz: [SBI $C8DD69EE] Réglages (Valeur du registre, fixed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

    Win32.Agent.pz: [SBI $0F1C75F7] Réglages (Valeur du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID

    Alexa Related: [SBI $9263101F] Lien (Remplacer le fichier, fixed)
    C:\WINDOWS\Web\related.htm

    AstaKiller: [SBI $2F10E03B] Réglages (Valeur du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

    Virtumonde: [SBI $42352499] Réglages utilisateur (Clé du registre, fixed)
    HKEY_USERS\S-1-5-21-861567501-507921405-1343024091-1003\Software\Microsoft\rdfa

    Virtumonde: [SBI $47E741CD] Réglages (Clé du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

    Virtumonde: [SBI $7342F9D9] Réglages (Clé du registre, fixed)
    HKEY_USERS\S-1-5-21-861567501-507921405-1343024091-1003\Software\Microsoft\aldd

    Virtumonde: [SBI $8F2A4A7E] Class ID (Clé du registre, fixed)
    HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

    Virtumonde.generic: [SBI $E7142B62] Réglages (Valeur du registre, fixed)
    HKEY_CLASSES_ROOTCLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\=...C:\WINDOWS\SYSTEM32\KHFCABC.DLL...

    Virtumonde.generic: [SBI $75DA8FD9] Bibliothèque (Fichier, fixed)
    C:\WINDOWS\system32\khfcabc.dll

    Virtumonde.generic: [SBI $FFB000DB] Réglages (Clé du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\KHFCABC

    Virtumonde.generic: [SBI $1BB1339D] Browser helper object (Clé du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

    BlueStreak: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    CasinoPopupStuff: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    DoubleClick: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    Cassava: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    TagASaurus: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    LiveSVC.Wintrim: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    DirectTrack: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    MediaPlex: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    MediaPlex: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    Zedo: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    Virtumonde: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    MediaPlex: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    DirectTrack: [SBI $61F39AC8] Cookie traceur (Internet Explorer: Pain) (Cookie, fixed)

    --- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

    2007-08-31 blindman.exe (1.0.0.6)
    2007-08-31 SDMain.exe (1.0.0.4)
    2007-08-31 SDUpdate.exe (1.0.6.4)
    2007-08-31 SDWinSec.exe (1.0.0.8)
    2007-08-31 SpybotSD.exe (1.5.1.15)
    2007-08-31 TeaTimer.exe (1.5.0.9)
    2008-01-15 unins000.exe (51.46.0.0)
    2007-08-31 Update.exe (1.4.0.5)
    2007-08-31 advcheck.dll (1.5.3.0)
    2007-04-02 aports.dll (2.1.0.0)
    2007-04-02 DelZip179.dll (1.79.5.3)
    2007-08-31 SDHelper.dll (1.5.0.8)
    2007-08-31 Tools.dll (2.1.2.0)
    2008-01-09 Includes\Cookies.sbi (*)
    2007-12-26 Includes\Dialer.sbi (*)
    2008-01-09 Includes\DialerC.sbi (*)
    2008-01-09 Includes\HeavyDuty.sbi (*)
    2007-12-26 Includes\Hijackers.sbi (*)
    2008-01-09 Includes\HijackersC.sbi (*)
    2007-10-04 Includes\Keyloggers.sbi (*)
    2008-01-09 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-01-09 Includes\Malware.sbi (*)
    2008-01-09 Includes\MalwareC.sbi (*)
    2007-10-24 Includes\PUPS.sbi (*)
    2008-01-09 Includes\PUPSC.sbi (*)
    2008-01-09 Includes\Revision.sbi (*)
    2008-01-09 Includes\Security.sbi (*)
    2008-01-09 Includes\SecurityC.sbi (*)
    2007-11-07 Includes\Spybots.sbi (*)
    2008-01-09 Includes\SpybotsC.sbi (*)
    2007-11-06 Includes\Tracks.uti
    2007-12-12 Includes\Trojans.sbi (*)
    2008-01-09 Includes\TrojansC.sbi (*)
    2008-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows XP (Build: 2600) (5.1.2600)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)

    --- Startup entries list ---
    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    size: 249896
    MD5: 6E898F5959E7195D64594C30E9251938

    Located: HK_LM:Run, LVCOMS
    command: C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    file: C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    size: 135214
    MD5: 25CF0DAE6043D8167B813ED7CDE5C76E

    Located: HK_LM:Run, NvCplDaemon
    command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, NvMediaCenter
    command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, RealTray
    command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    file: C:\Program Files\Real\RealPlayer\RealPlay.exe
    size: 20480
    MD5: 624B05CFE355595117DBFFE3E3B45AFE

    Located: HK_LM:Run, WooCnxMon
    command: C:\PROGRA~1\Wanadoo\CnxMon.exe
    file: C:\PROGRA~1\Wanadoo\CnxMon.exe
    size: 24576
    MD5: 92B7B96A77D5FEEF8F2BACC1278EBC9F

    Located: HK_LM:Run, WOOTASKBARICON
    command: C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    file: C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    size: 49152
    MD5: 7DED4604E031DD65D2E3C33434E51AFE

    Located: HK_LM:Run, WOOWATCH
    command: C:\PROGRA~1\Wanadoo\Watch.exe
    file: C:\PROGRA~1\Wanadoo\Watch.exe
    size: 24576
    MD5: FFE42BA31D13E11DA37CBDC482EB991D

    Located: HK_LM:RunOnce, Spybot - Search & Destroy
    command: "C:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe
    size: 4943184
    MD5: C92780F50B8BB7A89E919585916494A9

    Located: HK_LM:RunOnce, SpybotDeletingA6313
    command: command /c del "C:\WINDOWS\system32\khfcabc.dll_old"
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC6885
    command: cmd /c del "C:\WINDOWS\system32\khfcabc.dll_old"
    file: C:\WINDOWS\system32\cmd.exe
    size: 388096
    MD5: 7C2769027921F5F798F5F482A80D2C06

    Located: HK_CU:Run, CTFMON.EXE
    where: .DEFAULT...
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 13312
    MD5: F95275CF5E7C30CEA58B0B1B7B40210F

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-21-861567501-507921405-1343024091-1003...
    command: C:\WINDOWS\System32\ctfmon.exe
    file: C:\WINDOWS\System32\ctfmon.exe
    size: 13312
    MD5: F95275CF5E7C30CEA58B0B1B7B40210F

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-861567501-507921405-1343024091-1003...
    command: C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
    size: 1460560
    MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

    Located: HK_CU:RunOnce, SpybotDeletingB6004
    where: S-1-5-21-861567501-507921405-1343024091-1003...
    command: command /c del "C:\WINDOWS\system32\khfcabc.dll_old"
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD1061
    where: S-1-5-21-861567501-507921405-1343024091-1003...
    command: cmd /c del "C:\WINDOWS\system32\khfcabc.dll_old"
    file: C:\WINDOWS\system32\cmd.exe
    size: 388096
    MD5: 7C2769027921F5F798F5F482A80D2C06

    Located: HK_CU:Run, CTFMON.EXE
    where: S-1-5-18...
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 13312
    MD5: F95275CF5E7C30CEA58B0B1B7B40210F

    Located: Démarrage (tous utilisateurs), DSLMON.lnk
    where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
    command: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    file: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    size: 954475
    MD5: 02386BB5189B2C93F1427D05756E1213

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, khfcabc
    command: khfcabc.dll
    file: khfcabc.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    --- Browser helper object list ---
    {0de32587-9506-496a-982f-a337fe15c2b9} ({9b2c51ef-733a-f289-a694-605978523ed0})
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: {9b2c51ef-733a-f289-a694-605978523ed0}
    CLSID name:
    Path: C:\WINDOWS\System32\
    Long name: gukjyyhw.dll

    {33ACE160-F987-416E-9B83-6AF94A628982} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\System32\
    Long name: efcbb.dll
    Short name:
    Date (created): 14/12/2007 17:39:36
    Date (last access): 15/01/2008 16:58:42
    Date (last write): 14/12/2007 17:39:50
    Filesize: 314624
    Attributes:
    MD5: 90CA6C4B7D5A560B1D42134288018EA9
    CRC32: 67FCF12F

    {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: C:\WINDOWS\system32\
    Long name: khfcabc.dll

    {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://www.google.com/intl/fr/toolbar/ie/index.html
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar2.dll
    Short name: GOOGLE~2.DLL
    Date (created): 17/12/2007 09:49:50
    Date (last access): 15/01/2008 16:44:42
    Date (last write): 17/12/2007 09:49:50
    Filesize: 2436160
    Attributes: readonly archive
    MD5: 6D44E0C3B43D27484FBB355E470C4188
    CRC32: 2DE875CD
    Version: 4.0.1601.4978

    --- ActiveX list ---
    {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab)
    DPF name: System Requirements Lab
    CLSID name: System Requirements Lab Class
    Installer:
    Codebase: https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: sysreqlab2.dll
    Short name: SYSREQ~1.DLL
    Date (created): 29/03/2007 11:07:12
    Date (last access): 15/01/2008 17:12:38
    Date (last write): 29/03/2007 11:07:12
    Filesize: 206384
    Attributes: archive
    MD5: ED3B0F1BA60554B9D2E5AE1B02AD9306
    CRC32: E2F1D780
    Version: 2.30.0.0

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer: C:\WINDOWS\Downloaded Program Files\jinstall-6u3.inf
    Codebase: http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
    Date (last access): 15/01/2008 15:28:24
    Date (last write): 25/09/2007 01:11:34
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
    Date (last access): 15/01/2008 18:19:26
    Date (last write): 25/09/2007 01:11:34
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
    Date (last access): 15/01/2008 18:19:26
    Date (last write): 25/09/2007 01:11:34
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 144 ( 0) \SystemRoot\System32\smss.exe
    size: 45568
    PID: 196 ( 0) \??\C:\WINDOWS\system32\csrss.exe
    size: 4096
    PID: 220 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
    size: 434176
    PID: 264 ( 0) C:\WINDOWS\system32\services.exe
    size: 101888
    MD5: FC0691097471EE374907E1024EDCBD43
    PID: 276 ( 0) C:\WINDOWS\system32\lsass.exe
    size: 11776
    MD5: 2C2431B30A629123C1757582C9D93F38
    PID: 484 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    PID: 524 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    PID: 752 ( 0) C:\WINDOWS\Explorer.EXE
    size: 1005056
    MD5: 9E20A8EF0CA524446AFEE29F4423CC8F
    PID: 872 ( 0) C:\Program Files\Spybot\Spybot - Search & Destroy\SpybotSD.exe
    size: 4943184
    MD5: C92780F50B8BB7A89E919585916494A9
    PID: 2992 ( 0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    size: 694272
    MD5: F0A1BA703934FF58A2D596DB2CC72AD3

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 15/01/2008 18:19:25

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.google.com/?gws_rd=ssl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    https://www.orange.fr/portail
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.orange.fr/portail
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://www.google.com/toolbar/ie8/sidebar.html
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

    --- Winsock Layered Service Provider list ---

    --- Uninstall list ---
    Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    publisher: Lavasoft
    help link: https://www.adaware.com/

    (AddressBook)

    Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
    uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    publisher: Adobe Systems Incorporated
    help link: https://helpx.adobe.com/flash-player.html

    Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
    uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    publisher: Avira GmbH
    help link: http://www.avira.com/classic-support

    (Branding)

    (Connection Manager)

    (DirectAnimation)

    (DirectDrawEx)

    Wanadoo (EspaceWanadoo.exe)
    uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe desinstall.shl

    (Fontcore)

    GameSpy Arcade (GameSpy Arcade)
    uninstall cmd: D:\PROGRA~1\GAMESP~1\UNWISE.EXE D:\PROGRA~1\GAMESP~1\INSTALL.LOG

    HijackThis 2.0.2 2.0.2 (HijackThis)
    uninstall cmd: "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
    publisher: TrendMicro

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    JPEG Compression 1.0 (JPEG Compression_is1)
    install location: C:\Program Files\JPEG Compression\
    uninstall cmd: "C:\Program Files\JPEG Compression\unins000.exe"
    publisher: AZASOFT
    help link: http://azasoft.free.fr/JPEG/

    (KB884016)

    (KB893803)

    Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
    uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

    (Microsoft NetShow Player 2.0)

    (MobileOptionPack)

    (MPlayer2)

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (NetMeeting)

    NVIDIA Drivers (NVIDIA Drivers)
    uninstall cmd: C:\WINDOWS\System32\nvudisp.exe UninstallGUI

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    RealPlayer 7 Basic (RealPlayer 6.0)
    uninstall cmd: C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

    (SchedulingAgent)

    9.0.115.0 (ShockwaveFlash)

    nVidia Refresh Rate Fix MKII v2.21f E (ST6UNST #1)
    uninstall cmd: C:\WINDOWS\st6unst.exe -n "C:\Program Files\nVidia Refresh Rate Fix MKII\ST6UNST.LOG"

    System Requirements Lab (SystemRequirementsLab)
    uninstall cmd: C:\Program Files\SystemRequirementsLab\Uninstall.exe

    The KMPlayer (remove only) (The KMPlayer)
    uninstall cmd: "C:\Program Files\KMP\The KMPlayer\uninstall.exe"

    VideoLAN VLC media player 0.8.6d 0.8.6d (VLC media player)
    uninstall cmd: C:\Program Files\VLC\uninstall.exe
    publisher: VideoLAN Team

    Wanadoo Messager (Wanadoo Messager)
    uninstall cmd: C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG

    Archiveur WinRAR (WinRAR archiver)
    uninstall cmd: C:\Program Files\WinRar\uninstall.exe

    Xfire (remove only) (Xfire)
    uninstall cmd: "d:\Program Files\Xfire\uninst.exe"

    ZoneAlarm Pro 7.0.362.000 (ZoneAlarm Pro)
    uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
    publisher: Check Point, Inc
    help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

    Labtec WebCam 5.64.0000 ({0463B519-E4C8-4C16-84AA-4743D1ED91B5})
    version: 88080384
    version (major): 5
    version (minor): 64
    estimated size: 81192
    install date: 20071217
    install location: C:\Program Files\Labtec\WebCam\
    install source: E:\QuickCam\fra\
    uninstall cmd: MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5}
    publisher: Labtec
    contact: Service clientèle de Labtec
    help link: www.labtec.com
    help telephone: +33-(0) 1-43 62 34 14
    readme: C:\Program Files\Labtec\WebCam\Readme.txt

    Medal of Honor débarquement allié ({0DEA94ED-915A-4834-A87E-388D012C8E02})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x40c

    AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
    install location: C:\Program Files\Divx

    Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
    uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

    Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
    version: 17170432
    version (major): 1
    version (minor): 6
    estimated size: 113998
    install date: 20071217
    install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    publisher: Sun Microsystems, Inc.
    contact: https://www.java.com/en/
    help link: https://www.java.com/en/
    readme: C:\Program Files\Java\jre1.6.0_03\README.txt

    WebFldrs XP 9.50.5318 ({350C97B8-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154277062
    version (major): 9
    version (minor): 50
    estimated size: 2668
    install date: 20071213
    install source: C:\WINDOWS\System32\
    publisher: Microsoft Corporation
    help link: https://www.microsoft.com/en-us/windows/

    Sid Meier's Civilization 4 - Warlords 1.00.0000 ({3E4B349F-10B5-4586-9D99-489A90A8B228})
    version: 16777216
    install date: 20080112
    install location: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords
    install source: E:\
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe" -l0x40c -removeonly
    publisher: Firaxis Games
    help link: https://2k.com/en-US/
    readme: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Readme.htm

    Sid Meier's Civilization 4 1.00.0000 ({4377F918-E6C9-4ECA-A7F5-754B310B7ED8})
    version: 16777216
    version (major): 1
    estimated size: 1968
    install date: 20080109
    install location: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\
    install source: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}\
    publisher: Firaxis Games
    contact: Customer Support Department
    help link: https://2k.com/en-US/

    SAGEM F@st 800-840 ({4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c

    Windows Live Messenger 8.1.0178.00 ({571700F0-DB9D-4B3A-B03D-35A14BB5939F})
    version: 134283442
    version (major): 8
    version (minor): 1
    estimated size: 32095
    install date: 20071217
    install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    publisher: Microsoft Corporation

    ({62369F2F77534556AEF4C58152E3BDE5})

    6.5.1 ({7585478E9D9B42108671C12F8714CEFE})
    install location: C:\Program Files\Divx
    uninstall cmd: C:\Program Files\Divx\DivXConverterUninstall.exe /CONVERTER
    publisher: DivX, Inc.

    Medal of Honor Débarquement allié(tm) En Formation ({7914BE1E-F186-4790-B8F4-9F63C52A41C1})
    install location: d:\Program Files\MOHDA
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x40c

    DivX Codec 6.8.0 ({7B63B2922B174135AFC0E1377DD81EC2})
    install location: C:\Program Files\Divx
    uninstall cmd: C:\Program Files\Divx\DivXCodecUninstall.exe /CODEC
    publisher: DivX, Inc.

    Rhapsody Player Engine 1.0.690 ({8A62A068-3FD6-495A-9F66-26FE94F32EC9})
    version: 16777906
    version (major): 1
    estimated size: 1529
    install date: 20071217
    install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
    publisher: RealNetworks
    comments: The Rhapsody Player Engine is a Web browser plugin used for Rhapsody On The Web.
    contact: RealNetworks
    help link: https://us.napster.com/

    DivX Player 6.6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
    install location: C:\Program Files\Divx
    uninstall cmd: C:\Program Files\Divx\DivXPlayerUninstall.exe /PLAYER

    Adobe Reader 8.1.0 - Français 8.1.0 ({AC76BA86-7AD7-1036-7B44-A81000000003})
    version: 134283264
    version (major): 8
    version (minor): 1
    estimated size: 149605
    install date: 20071219
    install location: C:\Program Files\Adobe\Reader 8.0\Reader\
    install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\Adobe Reader 8\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    publisher: Adobe Systems Incorporated
    comments:
    contact: Support clientèle
    help link: https://helpx.adobe.com/support.html
    readme: C:\Program Files\Adobe\Reader 8.0\Reader\Lisezmoi.htm

    DivX Converter 6.5.1 ({B13A7C41581B411290FBC0395694E2A9})
    install location: C:\Program Files\Divx
    uninstall cmd: C:\Program Files\Divx\DivXConverterUninstall.exe /CONVERTER
    publisher: DivX, Inc.

    Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
    install date: 20080115
    install location: C:\Program Files\Spybot\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited
    help link: https://www.safer-networking.org/?page=support

    DivX Web Player 1.4.0 ({B7050CBDB2504B34BC2A9CA0A692CC29})
    install location: C:\Program Files\Divx
    uninstall cmd: C:\Program Files\Divx\DivXWebPlayerUninstall.exe /PLUGIN
    publisher: DivX,Inc.

    Medal of Honor Débarquement allié En Formation ({BE699EDC-9E58-4671-A23E-9CDF7F6F42F2})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}\Setup.exe" -l0x40c

    Sid Meier's Civilization 4 1.61 ({CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8})
    version: 20774912
    install date: 20080109
    install location: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4
    install source: C:\DOCUME~1\Pain\LOCALS~1\Temp\byeA.tmp\Disk1\
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c -removeonly
    publisher: Firaxis Games
    help link: https://2k.com/en-US/
    readme: d:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Readme.htm

    DivX Content Uploader 1.2.1 ({D050D7362D214723AD585B541FFB6C11})
    install location: C:\Program Files\Divx
    uninstall cmd: C:\Program Files\Divx\DivXContentUploaderUninstall.exe /CUPLOADER
    publisher: DivX, Inc.

    Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
    version: 67108864
    version (major): 4
    install date: 20071217
    install source: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_03/sp1/
    uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    publisher: Google Inc.

    --- System Services ---
    Service (registry key): Abiosdsk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): abp480n5
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote ACPI Microsoft
    Image path: System32\DRIVERS\ACPI.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ACPIEC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ADILOADER
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: General Purpose USB Driver (adildr.sys)
    Image path: System32\Drivers\adildr.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): adiusbaw
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB ADSL WAN Adapter
    Image path: System32\DRIVERS\adiusbaw.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aec
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
    Image path: system32\drivers\aec.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Environnement de prise en charge de réseau AFD
    Image path: \SystemRoot\System32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): Aha154x
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78u2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Alerter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avertissement
    Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service de la passerelle de la couche Application
    Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 40960
    Image MD5: 55D226818B6C3D99741432D37657BA73
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): AliIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amsint
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AntiVirScheduler
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AntiVir PersonalEdition Classic Scheduler
    Description: Service to schedule AntiVir jobs and updates.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
    Image size: 63016
    Image MD5: A6FA9C14E649B2F3DE15390A1840774D
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): AntiVirService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AntiVir PersonalEdition Classic Guard
    Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
    Image size: 214056
    Image MD5: F640EA98231D7B1DB730385813BFCE79
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): AppMgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Gestion d'applications
    Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): asc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3350p
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3550
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AsyncMac
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de média asynchrone RAS
    Description: Pilote de média asynchrone RAS
    Image path: System32\DRIVERS\asyncmac.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Contrôleur de disque dur IDE/ESDI standard
    Image path: System32\DRIVERS\atapi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Atdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): Atmarpc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Protocole client ATM ARP
    Description: Protocole client ATM ARP
    Image path: System32\DRIVERS\atmarpc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): AudioSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Audio Windows
    Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): audstub
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote audio Stub
    Image path: System32\DRIVERS\audstub.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): avgntdd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgntdd
    Image path: SYSTEM32\DRIVERS\avgntdd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: avgntmgr

    Service (registry key): avgntmgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgntmgr
    Image path: SYSTEM32\DRIVERS\avgntmgr.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): avipbb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avipbb
    Description: Avira's Driver for RootKit Detection
    Image path: System32\DRIVERS\avipbb.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): basic2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\HSF_BSC2.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): BattC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Beep
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BITS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service de transfert intelligent en arrière-plan
    Description: Utilise la bande passante réseau inactive pour transférer des données.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,RpcSs

    Service (registry key): Browser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Explorateur d'ordinateur
    Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): catchme
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \??\C:\DOCUME~1\Pain\LOCALS~1\Temp\catchme.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): cbidf2k
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CCDECODE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Décodeur sous-titre fermé
    Image path: System32\DRIVERS\CCDECODE.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): cd20xrnt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Cdaudio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): Cdrom
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de CD-ROM
    Image path: System32\DRIVERS\cdrom.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): Changer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): cisvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service d'indexation
    Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\cisvc.exe
    Image size: 5120
    Image MD5: 7901AF03767C140467671C7CEEB2C3FE
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): ClipSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Gestionnaire de l'Album
    Description: Active le Gestionnaire de l'Album afin de stocker les informations et les partager avec des ordinateurs à distance. Si le service est arrêté, le Gestionnaire de l'Album ne pourra pas partager les informations avec des ordinateurs à distance. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\clipsrv.exe
    Image size: 30720
    Image MD5: 3D1AAB2963FABCAFEB507B5C9D67BFBC
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: NetDDE

    Service (registry key): CmdIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): COMSysApp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Application système COM+
    Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 4608
    Image MD5: 17681E6109A67F3AEA66AD6AAE2434E6
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): ContentFilter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ContentIndex
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Cpqarray
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CryptSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Services de cryptographie
    Description: Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): ctljystk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Creative SBLive! Port de jeux
    Image path: System32\DRIVERS\ctljystk.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): ctlntsvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): dac2w2k
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): dac960nt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Dhcp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Client DHCP
    Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd,NetBT

    Service (registry key): Disk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de disque
    Image path: System32\DRIVERS\disk.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): dmadmin
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service d'administration du Gestionnaire de disque logique
    Description: Configure les lecteurs de disque durs et les volumes. Le service ne s'exécute que pour les processus de configurations puis s'arrête.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\dmadmin.exe /com
    Image size: 205312
    Image MD5: F03B6377293A2CA253E02366B6F817D3
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay,DmServer

    Service (registry key): dmboot
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\drivers\dmboot.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de Gestionnaire de disque logique
    Image path: System32\drivers\dmio.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmload
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\drivers\dmload.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmserver
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Gestionnaire de disque logique
    Description: Détecte et analyse de nouveaux lecteurs de disque durs et envoie les informations de volume de disque au service gestionnaire administratif de disque logique pour la configuration. Si ce service est arrêté, l'état des disques dynamiques et les informations de configuration peuvent devenir obsolètes. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay

    Service (registry key): DMusic
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Synthétiseur DLS du noyau Microsoft
    Image path: system32\drivers\DMusic.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Dnscache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Client DNS
    Description: Résout et met en cache les noms DNS pour cet ordinateur. Si ce service est arrêté, l'ordinateur ne pourra pas résoudre les noms DNS et trouver les contrôleurs de domaine Active Directory. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): dpti2o
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): drmkaud
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Filtre de décodeur DRM (Noyau Microsoft)
    Image path: system32\drivers\drmkaud.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): emu10k
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Creative SB Live! (WDM)
    Image path: system32\drivers\emu10k1m.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): emu10k1
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote du Gestionnaire d'interface Creative (WDM)
    Image path: system32\drivers\ctlfacem.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ERSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service de rapport d'erreurs
    Desc
    0
  7. Manu86
     
    Re,

    J'ai aussi fait un scan avec BitDefender :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Tue, Jan 15, 2008 - 20:14:00

    Voie d'analyse: A:\;C:\;D:\;E:\;

    Statistiques

    Temps
    01:31:14

    Fichiers
    133474

    Directoires
    2981

    Secteurs de boot
    3

    Archives
    972

    Paquets programmes
    7304

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    123

    Fichiers suspects
    2

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    125

    Info sur les moteurs

    Définition virus
    890355

    Version des moteurs
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b99a.qua
    Infecté par: Trojan.Vundo.DVC

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b99a.qua
    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b99a.qua
    Supprimé

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b9a1.qua
    Infecté par: Trojan.Vundo.DVC

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b9a1.qua
    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d7b9a1.qua
    Supprimé

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7b9cb.qua
    Infecté par: Trojan.Vundo.DVC

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7b9cb.qua
    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7b9cb.qua
    Supprimé

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7bfe7.qua
    Infecté par: Trojan.Vundo.DVC

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7bfe7.qua
    Echec de la désinfection

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47f7bfe7.qua
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP10\A0017495.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP10\A0017495.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP10\A0017495.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP11\A0017496.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP11\A0017496.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP11\A0017496.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP12\A0017497.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP12\A0017497.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP12\A0017497.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP13\A0017499.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP13\A0017499.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP13\A0017499.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0017504.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0017504.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0017504.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0018489.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0018489.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0018489.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019488.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019488.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019488.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019504.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019504.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP14\A0019504.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0019510.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0019510.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0019510.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0020504.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0020504.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP15\A0020504.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020510.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020510.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020510.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020522.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020522.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0020522.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0021522.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0021522.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0021522.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022522.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022522.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022522.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022541.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022541.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0022541.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0023541.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0023541.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0023541.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0024541.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0024541.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP16\A0024541.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP17\A0024548.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP17\A0024548.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP17\A0024548.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024552.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024552.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024552.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024564.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024564.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024564.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024593.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024593.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024593.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024608.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024608.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0024608.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0025608.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0025608.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP18\A0025608.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025614.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025614.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025614.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025622.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025622.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP19\A0025622.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP20\A0025630.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP20\A0025630.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP20\A0025630.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0025691.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0025691.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0025691.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026627.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026627.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026627.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026649.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026649.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026649.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026677.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026677.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0026677.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0027677.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0027677.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP21\A0027677.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027685.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027685.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027685.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027692.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027692.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027692.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027700.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027700.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027700.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027710.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027710.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027710.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027722.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027722.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0027722.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0028724.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0028724.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP22\A0028724.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028769.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028769.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028769.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028831.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028831.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP23\A0028831.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028874.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028874.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028874.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028885.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028885.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0028885.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0029885.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0029885.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0029885.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030885.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030885.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030885.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030897.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030897.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP24\A0030897.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP25\A0031910.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP25\A0031910.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP25\A0031910.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0031928.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0031928.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0031928.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0032013.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0032013.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0032013.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033013.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033013.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033013.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033027.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033027.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0033027.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034027.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034027.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034027.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034038.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034038.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034038.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034050.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034050.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0034050.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035053.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035053.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP26\A0035053.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035055.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035055.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035055.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035064.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035064.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0035064.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036064.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036064.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036064.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036077.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036077.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036077.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036094.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036094.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0036094.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0037094.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0037094.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0037094.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038094.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038094.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038094.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038099.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038099.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP27\A0038099.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038108.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038108.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038108.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038113.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038113.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038113.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038143.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038143.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038143.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038160.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038160.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP28\A0038160.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP29\A0038162.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP29\A0038162.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP29\A0038162.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041185.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041185.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041185.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041191.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041191.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041191.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041210.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041210.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041210.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041218.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041218.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0041218.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0042218.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0042218.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP30\A0042218.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0042220.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0042220.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0042220.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0043218.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0043218.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0043218.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044218.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044218.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044218.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044226.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044226.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0044226.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0045226.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0045226.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0045226.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0046226.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0046226.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0046226.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0047226.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0047226.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0047226.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0048226.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0048226.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP31\A0048226.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048235.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048235.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048235.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048265.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048265.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048265.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048274.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048274.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP32\A0048274.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0048278.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0048278.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0048278.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0050352.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0050352.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP33\A0050352.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP34\A0050356.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP34\A0050356.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP34\A0050356.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0051385.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0051385.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0051385.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0052379.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0052379.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0052379.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0053379.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0053379.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0053379.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054379.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054379.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054379.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054387.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054387.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP35\A0054387.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP36\A0054395.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP36\A0054395.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP36\A0054395.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057405.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057405.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057405.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057415.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057415.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057415.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057423.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057423.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP37\A0057423.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP38\A0057452.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP38\A0057452.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP38\A0057452.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057608.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057608.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057608.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057617.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057617.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP39\A0057617.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP40\A0057803.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP40\A0057803.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP40\A0057803.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057880.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057880.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057880.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057885.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057885.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0057885.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0058885.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0058885.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0058885.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059885.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059885.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059885.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059903.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059903.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP41\A0059903.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062110.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062110.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP43\A0062110.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0011225.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0011225.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0011225.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0012225.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0012225.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0012225.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0013225.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0013225.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0013225.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0014225.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0014225.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0014225.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015225.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015225.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015225.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015254.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015254.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0015254.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0016254.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0016254.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP8\A0016254.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016333.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016333.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016333.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016400.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016400.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016400.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016414.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016414.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016414.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016422.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016422.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016422.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016432.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016432.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016432.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016442.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016442.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016442.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016488.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016488.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0016488.ini
    Supprimé

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0017488.ini
    Infecté par: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0017488.ini
    Echec de la désinfection

    C:\System Volume Information\_restore{1E1C8303-1176-4FE3-8618-CF7C1939F723}\RP9\A0017488.ini
    Supprimé

    C:\WINDOWS\system32\iifgdde.dll
    Suspecté de: Trojan.Vundo.GH

    C:\WINDOWS\system32\iifgdde.dll
    Echec de la désinfection

    C:\WINDOWS\system32\iifgdde.dll
    Supprimé

    C:\WINDOWS\system32\tuvtrpp.dll
    Suspecté de: Trojan.Vundo.GH

    C:\WINDOWS\system32\tuvtrpp.dll
    Echec de la désinfection

    C:\WINDOWS\system32\tuvtrpp.dll
    Supprimé

    Merci de me répondre

    a +
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    ___________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ____________________

    vire ce qui est en quarantaine dans antivir

    _____________________

    si tout s'est bien passé
    désactive la restauration système pour purger les virus qui seraient dedans puis réactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    _______________________
    recolle un rapport antivir et hijackthis et dis tes soucis
    0
  9. Manu86
     
    Salut,

    Je ne sais pas si ça a marché car Antivir m'envoi toujours des messages pour me dire qu'il à détecté un virus.
    Le rapport de ComboFix :

    ComboFix 08-01-16.4 - Pain 2008-01-16 12:46:19.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.304 [GMT 1:00]
    Running from: C:\Program Files\ComboFix\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bbcfe.ini
    C:\WINDOWS\system32\bbcfe.ini2
    C:\WINDOWS\system32\wsseyski.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_RUNTIME

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-16 12:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-16 12:44 . 2008-01-16 12:45 <REP> d-------- C:\Program Files\ComboFix
    2008-01-16 11:43 . 2008-01-16 12:40 <REP> d-------- C:\VundoFix Backups
    2008-01-16 11:41 . 2008-01-16 11:42 <REP> d-------- C:\Program Files\VundoFix
    2008-01-15 18:34 . 2008-01-15 20:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-15 18:18 . 2008-01-15 18:18 94 --a------ C:\WINDOWS\wininit.ini
    2008-01-15 12:02 . 2008-01-15 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-15 12:00 . 2008-01-15 12:00 <REP> d-------- C:\Program Files\Avira
    2008-01-15 12:00 . 2008-01-15 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-15 11:51 . 2008-01-15 12:02 <REP> d-------- C:\Program Files\Spybot
    2008-01-15 11:41 . 2008-01-15 11:41 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-14 23:33 . 2008-01-15 09:58 474 ---hs---- C:\WINDOWS\system32\ndjufisc.ini
    2008-01-09 21:13 . 2008-01-09 21:13 <REP> d-------- C:\Documents and Settings\Pain\Application Data\My Games
    2008-01-09 21:04 . 2008-01-09 21:04 <REP> d-------- C:\Documents and Settings\Pain\Application Data\Xfire
    2008-01-09 20:50 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2008-01-09 17:18 . 2008-01-09 17:40 <REP> d-------- C:\Program Files\JPEG Compression
    2008-01-05 23:40 . 2008-01-05 23:40 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-12-27 12:50 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
    2007-12-27 12:50 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
    2007-12-26 22:41 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-12-26 22:41 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
    2007-12-26 22:41 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
    2007-12-26 14:29 . 2007-12-26 14:32 <REP> d-------- C:\Documents and Settings\Pain\Application Data\DivX
    2007-12-26 14:18 . 2007-12-26 14:28 <REP> d-------- C:\Program Files\Divx
    2007-12-24 17:56 . 2002-12-17 15:40 753,664 --a--c--- C:\WINDOWS\system32\dllcache\setup_wm.exe
    2007-12-24 17:56 . 2002-12-12 01:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-12-24 17:54 . 2002-12-12 20:04 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
    2007-12-24 01:44 . 2007-12-24 01:44 <REP> d-------- C:\Documents and Settings\Pain\Application Data\vlc
    2007-12-24 01:13 . 2007-12-24 01:43 <REP> d-------- C:\Program Files\VLC
    2007-12-23 15:11 . 2007-12-23 15:11 40,870 --a------ C:\17.tmp
    2007-12-23 15:11 . 2007-12-23 15:11 34,304 --a------ C:\15.tmp
    2007-12-19 17:18 . 2007-12-19 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2007-12-17 11:03 . 2001-08-23 17:47 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-12-17 11:03 . 2001-08-23 17:47 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
    2007-12-17 10:59 . 2007-12-17 10:59 <REP> d-------- C:\Program Files\directx
    2007-12-17 10:59 . 2003-09-04 10:47 360,448 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-12-17 10:59 . 2003-09-04 10:46 172,032 --a------ C:\WINDOWS\system32\lvcodec2.dll
    2007-12-17 10:59 . 2003-09-04 10:38 152,576 --a------ C:\WINDOWS\system32\drivers\LV532AV.SYS
    2007-12-17 10:59 . 2003-09-04 10:45 135,214 --a------ C:\WINDOWS\system32\LVComS.exe
    2007-12-17 10:59 . 2003-09-04 10:47 122,880 --a------ C:\WINDOWS\system32\LVUI2.dll
    2007-12-17 10:59 . 2003-09-04 10:49 86,016 --a------ C:\WINDOWS\system32\lvcoinst.dll
    2007-12-17 10:59 . 2003-09-04 10:45 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
    2007-12-17 10:59 . 2003-09-04 10:53 49,152 --a------ C:\WINDOWS\system32\vatee.ax
    2007-12-17 10:59 . 2003-09-04 10:30 15,387 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2007-12-17 10:59 . 2003-09-04 10:40 12,112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-12-17 10:58 . 2007-12-17 10:59 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-12-17 10:58 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-17 10:57 . 2007-12-17 10:58 512 --a------ C:\WINDOWS\_delis32.ini
    2007-12-17 10:11 . 2007-12-17 10:11 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2007-12-17 10:11 . 2007-12-17 10:11 24,064 --a------ C:\WINDOWS\system32\prefscpl.cpl
    2007-12-17 10:05 . 2007-12-17 10:57 <REP> d-------- C:\Program Files\Labtec
    2007-12-17 09:47 . 2007-12-17 12:18 <REP> d-------- C:\Documents and Settings\Pain\Contacts
    2007-12-17 09:46 . 2007-12-17 09:46 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-12-17 09:46 . 2007-12-17 10:11 <REP> d-------- C:\Program Files\Real
    2007-12-17 09:45 . 2007-12-17 09:45 <REP> d-------- C:\WINDOWS\Sun
    2007-12-17 09:45 . 2007-12-17 09:46 <REP> d-------- C:\Program Files\MSN Messenger
    2007-12-17 09:45 . 2007-12-17 10:23 <REP> d-------- C:\Program Files\Google
    2007-12-17 09:44 . 2007-12-17 09:44 <REP> d-------- C:\Program Files\Java
    2007-12-17 09:44 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-12-17 09:39 . 2007-12-17 09:39 <REP> d-------- C:\Program Files\Fichiers communs\Java

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 11:43 --------- d-----w C:\Program Files\Wanadoo
    2008-01-12 10:59 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2008-01-09 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-17 17:15 193,536 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2007-12-17 17:13 1,930,752 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2007-12-17 13:04 19,800,458 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_17_10_29_48_full.dmp.zip
    2007-12-17 08:12 16,202,178 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_14_10_09_26_full.dmp.zip
    2007-12-17 08:11 19,694,279 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_12_13_18_25_52_full.dmp.zip
    2007-12-14 16:39 314,624 ------w C:\WINDOWS\system32\efcbb.dll
    2007-12-14 16:16 --------- d-----w C:\Program Files\KMP
    2007-12-14 00:03 --------- d-----w C:\Documents and Settings\Pain\Application Data\Lavasoft
    2007-12-13 17:32 1,908,224 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2007-12-13 14:10 --------- d-----w C:\Program Files\The All-Seeing Eye
    2007-12-13 14:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-13 13:35 --------- d-----w C:\Program Files\SystemRequirementsLab
    2007-12-13 12:55 --------- d-----w C:\Program Files\Lavasoft
    2007-12-13 12:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-12-13 12:50 249,856 ------w C:\WINDOWS\Setup1.exe
    2007-12-13 12:50 --------- d-----w C:\Program Files\nVidia Refresh Rate Fix MKII
    2007-12-13 12:17 22 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
    2007-12-13 12:17 --------- d-----w C:\Program Files\Wanadoo Messager
    2007-12-13 12:17 --------- d-----w C:\Program Files\SAGEM
    2007-12-13 12:08 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-13 12:05 --------- d-----w C:\Program Files\Services en ligne
    2007-12-13 12:03 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-12-13 11:55 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-13 11:55 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0de32587-9506-496a-982f-a337fe15c2b9}]
    C:\WINDOWS\System32\gukjyyhw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2958B-8A62-499A-9B1B-AB5947CD8C58}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A7443B6-ECEB-40DE-A7FA-A5568436B0AF}]
    2007-12-14 17:39 314624 --------- C:\WINDOWS\System32\efcbb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B09D3836-251C-4BCD-B175-EFED78054169}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-04 12:54 13312]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-05-13 09:28 24576]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-05-13 09:28 24576]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 09:28 49152]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-12-17 10:11 20480]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45 135214]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-15 14:04 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-04 12:54 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcabc]
    khfcabc.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\efcbb.dll

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-16 12:51:03
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-16 12:53:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-16 11:52:01

    Je t'envoi le reste dès que le Scan d'Antivir est fini.

    a +
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok aplus colle antivir et dis tes problemes
    0
  11. Manu86
     
    Re,

    Ok voila Antivir :

    ---------------------------------------------------------------------------

    AntiVir PersonalEdition Classic
    Report file date: mercredi 16 janvier 2008 13:06

    Scanning for 1042372 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: SYSTEM
    Computer name: BRUNO

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:04:50
    ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 11:17:27
    ANTIVIR3.VDF : 7.0.2.5 16896 Bytes 16/01/2008 11:17:27
    AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 16/01/2008 11:17:28
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 11:17:28
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 16 janvier 2008 13:06

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
    Scan process 'devldr32.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    30 processes with 30 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '32' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\efcbb.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DVE
    [WARNING] The file could not be deleted!
    Begin scan in 'D:\'

    End of the scan: mercredi 16 janvier 2008 14:49
    Used time: 1:43:26 min

    The scan has been done completely.

    2956 Scanning directories
    134109 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    134108 Files not concerned
    977 Archives were scanned
    3 Warnings
    1 Notes

    Et le rapport HijackThis :

    ------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:52:09, on 16/01/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {9b2c51ef-733a-f289-a694-605978523ed0} - {0de32587-9506-496a-982f-a337fe15c2b9} - C:\WINDOWS\System32\gukjyyhw.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {54F2958B-8A62-499A-9B1B-AB5947CD8C58} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9A7443B6-ECEB-40DE-A7FA-A5568436B0AF} - C:\WINDOWS\System32\efcbb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {B09D3836-251C-4BCD-B175-EFED78054169} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.1 80.10.246.132
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0675D244-D418-45FA-A742-11107E7B55B5}: NameServer = 80.10.246.1 80.10.246.132
    O20 - Winlogon Notify: khfcabc - khfcabc.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desactive le tea timer le temps de la desinfection
    _______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: {9b2c51ef-733a-f289-a694-605978523ed0} - {0de32587-9506-496a-982f-a337fe15c2b9} - C:\WINDOWS\System32\gukjyyhw.dll (file missing)

    O2 - BHO: (no name) - {54F2958B-8A62-499A-9B1B-AB5947CD8C58} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9A7443B6-ECEB-40DE-A7FA-A5568436B0AF} - C:\WINDOWS\System32\efcbb.dll

    O2 - BHO: (no name) - {B09D3836-251C-4BCD-B175-EFED78054169} - (no file)

    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

    O20 - Winlogon Notify: khfcabc - khfcabc.dll (file missing)

    _______________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\System32\efcbb.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________________

    installe spywareblster qui protegera en partie contre vundo qui t'inféctait mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

    ______________________
    navigue avec firefox ou opera a la place de internet explorer
    http://www.mozilla-europe.org/fr/products/firefox/

    ________________________

    ton windows n'est pas a jour c'est normal?
    DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE
    0