PC qui rame et trojan qui trainent..Résolu/Fermé

Question

Bonjour,
mon pc rame enormement et je ne peu plus travailler...je suis envahi de trojan et autre saloperies..
voici mon rapport hijackthis..pouvez vous m'aider ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:32, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Documents and Settings\All Users\Application Data
wpevkpy\huhozqty.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\KOfcpfwSvcs.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\SAV\sav.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\DOCUME~1\Remon\LOCALS~1\Temp\video198.cfg.exe
C:\WINDOWS\system32\edoxqlyb.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Remon\LOCALS~1\Temp\c.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CF01CEAB-8765-4973-83A5-55A5553E4CA2} - C:\WINDOWS\system32\urqOIcBq.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KOfcpfwSvcs.exe] C:\WINDOWS\system32\KOfcpfwSvcs.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [303cdeab] rundll32.exe "C:\WINDOWS\system32\qklnkwqs.dll",b
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM330fed37] Rundll32.exe "C:\WINDOWS\system32\dwqovgvf.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ysZ2yuEkDC] C:\Documents and Settings\All Users\Application Data
wpevkpy\huhozqty.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

geoffrey5 · Answer

Salut !!

tu as quelques infections...

Télécharger sur le bureau malwarebytes à cette adresse : 

https://www.androidworld.fr/
 
Voici un tuto pour bien l installer et bien l utiliser : 

https://www.androidworld.fr/

aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé
 

Après l analyse, redémarrer le pc et poste le rapport !!

Et refais un nouveau rapport hijackthis stp

Destrio5 · Answer

Salut,

Infection Vundo.

Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

--->  Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
--->  Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
--->  Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

freakyalex · Answer

bonjour, 

voila le rapport de malwarebytes...
mais j ai deux petites questions: quand je demarre en mode sans echec mon pc check les disk et me di qu il n a pas trouvé d erreur, il demarre donc normalement...autrement di je ne peut pas acceder au mode sans echec..

freakyalex · Answer

pardon j ai envoyer sans finir..

l autre soucy est spybot je n ose pas le debrancher comme me le propose destrio...goeffrey vous ne m en avez pas parler qui dois je ecouter ?

merci bcp


Malwarebytes' Anti-Malware 1.15
Version de la base de données: 842

12:03:55 15/09/2008
mbam-log-9-15-2008 (12-03-55).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 310651
Temps écoulé: 1 hour(s), 3 minute(s), 31 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 34
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 77

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
mwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionun\Windows Updates (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersionun\Windows Updates (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\303cdeab (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM330fed37 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Remon\Local Settings	emp\5491.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqOIAs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\axosbafg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvuSLe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lthpstbb.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32	rrplgxd.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUnkhfE.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNEwTl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	emp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Config\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Remon\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.

freakyalex · Answer

pardon j ai envoyer sans finir..

l autre soucy est spybot je n ose pas le debrancher comme me le propose destrio...goeffrey vous ne m en avez pas parler qui dois je ecouter ?

merci bcp


Malwarebytes' Anti-Malware 1.15
Version de la base de données: 842

12:03:55 15/09/2008
mbam-log-9-15-2008 (12-03-55).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 310651
Temps écoulé: 1 hour(s), 3 minute(s), 31 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 34
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 77

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT
mwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersionun\Windows Updates (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersionun\Windows Updates (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\303cdeab (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM330fed37 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Remon\Local Settings	emp\5491.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqOIAs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\axosbafg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvuSLe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lthpstbb.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32	rrplgxd.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUnkhfE.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNEwTl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	emp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Config\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Remon\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.

geoffrey5 · Answer

Salut !!

je conseille aussi à tout le monde de désactiver le résident de spybot, il embete plus qu autre chose...

- ouvre spybot
- clique sur mode dans la barre des menus puis sélectionne mode avancé
- clique ensuite sur outil en bas à gauche puis sur résident dans la fenetre de gauche
- décoches les 2 cases des bouclier
- ensuite reclique sur mode puis sélectionne mode par défaut.
- tu peux fermer spybot

ensuite fais combofix comme destrio te l as demandé stp

freakyalex · Answer

voila combofix ComboFix 08-09-14.06 - Remon 2008-09-15 12:42:08.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2683 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Remon\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Remon\Cookies\remon@ad.yieldmanager[1].txt C:\Documents and Settings\Remon\Cookies\remon@clickintext[1].txt C:\Documents and Settings\Remon\Cookies\remon@clicktorrent[1].txt C:\WINDOWS\BM330fed37.txt C:\WINDOWS\system32\dsckfblu.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 )))))))))))))))))))))))))))))))))))) . 2008-09-15 12:15 . 2008-09-15 12:15 90,112 --a------ C:\WINDOWS\system32\fclmhuvq.exe 2008-09-15 01:57 . 2008-09-15 01:57 d-------- C:\Program Files\SAV 2008-09-15 01:57 . 2008-09-15 01:57 d-------- C:\Documents and Settings\All Users\Application Data\nwpevkpy 2008-09-15 01:57 . 2008-09-15 01:57 113,668 --a------ C:\WINDOWS\system32\msxml71.dll 2008-09-15 01:57 . 2008-09-15 01:57 98,304 --a------ C:\WINDOWS\system32\edoxqlyb.exe 2008-09-14 18:18 . 2006-09-03 14:36 1,870,336 --a------ C:\WINDOWS\system32\bconvert.dll 2008-09-14 18:18 . 2006-09-03 14:36 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll 2008-09-14 18:18 . 2006-09-03 14:36 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll 2008-09-14 17:50 . 2008-09-14 17:50 d-------- C:\Program Files\Alcohol Soft 2008-09-14 17:17 . 2008-09-14 17:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-09-14 17:16 . 2008-09-14 17:16 d-------- C:\Documents and Settings\Remon\Application Data\DAEMON Tools 2008-09-12 11:48 . 2008-09-12 11:48 d-------- C:\Program Files\iZotope 2008-09-12 11:48 . 2008-09-12 11:48 d-------- C:\Program Files\Fichiers communs\iZotope 2008-09-12 11:27 . 2008-09-12 11:27 d-------- C:\_ScratchLIVE_Backup 2008-09-12 11:25 . 2008-09-12 11:25 d-------- C:\ConvertTemp 2008-09-12 11:04 . 2008-09-12 11:25 d-------- C:\WINDOWS\LastGood(2) 2008-09-12 02:11 . 2008-09-12 13:41 d-------- C:\Program Files\Fichiers communs\Native Instruments 2008-09-12 02:11 . 2008-09-12 02:11 d-------- C:\Program Files\Common Files 2008-09-12 01:47 . 2008-09-15 02:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-12 01:47 . 2008-09-12 01:47 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-03 15:55 . 2008-09-03 15:55 d-------- C:\_ScratchLIVE_BackupTemp 2008-08-18 19:46 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-16 05:42 . 2008-08-16 05:42 268 --ah----- C:\sqmdata01.sqm 2008-08-16 05:42 . 2008-08-16 05:42 244 --ah----- C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-15 10:44 --------- d-----w C:\Documents and Settings\Remon\Application Data\DNA 2008-09-15 10:14 --------- d-----w C:\Documents and Settings\Remon\Application Data\OpenOffice.org2 2008-09-15 00:02 --------- d-----w C:\Documents and Settings\Remon\Application Data\Azureus 2008-09-14 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-09-12 11:44 --------- d-----w C:\Program Files\Native Instruments 2008-09-12 09:26 --------- d-----w C:\Program Files\Vuze 2008-09-12 09:26 --------- d-----w C:\Program Files\Google 2008-09-12 09:25 --------- d-----w C:\Documents and Settings\Remon\Application Data\combustion4 2008-09-12 09:23 --------- d-----w C:\Program Files\DNA 2008-08-28 18:01 --------- d-----w C:\Documents and Settings\Remon\Application Data\FileZilla 2008-08-11 15:34 --------- d-----w C:\Program Files\Java 2008-08-04 21:17 --------- d-----w C:\Program Files\AskSBar 2008-08-04 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-07-31 20:18 --------- d-----w C:\Program Files\Soulseek 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-11-04 10:53 1,367,695 ----a-w C:\Program Files\VirtualDub-MPEG2_1.6.15_b24600_Fr.exe 2007-10-14 12:01 24,576 --sha-w C:\WINDOWS\system32\KOfcpfwSvcs.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-09_16.02.54.87 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll + 2008-05-02 13:33:12 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll + 2008-05-02 14:01:52 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll + 2008-05-02 13:44:40 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll + 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll + 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll + 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll + 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll + 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll + 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll + 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe + 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll + 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll + 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll + 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll + 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll + 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll + 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll + 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll + 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll + 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll + 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru040c.dll + 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll + 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll + 2008-04-21 06:43:36 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll + 2008-04-21 06:43:36 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll + 2008-04-21 06:30:24 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll + 2008-04-21 06:30:24 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll + 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys + 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys + 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll + 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll + 2008-04-11 18:40:33 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll + 2008-04-11 19:05:22 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll + 2008-04-11 22:23:04 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll + 2007-12-03 15:25:43 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-06-14 18:03:13 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys + 2008-06-14 17:33:37 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys + 2008-06-14 17:40:19 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll + 2008-04-14 16:17:04 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys + 2008-04-14 15:59:30 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys + 2008-04-14 16:22:05 272,768 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll + 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll + 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys + 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll + 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll + 2008-05-01 15:04:51 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll + 2008-05-01 14:36:26 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll + 2008-05-01 14:39:23 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll + 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll + 2008-06-23 16:15:33 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll + 2008-06-23 16:15:34 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll + 2008-06-23 16:15:35 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll + 2008-06-23 16:15:35 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll + 2008-06-23 16:15:35 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll + 2008-06-23 16:15:35 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll + 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe + 2008-06-23 16:15:36 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll + 2008-06-23 16:15:36 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll + 2008-06-23 16:15:36 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll + 2008-06-23 16:15:39 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll + 2008-06-23 16:15:40 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll + 2008-06-23 16:15:40 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll + 2008-06-23 16:15:41 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll + 2008-06-23 16:15:41 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll + 2008-06-23 16:15:42 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll + 2008-06-23 16:15:43 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\spru040c.dll + 2008-06-23 16:15:43 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll + 2008-06-23 16:15:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll + 2008-06-23 15:10:27 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll + 2008-06-26 08:13:32 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll + 2008-06-26 08:13:32 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll + 2008-06-23 15:10:27 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll + 2008-06-25 04:26:28 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll + 2008-06-26 08:00:28 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll + 2008-06-26 08:00:28 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll + 2008-06-23 14:56:26 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll + 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll + 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe + 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll + 2007-11-30 11:19:06 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe + 2007-11-30 11:19:10 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll + 2004-08-19 23:09:33 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll + 2008-02-16 09:02:34 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB950759$\browseui.dll + 2008-02-16 09:02:34 152,064 -c----w C:\WINDOWS\$NtUninstallKB950759$\cdfview.dll + 2008-02-16 09:02:34 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB950759$\danim.dll + 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtmsft.dll + 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtrans.dll + 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759$\extmgr.dll + 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe + 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\iepeers.dll + 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\$NtUninstallKB950759$\inseng.dll + 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759$\jsproxy.dll + 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll + 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtmled.dll + 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\msrating.dll + 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759$\mstime.dll + 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759$\pngfilt.dll + 2008-02-16 09:02:38 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB950759$\shdocvw.dll + 2008-02-16 09:02:38 474,624 -c----w C:\WINDOWS\$NtUninstallKB950759$\shlwapi.dll + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\updspapi.dll + 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\$NtUninstallKB950759$\urlmon.dll + 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll + 2008-02-15 23:03:14 370,176 -c----w C:\WINDOWS\$NtUninstallKB950759$\xpsp3res.dll + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll + 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll + 2005-07-26 04:39:57 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe + 2007-11-30 12:39:29 406,392 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll + 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll + 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe + 2008-04-14 15:52:45 272,768 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll + 2004-08-19 22:55:31 274,944 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe + 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll + 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll + 2004-08-04 06:14:14 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys + 2008-02-20 05:35:05 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll + 2004-08-19 23:09:34 247,808 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe + 2007-11-30 12:39:29 406,392 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys + 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys + 2004-08-19 23:09:32 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe + 2007-11-30 11:19:10 406,392 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll + 2005-06-29 01:49:41 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll + 2007-11-30 11:19:06 234,872 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe + 2007-11-30 12:39:31 406,392 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll + 2008-04-21 07:02:27 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB953838$\browseui.dll + 2008-04-21 07:02:27 152,064 -c----w C:\WINDOWS\$NtUninstallKB953838$\cdfview.dll + 2008-04-21 07:02:28 1,056,768 -c----w C:\WINDOWS\$NtUninstallKB953838$\danim.dll + 2008-04-21 07:02:28 357,888 -c----w C:\WINDOWS\$NtUninstallKB953838$\dxtmsft.dll + 2008-04-21 07:02:28 205,312 -c----w C:\WINDOWS\$NtUninstallKB953838$\dxtrans.dll + 2008-04-21 07:02:28 55,808 -c----w C:\WINDOWS\$NtUninstallKB953838$\extmgr.dll + 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\$NtUninstallKB953838$\iedw.exe + 2008-04-21 07:02:29 251,392 -c----w C:\WINDOWS\$NtUninstallKB953838$\iepeers.dll + 2008-04-21 07:02:29 96,768 -c----w C:\WINDOWS\$NtUninstallKB953838$\inseng.dll + 2008-04-21 07:02:29 16,384 -c----w C:\WINDOWS\$NtUninstallKB953838$\jsproxy.dll + 2008-04-21 07:02:34 3,080,704 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll + 2008-04-21 07:02:34 449,024 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtmled.dll + 2008-04-21 07:02:34 146,432 -c----w C:\WINDOWS\$NtUninstallKB953838$\msrating.dll + 2008-04-21 07:02:35 532,480 -c----w C:\WINDOWS\$NtUninstallKB953838$\mstime.dll + 2008-04-21 07:02:35 39,424 -c----w C:\WINDOWS\$NtUninstallKB953838$\pngfilt.dll + 2008-04-21 07:02:37 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB953838$\shdocvw.dll + 2008-04-21 07:02:38 474,624 -c----w C:\WINDOWS\$NtUninstallKB953838$\shlwapi.dll + 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe + 2007-11-30 12:39:29 406,392 -c----w C:\WINDOWS\$NtUninstallKB953838$\spuninst\updspapi.dll + 2008-04-21 07:02:39 617,984 -c----w C:\WINDOWS\$NtUninstallKB953838$\urlmon.dll + 2008-04-21 07:02:40 663,552 -c----w C:\WINDOWS\$NtUninstallKB953838$\wininet.dll + 2008-04-17 11:03:45 370,176 -c----w C:\WINDOWS\$NtUninstallKB953838$\xpsp3res.dll + 2007-07-27 06:28:58 234,872 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe + 2007-07-27 08:41:48 382,840 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll + 2006-10-18 19:47:20 295,936 -c----w C:\WINDOWS\$NtUninstallKB954154_WM11$\wmpeffects.dll + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-06-08 00:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-06-09 14:31:16 5,722,112 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2008-06-09 14:31:16 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-06-08 00:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-06-09 14:31:04 5,722,112 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2008-06-09 14:31:05 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-06 21:17:50 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe + 2008-08-06 21:17:50 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2008-08-06 21:17:50 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2008-08-06 21:17:50 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2008-08-06 21:17:50 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2008-08-06 21:17:50 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe - 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-06-23 15:39:58 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll - 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-06-23 15:39:58 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll + 1994-05-16 14:30:54 20,976 ----a-w C:\WINDOWS\system32\CTL3D.DLL - 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll + 2008-06-23 15:39:59 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll + 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys - 2008-02-16 09:02:34 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-06-23 15:39:58 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-06-14 17:59:52 272,768 -c----w C:\WINDOWS\system32\dllcache\bthport.sys - 2008-02-16 09:02:34 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-06-23 15:39:58 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2008-02-16 09:02:34 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll + 2008-06-23 15:39:59 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll - 2008-02-20 05:35:05 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-06-20 17:41:06 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 15:40:00 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 15:40:00 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-07-07 20:31:48 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll - 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 15:40:00 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe + 2008-06-23 09:49:29 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe - 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-06-23 15:40:00 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll - 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 18:51:06 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll + 2008-06-23 15:40:00 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll - 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 15:40:00 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll + 2001-08-17 20:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101b.dll - 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll + 2001-08-17 20:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd101c.dll - 2001-08-17 21:55:56 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll + 2001-08-17 20:55:56 5,632 -c--a-w C:\WINDOWS\system32\dllcache\kbd103.dll - 2001-08-17 21:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll + 2001-08-17 20:55:56 6,144 -c--a-w C:\WINDOWS\system32\dllcache\kbd106.dll - 2001-08-23 16:47:06 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll + 2001-08-23 15:47:06 8,704 -c--a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll - 2001-08-23 16:47:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll + 2001-08-23 15:47:06 8,192 -c--a-w C:\WINDOWS\system32\dllcache\kbdkor.dll + 2008-06-24 16:23:56 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll - 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-23 15:40:02 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 15:40:03 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 15:40:03 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 15:40:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-20 17:41:06 247,808 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll - 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 15:40:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:15:36 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-02-16 09:02:38 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-06-23 15:40:05 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2008-02-16 09:02:38 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-06-23 15:40:06 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 15:40:06 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 15:40:08 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2004-08-04 06:14:14 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys - 2004-08-19 22:55:31 274,944 ------w C:\WINDOWS\system32\drivers\bthport.sys + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys + 2008-06-05 14:04:12 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys + 2008-06-05 14:04:16 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys - 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys - 2004-01-15 00:49:58 35,712 ----a-r C:\WINDOWS\system32\drivers\SeratoUsb.sys + 2006-03-16 14:24:04 35,712 ----a-w C:\WINDOWS\system32\drivers\SeratoUsb.sys - 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys - 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 15:40:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 15:40:00 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2005-07-26 04:39:57 243,200 ----a-w C:\WINDOWS\system32\es(2)(2).dll - 2008-02-16 09:02:35 55,808 ------w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 15:40:00 55,808 ------w C:\WINDOWS\system32\extmgr.dll - 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-06-23 15:40:00 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-06-23 15:40:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 15:40:00 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2003-05-22 14:31:56 55,808 ----a-w C:\WINDOWS\system32\lfpsd13n.dll + 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe - 2008-01-24 10:07:56 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-06-12 12:47:46 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe + 1994-01-01 06:00:00 33,280 ----a-w C:\WINDOWS\system32\MSAES110.DLL + 1994-01-01 06:00:00 710,752 ----a-w C:\WINDOWS\system32\MSAJT110.DLL + 1994-03-23 22:00:00 17,424 ----a-w C:\WINDOWS\system32\MSAJT112.DLL - 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-23 15:40:02 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 15:40:03 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 15:40:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 15:40:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-06-09 13:42:17 71,144 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-15 10:18:57 71,144 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-09 13:42:18 84,654 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-09-15 10:18:57 84,654 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-06-09 13:42:18 424,158 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-15 10:18:57 424,158 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-09 13:42:18 492,146 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-15 10:18:57 492,146 ----a-w C:\WINDOWS\system32\perfh00C.dat - 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 15:40:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll + 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll + 2004-01-15 00:49:58 35,712 ----a-r C:\WINDOWS\system32\ReinstallBackups\[u]0[/u]017\DriverFiles\SeratoUsb.sys - 2008-06-07 12:36:08 2,265,184 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2008-09-12 09:28:12 5,161,572 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat - 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-06-23 15:40:05 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-06-23 15:40:06 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2006-09-16 02:02:34 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 15:40:06 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll + 1994-01-01 06:00:00 95,200 ----a-w C:\WINDOWS\system32\VBDB300.DLL + 1993-06-30 10:02:30 398,416 ----a-w C:\WINDOWS\system32\VBRUN300.DLL - 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-09-15 10:14:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_dc.dat + 2008-04-15 17:56:59 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-13 68856] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-08-11 86016] "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864] "36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 1953792] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-16 286720] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 61440] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "KOfcpfwSvcs.exe"="C:\WINDOWS\system32\KOfcpfwSvcs.exe" [2007-10-14 24576] "DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-02-15 61440] "nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "ysZ2yuEkDC"="C:\Documents and Settings\All Users\Application Data\nwpevkpy\huhozqty.exe" [2008-09-15 69632] C:\Documents and Settings\Remon\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-15 110592] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-15 110592] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Macromedia\Flash MX\Flash.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe"= "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"= "C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"= "C:\Program Files\backburner 2\monitor.exe"= "C:\Program Files\backburner 2\manager.exe"= "C:\Program Files\backburner 2\server.exe"= "C:\Program Files\discreet\combustion 4\combustion.exe"= "C:\Program Files\Soulseek\slsk.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"= "C:\Program Files\BitTorrent_DNA\dna.exe"= "C:\Program Files\BitTorrent\bittorrent.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\DNA\btdna.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"= "C:\Program Files\Vuze\Azureus.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-02-15 16384] R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys [2002-12-10 256113] R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2002-08-26 5543] R2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe [2004-02-11 171008] S3 emuumidi;E-MU USB-MIDI Driver;C:\WINDOWS\system32\drivers\emuumidi.sys [2007-03-14 37120] S3 SeratoUsb;SeratoUsb driver;C:\WINDOWS\system32\Drivers\SeratoUsb.sys [2006-03-16 35712] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{CF01CEAB-8765-4973-83A5-55A5553E4CA2} - C:\WINDOWS\system32\urqOIcBq.dll HKCU-Run-Windows Updates - c:\windows\system\Update.exe HKLM-Run-Windows Updates - c:\windows\system\Update.exe HKLM-Run-303cdeab - C:\WINDOWS\system32\qklnkwqs.dll HKLM-Run-BM330fed37 - C:\WINDOWS\system32\dwqovgvf.dll . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-15 12:44:42 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-09-15 12:47:15 ComboFix-quarantined-files.txt 2008-09-15 10:47:09 ComboFix2.txt 2008-06-09 14:03:37 Avant-CF: 63,007,657,984 octets libres AprŠs-CF: 63,166,734,336 octets libres 638 --- E O F --- 2008-09-13 01:00:43

geoffrey5 · Answer

ok maintenant :

Télécharge sur le bureau virtumundobegone : 

(c est le numéro 13 en bas de la page) : https://www.androidworld.fr/ 

déconnecte internet et désactive ton antivirus le temps de la manipulation



=> Double clic sur VirtumundoBeGone.exe 
=> Clic Continue ==> clic Start 
=> Clic Oui 
=> A la fin si Vundo est présent , le PC s’éteint et redémarre 
- Si Ecran bleu et message : Erreur fatale .. pas de problème 
=> Poster le rapport VBG.TXT qui est sur le bureau 

ensuite refais un nouveau rapport hijackthis stp

freakyalex · Answer

virtumondo


[09/15/2008, 12:57:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Remon\Bureau\VirtumundoBeGone.exe" )
[09/15/2008, 12:57:46] - Detected System Information:
[09/15/2008, 12:57:46] -  Windows Version: 5.1.2600, Service Pack 2
[09/15/2008, 12:57:46] -  Current Username: Remon (Admin)
[09/15/2008, 12:57:46] -  Windows is in NORMAL mode.
[09/15/2008, 12:57:46] - Searching for Browser Helper Objects:
[09/15/2008, 12:57:46] -  BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[09/15/2008, 12:57:46] -  BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/15/2008, 12:57:46] -  BHO 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} ()
[09/15/2008, 12:57:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/15/2008, 12:57:46] -  No filename found. Continuing.
[09/15/2008, 12:57:46] -  BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/15/2008, 12:57:46] - Finished Searching Browser Helper Objects
[09/15/2008, 12:57:46] - Finishing up...
[09/15/2008, 12:57:46] - Nothing found! Exiting...

freakyalex · Answer

hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:49, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data
wpevkpy\huhozqty.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\fclmhuvq.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KOfcpfwSvcs.exe] C:\WINDOWS\system32\KOfcpfwSvcs.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ysZ2yuEkDC] C:\Documents and Settings\All Users\Application Data
wpevkpy\huhozqty.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

geoffrey5 · Answer

fais quand meme ceci pour vérifier stp :

télécharge sur le bureau Navilog1 à cette adresse (c est le numéro 1 en bas de la page) : https://www.androidworld.fr/

Si votre antivirus s'affole , le désactiver 
=sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur
=sous XP : double-clic dessus pour l'installer et le lancer 

 
Quand installé 
= taper F 
= Appuyer sur une touche jusqu' arriver aux options 
= Choisir Recherche ( = taper 1 ) 
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes 

un rapport : fixnavi.txt 
dans ==> C : 
le copier et le coller dans la réponse

freakyalex · Answer

voila..


Search Navipromo version 3.6.5 commencé le 15/09/2008 à 13:05:57,62

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Remon" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Remon\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Remon\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Remon\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Remon\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Remon\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 15/09/2008 à 13:10:08,95 ***

geoffrey5 · Answer

télécharge OtMoveIt 

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau à cette adresse :

(c est le numéro 7 en bas de la page) : https://www.androidworld.fr/
 
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée. 
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move. 


c:\documents and settings\all users\application data
wpevkpy\huhozqty.exe
 


clique sur MoveIt! pour lancer la suppression. 
Le résultat apparaitra dans le cadre "Results". 
Clique sur Exit pour fermer. 
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg  

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) : 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ysZ2yuEkDC"=-


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" : 
dans : sur le bureau 
Nom du fichier : fix.reg 
Type de fichier : "tous les fichiers" 
clique sur "enregistrer" 

ca doit ressembler à ca une fois enregistré : 

http://img520.imageshack.us/img520/4251/screenshot005ps2.png 

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?" 
Si c'est bien le cas, clique sur "oui" 


ensuite redémarre le pc, réactive ton antivirus et refais un nouveau rapport hijackthis stp

freakyalex · Answer

c:\documents and settings\all users\application data
wpevkpy\huhozqty.exe moved successfully.
File/Folder  not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09152008_132453

freakyalex · Answer

ce lien ne fonctionne pas, j aimerai pouvoir verifier avnt de modifier mon registre..

ca doit ressembler à ca une fois enregistré : 

http://img520.imageshack.us/img520/4251/screenshot005ps2.png 

comment je peu faire ?

geoffrey5 · Answer

tu dois avoir une icone de registre nommée fix.reg ou fix

et quand tu double cliques dessus, tu dois avoir ce message : "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"

Si c'est bien le cas, clique sur "oui"

geoffrey5 · Answer

En effet le lien avec l image hébergée ne fonctionne plus  :s

geoffrey5 · Answer

celui ci marche ??

www.hiboox.com/images/4905/avnoztv.jpg

geoffrey5 · Answer

non  lol

geoffrey5 · Answer

voilà : https://i39.servimg.com/u/f39/12/79/94/93/fixreg10.jpg

freakyalex · Answer

iep si si ca fonctionne chez moi...
merci

voila le hijack..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:52, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\KOfcpfwSvcs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KOfcpfwSvcs.exe] C:\WINDOWS\system32\KOfcpfwSvcs.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

geoffrey5 · Answer

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) 
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe     
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"     
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime     
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe     
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe     
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe     
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe     

puis tu cliques sur fix checked.

vas aussi faire ces mises à niveau suivantes stp :

adobe reader XP : https://get2.adobe.com/reader/otherversions/

internet explorer 7 : https://www.androidworld.fr/


Réactives ton antivirus et dis moi si tu as encore des problemes

freakyalex · Answer

je fais les mises a jour part contre je n ai pas d anti virus peut etre en as tu un gratuit a me proposer ?..

geoffrey5 · Answer

ok...télécharge antivir sur mon site web à cette adresse : https://www.androidworld.fr/

Un tuto sera à ta disposition pour savoir l installer et l utiliser correctement

ensuite dis moi si tu as encore des problèmes car on doit finir...

freakyalex · Answer

Bien ecoute tt est fait je croit ne plus avoir aucun soucy meme des truks que j avai depuis longtemps et des dll manquants...
UN grand grand merci a toi pour ton aide, c incroyable de nos jours un soutient d aussi bonne qualité, aussi rapide et gratuit...bravo bravo bravo et merci..

freakyalex · Answer

il n y a que aux remerciements que tu ne repond pas lol....

freakyalex · Answer

geoffrey, je suis desolé mais j avai une autre merde sur mon pc que j ai executer comme un con ...c reparti ! je me croyais proteger par l antivirus..ca me rend fou je pourrais jamais bosser...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:39, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\KOfcpfwSvcs.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Vuze\Azureus.exe
C:\DOCUME~1\Remon\LOCALS~1\Temp\video198.cfg
C:\DOCUME~1\Remon\LOCALS~1\Temp\a.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KOfcpfwSvcs.exe] C:\WINDOWS\system32\KOfcpfwSvcs.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Remon\LOCALS~1\Temp\video198.cfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

geoffrey5 · Answer

dsl mais j étais plus sur le pc...

Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée. 
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move. 


c:\documents and settingsemon\locals~1	emp\video198.cfg.exe
 


clique sur MoveIt! pour lancer la suppression. 
Le résultat apparaitra dans le cadre "Results". 
Clique sur Exit pour fermer. 
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg  

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) : 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Somefox"=-


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" : 
dans : sur le bureau 
Nom du fichier : fix.reg 
Type de fichier : "tous les fichiers" 
clique sur "enregistrer" 

ca doit ressembler à ca une fois enregistré : 

https://i39.servimg.com/u/f39/12/79/94/93/fixreg10.jpg 

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?" 
Si c'est bien le cas, clique sur "oui" 


ensuite redémarre le pc et refais un nouveau rapport hijackthis stp

freakyalex · Answer

c:\documents and settingsemon\locals~1	emp\video198.cfg.exe moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09152008_161438

freakyalex · Answer

voila le hijack..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:49, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\KOfcpfwSvcs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KOfcpfwSvcs.exe] C:\WINDOWS\system32\KOfcpfwSvcs.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\plugins\plugins\3dsmax7\plugins\Brazil\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

geoffrey5 · Answer

C est ok  ;-)

maintenant fais attention !!  lol

est ce que tu as encore des problemes ??

freakyalex · Answer

nan ca a l'air ok... ya des merde partou sur le net.. dsl et merci bcp !

freakyalex · Answer

tu pense que je doit remttre spybot ? car il empeche les modification de registre...non ?

geoffrey5 · Answer

Mais de rien, c est avec plaisir que je t ai aidé  ;-)

ok...si tu n as plus de problemes tu peux faire ceci pour terminer stp :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :  

Télécharge toolscleaner sur ton Bureau : 

(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/ 

* Double-clique sur ToolsCleaner2.exe et laisse le travailler 
* Clique sur Recherche et laisse le scan se terminer. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options facultatives. 
* Clique sur Quitter, pour que le rapport puisse se créer. 
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse




Désactive et réactive la Restauration du système :
 
1 Dans la barre des tâches de Windows, clique sur Démarrer.
 
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
 
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

4 Clique sur Appliquer.
  
5 Ensuite décoche "Désactiver la restauration du systeme"

6 clique sur appliquer puis ok

7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

(exemple : après désinfection sur CCM) puis tu valides.


Tu peux mettre ton problème résolu !!


PS : les liens de toolscleaner, etc... C est mon site web si ca peut t aider  ;-)

Bonne fin de journée @+

geoffrey5 · Answer

il t empeche surtout d installer des logiciels et c est tres embetant je trouve..

Tu fais une mise à jour et une analyse une fois par semaine et c est bon...moi c est ce que je fais  ;-)

as tu le logiciel ad-aware ??

freakyalex · Answer

non je ne sais pas ce que c'est ...

geoffrey5 · Answer

C est un logiciel antispyware...un peu comme spybot mais il supprime d autres infections..

il est aussi téléchargeable sur mon site web à cette adresse : 

https://www.androidworld.fr/

freakyalex · Answer

pk faut il suprimer les outils ?


[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\GenProc.txt: trouvé !
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\SdFix.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\HijackThis.lnk: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\Msnfix.zip: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\VirtumundoBeGone.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\GenProc.zip: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\Navilog1.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\Navilog1.lnk: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\ComboFix.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\vundoFix.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\HJTInstall.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\msnfix.txt: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\VBG.txt: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\MsnFix: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\SmitFraudfix: trouvé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\GenProc: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\system32\*.msnfix: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\SdFix.exe: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\HijackThis.lnk: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\Msnfix.zip: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\VirtumundoBeGone.exe: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\GenProc.zip: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\Navilog1.exe: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\Navilog1.lnk: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\vundoFix.exe: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\HJTInstall.exe: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\SmitFraudFix.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\GenProc.txt: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\msnfix.txt: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\VBG.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\system32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\MsnFix: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\SmitFraudfix: supprimé !
C:\Documents and Settings\Remon\Mes documents\ANTI virus spy\GenProc: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

geoffrey5 · Answer

parce que ce sont des outils qui ne peuvent pas etres utilisés sans raison spécifique...Ils pourraient engendrer des problèmes sur ton pc si tu les exécutes sans raison...

Et ils sont régulièrement mis à jour par leur auteur donc ceux que tu as téléchargé deviendront vite obseletes (non à jour).

Voilà  ;-)

fais bien la suite car c est tres important !

freakyalex · Answer

le point de restauration est fait...mais j ai du réactivé la restauration du systeme pour pouvoir créer un point...

geoffrey5 · Answer

ok lol

PC qui rame et trojan qui trainent..

41 réponses

Discussions similaires

Newsletters