Rapport hijackthis a analyser svp plante bleu [Résolu/Fermé]

Signaler
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
-
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
-
Bonjour,
est-ce possible d'analyser mon rapport hijak? Depuis le passage d'un ami de mon copain mon ordi plante plus souvent et je n'arrive pas a augmenter mon espace libre sur mon disque dur..
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:54:22, on 2008-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\Mes fichiers reçus\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [SpybotDeletingA8243] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9216] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

21 réponses

Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut,


simpa le copain ... ^^"


plusieurs infections ... fais ceci pour commencer :


Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqAiMXZpW1rpTZbSk2J9MnUokYbPT0O2yRy7IR2mY7cCLURDcqLQYoyx2Wu2juiMCKPq1130SsDHcr9qo6-wMeMk_5hkwKejdJcoKc2CyKcpYpKBoRibuLITHjSHTem_3BQHs5ANiXSwpEkeNkh2LaAnMCz5IYXwQfKIFQLE2rCzsEzeGA2Py1Tl-BeEEw0FlRAZlRh4JyACQuqg2thv2k3j8goTQ%3D%3D&attredirects=1

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

OK C'EST FAIT! voila!ps:je ne savais pas trop ou répondre...enfin le bon endroit...

-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : COMODO Firewall 3.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:26 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 2008-11-04|18:12 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(Admin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Admin) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD & AnyDVD HD 6.1.3.5 + Crack [April 13 2007].rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD & AnyDVD HD 6.4 keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD 6.1.0.2 It + CloneDVD 2.9.0.3 It + CloneDVDmobile 1.1.4.0 It + Clone CD 5.3.0.1 It + Virtual CloneDrive 5.1.4.5 It + Crack By Ipparius.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD.HD.6.3.0.3.Incl.Crack-RES.By.GGW.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ArcGis 9 (CD1 CD2 CD3) with Crack-funziona!istruzioni in ita.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ArcGis 9 (CD1 CD2 CD3) with Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.258 And Keygen (20th November 2007).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen ( October 2007).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.3 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Crack nero burning rom 7.10.1.0 - CrACK iT.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DivX Bundle 6.9 Professional + Keygenerator.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DrDivX 1.0.6 + crack(1).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab Platinum 4.0.1.3 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab Platinum 4.0.4 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab.Platinum.4.0.5_Final Keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3.Incl-Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\MP3 Remix Plus 3.31 Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8 Ultra Edition Keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8.2.8 Ultra Edition incl. Keygen (WORKS PERFECT).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\nero crack 7.10.24.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\nero.7.2.0.3b (crack).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nidesoft DVD Audio Ripper v3.0.50 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nidesoft DVD Ripper v3.0.50 crack ..rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Xxx Clone Dvd Any Dvd Crack Serial.rar



1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-04|18:13 - Option : [1]

-----------\\ Fin du rapport a 18:13:06,51
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

OK C'EST FAIT! voila!

-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : COMODO Firewall 3.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:26 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 2008-11-04|18:12 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(Admin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Admin) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD & AnyDVD HD 6.1.3.5 + Crack [April 13 2007].rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD & AnyDVD HD 6.4 keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD 6.1.0.2 It + CloneDVD 2.9.0.3 It + CloneDVDmobile 1.1.4.0 It + Clone CD 5.3.0.1 It + Virtual CloneDrive 5.1.4.5 It + Crack By Ipparius.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD.HD.6.3.0.3.Incl.Crack-RES.By.GGW.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ArcGis 9 (CD1 CD2 CD3) with Crack-funziona!istruzioni in ita.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ArcGis 9 (CD1 CD2 CD3) with Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.258 And Keygen (20th November 2007).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen ( October 2007).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.3 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Crack nero burning rom 7.10.1.0 - CrACK iT.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DivX Bundle 6.9 Professional + Keygenerator.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DrDivX 1.0.6 + crack(1).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab Platinum 4.0.1.3 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab Platinum 4.0.4 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab.Platinum.4.0.5_Final Keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3.Incl-Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\MP3 Remix Plus 3.31 Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8 Ultra Edition Keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8.2.8 Ultra Edition incl. Keygen (WORKS PERFECT).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\nero crack 7.10.24.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\nero.7.2.0.3b (crack).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nidesoft DVD Audio Ripper v3.0.50 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nidesoft DVD Ripper v3.0.50 crack ..rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Xxx Clone Dvd Any Dvd Crack Serial.rar



1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-04|18:13 - Option : [1]

-----------\\ Fin du rapport a 18:13:06,51

et alors docteur?
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

et en passant, il m'a enlevé un programme que j'aimais beaucoup je ne sais pas si il y a un moyen de le récupérer...ouais..je m'étais pourtant dit plus jamais mais bon..soupir..
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Alors , pas mal de cracks infectieux ... faut nettoyer cela aussi :

dans l'ordre :


1- Important :
Désactives le "tea timer" de Spybot S&D en t'aidant de ce tuto animé (merci Balltrap ;) ) :
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
( sur la 1er image , cliques sur "tea timer" pour lancer l'animation ).

En effet , il risque de géner fortement dans le bon déroulement des outils de désinfections ...

Tu le réactiveras une fois qu'on aura finis de désinfecter ( et pas avant ! ) .
Attention , à ce moment là, Spybot te demandera des modifs de registres :
tu les accepteras toutes ! ...

****************************

2- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,


:Processes
explorer.exe

:Services

:Reg

:Files
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD & AnyDVD HD 6.1.3.5 + Crack [April 13 2007].rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD & AnyDVD HD 6.4 keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD 6.1.0.2 It + CloneDVD 2.9.0.3 It + CloneDVDmobile 1.1.4.0 It + Clone CD 5.3.0.1 It + Virtual CloneDrive 5.1.4.5 It + Crack By Ipparius.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\AnyDVD.HD.6.3.0.3.Incl.Crack-RES.By.GGW.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ArcGis 9 (CD1 CD2 CD3) with Crack-funziona!istruzioni in ita.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ArcGis 9 (CD1 CD2 CD3) with Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.258 And Keygen (20th November 2007).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen ( October 2007).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\ConvertXtoDVD 2.2.3.3 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Crack nero burning rom 7.10.1.0 - CrACK iT.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DivX Bundle 6.9 Professional + Keygenerator.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DrDivX 1.0.6 + crack(1).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab Platinum 4.0.1.3 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab Platinum 4.0.4 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\DVDFab.Platinum.4.0.5_Final Keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Lavasoft.Ad-Aware.2007.Professional.Edition.v7.0.1.3.Incl-Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\MP3 Remix Plus 3.31 Crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8 Ultra Edition Keygen.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8.2.8 Ultra Edition incl. Keygen (WORKS PERFECT).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\nero crack 7.10.24.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\nero.7.2.0.3b (crack).rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nidesoft DVD Audio Ripper v3.0.50 crack.rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Nidesoft DVD Ripper v3.0.50 crack ..rar
C:\DOCUME~1\Admin\Mes documents\Downloads\Xxx Clone Dvd Any Dvd Crack Serial.rar

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).


************************************

3- Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...


Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

cela part mal...j'ai le choix dans le premier lien entre mise a jour, vaccination ou corriger les problèmes..je choisit lequel??
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461 >
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

en dessous il y a "tea timer" .... cliques dessus et l'animation débutera ... ;)
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012

bon bon..j,ai finalement trouvé..désolée! et j'ai suivit les instructions!
voici donc le rapport de toolbar

-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : COMODO Firewall 3.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:26 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [2] ( 2008-11-04|18:45 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Admin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Admin) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Admin\Mes documents\Downloads\Nero 8 Ultra Edition Keygen.rar



1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-04|18:13 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-11-04|18:46 - Option : [2]

-----------\\ Fin du rapport a 18:46:39,54

et voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:50:05, on 2008-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\Mes fichiers reçus\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [SpybotDeletingA8243] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9216] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Bien ...


la suite :

1- Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoches toutes les "options supplémentaires" sauf les 2 premières.


Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )



2- Télécharges SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://sdfix.net/SDFix.exe

--> Double-cliques sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/tutorial-sdfix/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

Ouvres le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double cliques sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...

Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
re,

postes moi tout cela et j'analyserai quand il fera jour ... ;)


bonne nuit et à demain pour la suite ....
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

hello!
Bon matin! ;)
voici donc pour faire suite(merci beaucoup pour l'aide, très gentil!) le rapport fix

[b]SDFix: Version 1.239 [/b]
Run by Administrateur on 04/11/2008 at 19:25

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\WinUpdating.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 19:30:32
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Diablo\\diablo.exe"="C:\\Diablo\\diablo.exe:*:Enabled:Diablo"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 9 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 24 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT3.tmp"
Mon 9 Jul 2007 4,348 ...H. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 29 Nov 2007 20 A..H. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 9 Jul 2007 312 A.SH. --- "C:\Documents and Settings\Admin\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]
et voici le rapport hijack
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:35:32, on 2008-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\Mes fichiers reçus\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [SpybotDeletingA8243] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9216] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut,



pas mal de prb sur le site aujourd'hui .... : s


je n'arrive pas à te poster la suite ...



je te tiens au courant dès que possible ...

Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
bon ,

je t'ai envoyer la manipe à suivre en Message Privé .... pas le choix car je n'arrive plus à poster sur le forum .... ;)
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
fais ceci :

Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php

* Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasses le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnectes toi et fermes toutes applications en cours !

* Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).

--> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouvel hijackthis pour analyse ...

Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

Voila!
Désolée pour le délai de réponse mais je crois que nous ne sommes as au même fuseau horraire! ;)
Donc voici le rapport malwyre
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1368
Windows 5.1.2600 Service Pack 2

2008-11-05 18:44:35
mbam-log-2008-11-05 (18-44-35).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 90708
Temps écoulé: 13 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
et voici le dernier rapport hijack
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:46:40, on 2008-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\Mes fichiers reçus\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [SpybotDeletingA8243] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9216] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
bien ... =)


dis moi comment va le PC maintenant .... Du mieux ? ...


fais ceci :

A- supprimes tout ce qui se trouve dans la quarantaine de MBAM ( via celle-ci )


B- refais un coup de CCleaner ( registre compris )


C- Supprimes ton Hijackthis , cette version est obselette ... puis fais ce qui suit :

1- Télécharges et installes le logiciel HijackThis :

ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-->Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne lances pas ce prg pour l'instant et fais la suite ... )



2- Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et fermes toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* cliques ensuite sur " Continue " pour lancer l'analyse ...


-> laisses faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : postes un rapport, puis l'autre dans la réponse suivante ... si tu essayes de poster les deux en même temps,
cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

voila
log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Admin at 2008-11-06 19:14:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 895 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:42, on 2008-11-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [SpybotDeletingA8243] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9216] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

suite du log.txt
======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UniMessenger"= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-01-05 40960]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-10-06 278264]
"COMODO Firewall Pro"=C:\Program Files\Comodo\Firewall\cfp.exe [2008-10-31 1797880]
"COMODO Internet Security"=C:\Program Files\Comodo\Firewall\cfp.exe [2008-10-31 1797880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA8243"=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingC9216"=cmd /c del C:\WINDOWS\SchedLgU.Txt []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoAutoUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Diablo\diablo.exe"="C:\Diablo\diablo.exe:*:Enabled:Diablo"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-11-06 19:14:59 ----DC---- C:\rsit
2008-11-06 19:01:56 ----D---- C:\Program Files\Trend Micro
2008-11-05 18:18:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 19:23:36 ----D---- C:\WINDOWS\ERUNT
2008-11-04 19:07:52 ----DC---- C:\SDFix
2008-11-04 18:40:21 ----DC---- C:\_OTMoveIt
2008-11-04 18:12:05 ----AC---- C:\TB.txt
2008-11-04 18:10:36 ----DC---- C:\ToolBar SD
2008-11-01 16:01:58 ----AC---- C:\Documents and Settings\Admin\Application Data\inst.exe
2008-11-01 16:01:52 ----DC---- C:\Documents and Settings\Admin\Application Data\Vso
2008-10-28 06:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-26 03:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-26 03:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-26 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-24 14:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-24 14:54:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-24 14:54:26 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-24 14:54:02 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-24 14:53:54 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-24 14:52:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-24 14:24:01 ----D---- C:\Program Files\Ofb1
2008-10-24 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 15:52:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-18 15:35:41 ----D---- C:\Program Files\Black Isle
2008-10-15 03:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 03:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-10 18:14:45 ----A---- C:\WINDOWS\bnetunin.exe
2008-10-06 21:02:37 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-10-06 21:01:18 ----DC---- C:\Documents and Settings\Admin\Application Data\Comodo
2008-10-06 21:01:15 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-06 21:01:15 ----A---- C:\WINDOWS\system32\guard32.dll
2008-10-06 21:01:14 ----D---- C:\Program Files\Comodo
2008-10-04 19:44:28 ----DC---- C:\NeverwinterNights
2008-09-19 18:44:08 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-09-16 23:55:52 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-09-16 23:52:58 ----A---- C:\WINDOWS\vsnpstd2.exe
2008-09-16 23:52:58 ----A---- C:\WINDOWS\system32\unicows.dll
2008-09-16 23:52:58 ----A---- C:\WINDOWS\system32\dsnpstd2.dll
2008-09-16 23:52:58 ----A---- C:\WINDOWS\snpstd2.ini
2008-09-16 23:52:53 ----A---- C:\WINDOWS\system32\vsnpstd2.dll
2008-09-16 23:52:53 ----A---- C:\WINDOWS\system32\rsnpstd2.dll
2008-09-16 23:52:53 ----A---- C:\WINDOWS\system32\csnpstd2.dll
2008-09-16 23:52:50 ----D---- C:\Program Files\Fichiers communs\snpstd2
2008-09-16 23:52:50 ----A---- C:\WINDOWS\usnpstd2.exe
2008-09-16 23:26:56 ----A---- C:\WINDOWS\amcap.exe
2008-09-10 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

======List of files/folders modified in the last 2 months======

2008-11-06 19:14:59 ----D---- C:\WINDOWS\Prefetch
2008-11-06 19:01:56 ----RD---- C:\Program Files
2008-11-06 18:57:42 ----D---- C:\Program Files\Mozilla Firefox
2008-11-06 18:57:05 ----D---- C:\WINDOWS
2008-11-06 18:30:32 ----D---- C:\WINDOWS\Temp
2008-11-05 18:19:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-04 19:26:10 ----D---- C:\WINDOWS\system32
2008-11-04 19:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-04 18:45:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 17:37:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-01 16:02:01 ----HD---- C:\WINDOWS\inf
2008-11-01 15:48:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 00:22:26 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-26 23:08:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 20:30:38 ----AC---- C:\WINDOWS\wininit.ini
2008-10-26 03:02:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 14:56:55 ----D---- C:\WINDOWS\AppPatch
2008-10-24 14:54:10 ----AC---- C:\WINDOWS\win.ini
2008-10-24 14:54:02 ----D---- C:\Program Files\Windows Media Player
2008-10-24 14:53:59 ----D---- C:\WINDOWS\Help
2008-10-24 03:00:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 19:18:30 ----D---- C:\WINDOWS\Debug
2008-10-19 15:23:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-19 09:36:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-18 15:31:16 ----D---- C:\Program Files\SpywareGuard
2008-10-18 15:30:28 ----D---- C:\Program Files\Canon
2008-10-18 15:30:18 ----D---- C:\Program Files\DVDFab Gold
2008-10-18 15:28:49 ----D---- C:\Program Files\321Studios
2008-10-18 15:25:43 ----DC---- C:\Config.Msi
2008-10-18 15:18:29 ----SHD---- C:\WINDOWS\Installer
2008-10-18 15:18:29 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-18 15:18:29 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-15 11:59:28 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 03:14:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 03:07:56 ----D---- C:\Program Files\Internet Explorer
2008-10-15 03:07:45 ----D---- C:\WINDOWS\ie7updates
2008-10-13 21:52:12 ----D---- C:\Program Files\Mindscape
2008-10-13 21:51:11 ----D---- C:\Program Files\The Adventure Company
2008-10-11 21:02:42 ----D---- C:\Program Files\Shareaza
2008-10-11 20:19:30 ----DC---- C:\Documents and Settings\Admin\Application Data\Shareaza
2008-10-07 12:19:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-06 21:55:50 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-06 21:55:50 ----D---- C:\WINDOWS\Internet Logs
2008-10-03 12:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-16 23:52:58 ----D---- C:\WINDOWS\twain_32
2008-09-16 23:52:50 ----D---- C:\Program Files\Fichiers communs
2008-09-10 03:00:43 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-10-31 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-06-28 16768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-02 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-07-26 12288]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-06-28 258560]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2005-02-17 124160]
R3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-07-26 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2005-07-26 14848]
S2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys []
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys []
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-11-01 47360]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-07-26 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2005-07-26 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-07-26 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

suite et fin du log

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\Firewall\cmdagent.exe [2008-10-31 614136]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
ha la la voici maintenant le info.txt
info.txt logfile of random's system information tool 1.04 2008-11-06 19:15:44

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agatha Christie - Devinez qui-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{043BA542-04B8-4F8C-9043-E14911A71948}\setup.exe" -l0x40c -uninst
Ahead ImageDrive-->C:\WINDOWS\UNIDRV.exe /UNINSTALL
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Baldur's Gate & Tales of the Sword Coast-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Baldur's Gate\Uninst.isu"
Baldur's Gate(TM) II - Shadows of Amn(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAE4336-2B71-11D4-9A6C-006067325E47}\setup.exe"
Baldur's Gate(TM) II - Throne of Bhaal (TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"
Battle.net-->C:\WINDOWS\bnetunin.exe
Canon PIXMA iP5000-->C:\WINDOWS\system32\CNMCP6d.exe "-PRINTERNAMECanon PIXMA iP5000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP5000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP5000 Installer\Inst2\cnmi040c.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cdrLabel French (France) Language DLL-->MsiExec.exe /I{4843B988-DE74-4AE7-964B-3A82A4841B13}
COMODO Firewall Pro-->C:\Program Files\Comodo\Firewall\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MemAv-->"C:\Program Files\MemAv_V1_2\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI MSIDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
Realtek AC'97 Audio-->Alcrmv.exe -r -m
SereneScene Marine Aquarium 2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SereneScreen\Marine Aquarium 2\Uninst.isu"
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SiS Mirage Graphics-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Totally Spies, Attaque des zombies-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{278FDAF8-DEB0-4EBC-8192-E101A4835A3C}\setup.exe" -l0x40c -removeonly
Totally Spies, le blues du monstre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E87DA9F9-AA68-4E37-8816-3348A079FAB9}\setup.exe" -l0x40c -removeonly
USB PC Camera (SN9C103)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Bitdefender Antivirus (disabled)
FW: Bitdefender Firewall (disabled)
FW: COMODO Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
et maintenant?
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut,

Dans l'ordre :


1- Important :
Désactives le "tea timer" de Spybot S&D en t'aidant de ce tuto animé (merci Balltrap ;) ) :
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
( sur la 1er image , cliques sur "tea timer" pour lancer l'animation ).

En effet , il risque de géner dans le bon déroulement des outils de désinfections ...

Tu le réactiveras une fois qu'on aura finis de désinfecter ( et pas avant ! ) .
Attention , à ce moment là, Spybot te demandera des modifs de registres :
tu les accepteras toutes ! ...


Une fois fais ( et pas avant ! ) , fais la suite :


2- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,


:Processes
explorer.exe

:Services
BDFSDRV
Ad-Watch Connect Filter
BDRSDRV
bdpredir
Profos
Trufos

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA8243"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC9216"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run] 
"UniMessenger"=-

:Files
C:\Documents and Settings\Admin\Application Data\inst.exe
C:\WINDOWS\bnetunin.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]



et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).



3- refais unscan RSIT , postes le nouveau rapport "log.txt" obtenu pour analyse ... ( postes en 1 fois , cela devrai passer ... )


Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

hello!
donc voici le premier rapport:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service BDFSDRV stopped successfully.
Service BDFSDRV deleted successfully.
Service Ad-Watch Connect Filter stopped successfully.
Service Ad-Watch Connect Filter deleted successfully.
Service BDRSDRV stopped successfully.
Service BDRSDRV deleted successfully.
Service bdpredir stopped successfully.
Service bdpredir deleted successfully.
Service Profos stopped successfully.
Service Profos deleted successfully.
Service Trufos stopped successfully.
Service Trufos deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\SecurityProviders deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA8243 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC9216 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run not found.
========== FILES ==========
C:\Documents and Settings\Admin\Application Data\inst.exe moved successfully.
C:\WINDOWS\bnetunin.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11072008_220040
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

et voici le rsit
Logfile of random's system information tool 1.04 (written by random/random)
Run by Admin at 2008-11-07 22:09:32
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 28 GB (36%) free of 76 GB
Total RAM: 895 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:40, on 2008-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

et encore
======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UniMessenger"= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SNPSTD2"=C:\WINDOWS\vsnpstd2.exe [2004-01-05 40960]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-10-06 278264]
"COMODO Firewall Pro"=C:\Program Files\Comodo\Firewall\cfp.exe [2008-10-31 1797880]
"COMODO Internet Security"=C:\Program Files\Comodo\Firewall\cfp.exe [2008-10-31 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoAutoUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Diablo\diablo.exe"="C:\Diablo\diablo.exe:*:Enabled:Diablo"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-11-06 19:14:59 ----DC---- C:\rsit
2008-11-06 19:01:56 ----D---- C:\Program Files\Trend Micro
2008-11-05 18:18:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-04 19:23:36 ----D---- C:\WINDOWS\ERUNT
2008-11-04 19:07:52 ----DC---- C:\SDFix
2008-11-04 18:40:21 ----DC---- C:\_OTMoveIt
2008-11-04 18:12:05 ----AC---- C:\TB.txt
2008-11-04 18:10:36 ----DC---- C:\ToolBar SD
2008-11-01 16:01:52 ----DC---- C:\Documents and Settings\Admin\Application Data\Vso
2008-10-28 06:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-26 03:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-26 03:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-26 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-24 14:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-24 14:54:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-24 14:54:26 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-24 14:54:02 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-24 14:53:54 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-24 14:52:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-24 14:24:01 ----D---- C:\Program Files\Ofb1
2008-10-24 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 15:52:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-18 15:35:41 ----D---- C:\Program Files\Black Isle
2008-10-15 03:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 03:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 03:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-06 21:02:37 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-10-06 21:01:18 ----DC---- C:\Documents and Settings\Admin\Application Data\Comodo
2008-10-06 21:01:15 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-06 21:01:15 ----A---- C:\WINDOWS\system32\guard32.dll
2008-10-06 21:01:14 ----D---- C:\Program Files\Comodo
2008-10-04 19:44:28 ----DC---- C:\NeverwinterNights
2008-09-19 18:44:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-16 23:55:52 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-09-16 23:52:58 ----A---- C:\WINDOWS\vsnpstd2.exe
2008-09-16 23:52:58 ----A---- C:\WINDOWS\system32\unicows.dll
2008-09-16 23:52:58 ----A---- C:\WINDOWS\system32\dsnpstd2.dll
2008-09-16 23:52:58 ----A---- C:\WINDOWS\snpstd2.ini
2008-09-16 23:52:53 ----A---- C:\WINDOWS\system32\vsnpstd2.dll
2008-09-16 23:52:53 ----A---- C:\WINDOWS\system32\rsnpstd2.dll
2008-09-16 23:52:53 ----A---- C:\WINDOWS\system32\csnpstd2.dll
2008-09-16 23:52:50 ----D---- C:\Program Files\Fichiers communs\snpstd2
2008-09-16 23:52:50 ----A---- C:\WINDOWS\usnpstd2.exe
2008-09-16 23:26:56 ----A---- C:\WINDOWS\amcap.exe
2008-09-10 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
======List of files/folders modified in the last 2 months======

2008-11-07 22:06:23 ----D---- C:\Program Files\Mozilla Firefox
2008-11-07 22:06:22 ----D---- C:\WINDOWS\Temp
2008-11-07 22:02:02 ----D---- C:\WINDOWS
2008-11-07 22:00:44 ----D---- C:\WINDOWS\Prefetch
2008-11-07 21:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 19:01:56 ----RD---- C:\Program Files
2008-11-05 18:19:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-04 19:26:10 ----D---- C:\WINDOWS\system32
2008-11-04 18:45:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 17:37:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-01 16:02:01 ----HD---- C:\WINDOWS\inf
2008-11-01 15:48:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 00:22:26 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-26 23:08:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 20:30:38 ----AC---- C:\WINDOWS\wininit.ini
2008-10-26 03:02:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 14:56:55 ----D---- C:\WINDOWS\AppPatch
2008-10-24 14:54:10 ----AC---- C:\WINDOWS\win.ini
2008-10-24 14:54:02 ----D---- C:\Program Files\Windows Media Player
2008-10-24 14:53:59 ----D---- C:\WINDOWS\Help
2008-10-24 03:00:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 19:18:30 ----D---- C:\WINDOWS\Debug
2008-10-19 15:23:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-19 09:36:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-18 15:31:16 ----D---- C:\Program Files\SpywareGuard
2008-10-18 15:30:28 ----D---- C:\Program Files\Canon
2008-10-18 15:30:18 ----D---- C:\Program Files\DVDFab Gold
2008-10-18 15:28:49 ----D---- C:\Program Files\321Studios
2008-10-18 15:25:43 ----DC---- C:\Config.Msi
2008-10-18 15:18:29 ----SHD---- C:\WINDOWS\Installer
2008-10-18 15:18:29 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-18 15:18:29 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-15 11:59:28 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 03:14:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 03:07:56 ----D---- C:\Program Files\Internet Explorer
2008-10-15 03:07:45 ----D---- C:\WINDOWS\ie7updates
2008-10-13 21:52:12 ----D---- C:\Program Files\Mindscape
2008-10-13 21:51:11 ----D---- C:\Program Files\The Adventure Company
2008-10-11 21:02:42 ----D---- C:\Program Files\Shareaza
2008-10-11 20:19:30 ----DC---- C:\Documents and Settings\Admin\Application Data\Shareaza
2008-10-07 12:19:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-06 21:55:50 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-06 21:55:50 ----D---- C:\WINDOWS\Internet Logs
2008-10-03 12:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-16 23:52:58 ----D---- C:\WINDOWS\twain_32
2008-09-16 23:52:50 ----D---- C:\Program Files\Fichiers communs
2008-09-10 03:00:43 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-10-31 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-10-31 31504]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-06-28 16768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-02 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-07-26 12288]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-06-28 258560]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2005-02-17 124160]
R3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 302720]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-07-26 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2005-07-26 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys []
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys []
S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-11-01 47360]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-07-26 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2005-07-26 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-07-26 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\Firewall\cmdagent.exe [2008-10-31 614136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
voila!
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut,


Très bien ... on va s'occuper de ton anti-virus maintenant .... Et oui , tu n'en as pas ! ...



dans l'ordre :

1-Télécharges ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/

Déconnectes toi et fermes bien toutes tes applications en cours .

Lances le .
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

( gardes CCleaner et Malwarebytes : très utiles ! )


2- Refais un coup de CCleaner ( registre compris ) .


3- Retélécharges et réinstalles hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharges et installes le logiciel HijackThis :

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le moment )


4- Purge de la restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).


5- Ton antivirus :

Télécharges AntiVir Personal Edition ici :
https://www.pcastuces.com/logitheque/antivir.htm
ou
https://www.avira.com/

Anti-virus gratuit ( en anglais mais très simple )
Installes le et mets le à jour (fais ce-ci très régulièrement ) .

Aide AntiVir : https://www.malekal.com/avira-free-security-antivirus-gratuit/


Autorises bien AntiVir au niveau de ton pare-feu ( sinon pas de mise à jour possible ).
Tuto Comodo : https://www.malekal.com/tutorial-comodo-firewall/


Fais ce réglage supplémantaire :

***************************************
Une fois AntiVir ouvert click sur configuration et coches la case "expert mode" .
*Puis click sur configuration en haut a droite; dans la nouvelle fenetre à gauche ->scanner -> coches "scan all files" et en dessous ->scanner priority = High
*coches : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
*puis sur la droite, coches les cases suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search for rootkit before scan
et décoches :
ignore off line files
*toujours a gauche -> scan -> deploie -> heuristique -> macrovirus heuristic = coché et en dessous -> win32 heuristic la case cochée et high detection level aussi ...

---> cliques sur "OK" pour valider le réglage ...
****************************************

Une fois fait ,
Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

Lances un scan complet de ton PC , mets tout ce qu'il peut trouver en "quarantaine" ...
Redémarres ton PC et postes moi le rapport obtenu ... Aides toi bien du tuto ;)

( PS : Si AntiVir s'affolle dès la fin de son installe , ainsi qu'au redémarrage du PC , mets tout en quarantaine et postes moi tous les rapports ... )


Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012

[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4986bf1c.qua'!
C:\Program Files\Shareaza\Downloads\Copernic Agent Professional v6.12 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987bf1f.qua'!
C:\Program Files\Shareaza\Downloads\CopyRator v1.4 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987bf22.qua'!
C:\Program Files\Shareaza\Downloads\CopyToDVD v2.4.17C serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987bf24.qua'!
C:\Program Files\Shareaza\Downloads\CopyToDVD v3.0.47 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987bf27.qua'!
C:\Program Files\Shareaza\Downloads\CoreFTP Pro v1.3c build 1409 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf29.qua'!
C:\Program Files\Shareaza\Downloads\Corel Draw 11 FR serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf2c.qua'!
C:\Program Files\Shareaza\Downloads\Corel Draw 11.633 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf2f.qua'!
C:\Program Files\Shareaza\Downloads\Corel Draw Graphics Suit 11 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf31.qua'!
C:\Program Files\Shareaza\Downloads\Corel Igrafix 2007 v12.01.808.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf34.qua'!
C:\Program Files\Shareaza\Downloads\Corel Paint Shop Pro Photo XI v11.20.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf37.qua'!
C:\Program Files\Shareaza\Downloads\Corel Wordperfect 12 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf39.qua'!
C:\Program Files\Shareaza\Downloads\Corgent Diagram v2.1.0.0 for Visual Studio 2005.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989bf3c.qua'!
C:\Program Files\Shareaza\Downloads\Cosmic Voyage v3.3 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498abf3e.qua'!
C:\Program Files\Shareaza\Downloads\crack encarta 2007.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978bf44.qua'!
C:\Program Files\Shareaza\Downloads\Crack nero burning rom 7.10.1.0 - CrACK iT.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978bf47.qua'!
C:\Program Files\Shareaza\Downloads\CRACK NO DVD Oblivion Shivering Isles + PATCH v1.2.0416.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4958bf29.qua'!
C:\Program Files\Shareaza\Downloads\crack per mafia.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978bf4c.qua'!
C:\Program Files\Shareaza\Downloads\Cute FTP Pro 8 Patched-Multilingual.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bbf52.qua'!
C:\Program Files\Shareaza\Downloads\CyberLink MakeDVD 2.0.0.202.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4979bf58.qua'!
C:\Program Files\Shareaza\Downloads\Cyberlink Power Director 6 Delux Edition CRACK(2).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4979bf5e.qua'!
C:\Program Files\Shareaza\Downloads\CyberLink PowerDVD 7.3.3516 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4979bf61.qua'!
C:\Program Files\Shareaza\Downloads\Daemon Tools Pro 4.16 Patched.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cbf4b.qua'!
C:\Program Files\Shareaza\Downloads\Daemon tools pro Advanced 4.10.218.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cbf4e.qua'!
C:\Program Files\Shareaza\Downloads\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR].rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495cbf31.qua'!
C:\Program Files\Shareaza\Downloads\DAEMON Tools Pro Advanced v4.10.021 And Patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495cbf34.qua'!
C:\Program Files\Shareaza\Downloads\Daemon Tools Pro Basic 4.11.0220 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cbf56.qua'!
C:\Program Files\Shareaza\Downloads\Dameware NT Utilities v6.6.1.1.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4984bf59.qua'!
C:\Program Files\Shareaza\Downloads\Danware NetOp School v5.00.2006144.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985bf5c.qua'!
C:\Program Files\Shareaza\Downloads\DAP 7 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4967bf3e.qua'!
C:\Program Files\Shareaza\Downloads\Data Guardian v1.0.1.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bbf61.qua'!
C:\Program Files\Shareaza\Downloads\Data Village Store Manager v1.13 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bbf63.qua'!
C:\Program Files\Shareaza\Downloads\Dazzle OnDVD serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4991bf66.qua'!
C:\Program Files\Shareaza\Downloads\Dazzle OnDVD v2.0 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4991bf69.qua'!
C:\Program Files\Shareaza\Downloads\Dazzle Plus v3.3 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4991bf6b.qua'!
C:\Program Files\Shareaza\Downloads\DB Ghost v3.2.1456 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937bf4e.qua'!
C:\Program Files\Shareaza\Downloads\Dial-Up Monitor v3.0.0.19 by EQUiNOX serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978bf78.qua'!
C:\Program Files\Shareaza\Downloads\DialogBlocks v4.16 UNICODE.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978bf7b.qua'!
C:\Program Files\Shareaza\Downloads\diamond mine v1.5w serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978bf7d.qua'!
C:\Program Files\Shareaza\Downloads\DietMP3 v3.00.03 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cbf80.qua'!
C:\Program Files\Shareaza\Downloads\Digi-Watcher v2.22 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ebf83.qua'!
C:\Program Files\Shareaza\Downloads\Digital Audio Editor v7.8.5 Build 550.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ebf85.qua'!
C:\Program Files\Shareaza\Downloads\Digital File Cabinet v1.1.9 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ebf88.qua'!
C:\Program Files\Shareaza\Downloads\Digital Photo Slide Show v2005.2 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ebf8a.qua'!
C:\Program Files\Shareaza\Downloads\Digital Sound Recorder v3.23 serial number.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ebf91.qua'!
C:\Program Files\Shareaza\Downloads\DigitByte Audio To Video Mixer v3.1.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

voici le rapport tccleanner2
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Admin\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Admin\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Admin\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Admin\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Admin\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Admin\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\Admin\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Admin\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\Admin\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Admin\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

C:\Program Files\Shareaza\Downloads\Nofeel FTP Server Enterprise v3.2.3342.0 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497dc1fe.qua'!
C:\Program Files\Shareaza\Downloads\Nokia multimedia Converter v2.0 crack -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4982c201.qua'!
C:\Program Files\Shareaza\Downloads\Nokia multimedia Converter v2.0 serial number -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4982c203.qua'!
C:\Program Files\Shareaza\Downloads\Norman Virus Control v5.81 R8 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c206.qua'!
C:\Program Files\Shareaza\Downloads\Norman Virus Control v5.81 R8 Norwegian serial by CFF
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c208.qua'!
C:\Program Files\Shareaza\Downloads\Norman Virus Control v5.81 R8 serial by CFF
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c20b.qua'!
C:\Program Files\Shareaza\Downloads\Norton 360 Tested Working crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c20d.qua'!
C:\Program Files\Shareaza\Downloads\Norton Anti Virus 2008 for Vista RETAiL + Crack .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c210.qua'!
C:\Program Files\Shareaza\Downloads\Norton AntiVirus 2007 crack -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c213.qua'!
C:\Program Files\Shareaza\Downloads\Norton AntiVirus 2007 serial number -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c216.qua'!
C:\Program Files\Shareaza\Downloads\Norton AntiVirus 2008 16.0.0.58 KeyGen Crack.rar.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c218.qua'!
C:\Program Files\Shareaza\Downloads\Norton Antivirus 2008 Full Cracked INCL KEYGEN +..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c21b.qua'!
C:\Program Files\Shareaza\Downloads\Norton Ghost 12 keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c21d.qua'!
C:\Program Files\Shareaza\Downloads\Norton Internet Security 2007 crack -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c220.qua'!
C:\Program Files\Shareaza\Downloads\Norton Internet Security 2007 serial -.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c222.qua'!
C:\Program Files\Shareaza\Downloads\Norton Internet Security 2007 v10.2 patch.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c224.qua'!
C:\Program Files\Shareaza\Downloads\Norton Internet Security 2008 15.0.0.58 Cracked .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c227.qua'!
C:\Program Files\Shareaza\Downloads\Norton Internet Security 2008 Multilingual-(ESP-ITA-ENG-FRA)+ Guide to crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c22a.qua'!
C:\Program Files\Shareaza\Downloads\Norton Partition Magic 8Full Cracked.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c22c.qua'!
C:\Program Files\Shareaza\Downloads\Norton Product Suite 2007 Keygenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c22f.qua'!
C:\Program Files\Shareaza\Downloads\Norton.Antivirus.2008.beta.with.crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c231.qua'!
C:\Program Files\Shareaza\Downloads\Norton.Internet.Security.2008.+crack+instruciones.to.crack.it.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c233.qua'!
C:\Program Files\Shareaza\Downloads\NortonInternetSecurity 2008 Espanol .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c236.qua'!
C:\Program Files\Shareaza\Downloads\Nullsoft WinAmp v5.32 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4983c23e.qua'!
C:\Program Files\Shareaza\Downloads\O&O Defrag Professional 10.0.1635 Key (.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4966c1f2.qua'!
C:\Program Files\Shareaza\Downloads\Oxygen Phone Manager for Nokia Phones II 2.12.1.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c246.qua'!
C:\Program Files\Shareaza\Downloads\Panda Antivirus 2008 CracKed_.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c232.qua'!
C:\Program Files\Shareaza\Downloads\Panda Antivirus Plus Firewall (2008) crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c234.qua'!
C:\Program Files\Shareaza\Downloads\Panda Antivirus Titanium 2007 --- Crack Username Y Password.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c237.qua'!
C:\Program Files\Shareaza\Downloads\Patch + Crack + Serial - Need For Speed Carbon.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc23a.qua'!
C:\Program Files\Shareaza\Downloads\Patch - Need For Speed Carbon.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc23c.qua'!
C:\Program Files\Shareaza\Downloads\Patch ITA + Crack + Seriale - Need For Speed Carbon.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc23e.qua'!
C:\Program Files\Shareaza\Downloads\Patch.all.Windows.XP.in.a.second-(and make updates!)...rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc241.qua'!
C:\Program Files\Shareaza\Downloads\Pc Game The Sims 2 (Crack ) .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937c246.qua'!
C:\Program Files\Shareaza\Downloads\Pc Game The Sims 2 (Crack Ita) .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937c248.qua'!
C:\Program Files\Shareaza\Downloads\PC Satellite TV 2007 Elite Working KeyGenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937c22b.qua'!
C:\Program Files\Shareaza\Downloads\PC Tools AntiVirus 3.6.0.3 (version complete).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937c22d.qua'!
C:\Program Files\Shareaza\Downloads\PC Tools Internet Security 2008 Patch to 2009 Updates..rar
[0] Archive type: CAB (Microsoft)
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937c230.qua'!
C:\Program Files\Shareaza\Downloads\PDF Creator Plus 4 + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495dc234.qua'!
C:\Program Files\Shareaza\Downloads\PES2008 crack for patch 1.10 - Pro Evolution Soccer 2008 - 7 Vitality (packed by master3k).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '496ac237.qua'!
C:\Program Files\Shareaza\Downloads\PhotoSphere Professional 2.2 Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4986c25d.qua'!
C:\Program Files\Shareaza\Downloads\Pinnacle Studio Plus 10.5.1.Titanium Edition (Crack & keygen).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c25f.qua'!
C:\Program Files\Shareaza\Downloads\Pinnacle Studio Plus 10.5.1.Titanium Edition - ITA - (Crack & keygen).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c262.qua'!
C:\Program Files\Shareaza\Downloads\Pinnacle Studio Plus v11 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c265.qua'!
C:\Program Files\Shareaza\Downloads\Pinnacle Studio Plus v11 MultiLanguage Bonus DVD Incl Keygenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c268.qua'!
C:\Program Files\Shareaza\Downloads\PlayStation 2 Emulator for PC .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978c26d.qua'!
C:\Program Files\Shareaza\Downloads\Pocketgrandmaster Chess v3.0 Crack 17-01-2006 Vagus Arm Ppc With Program.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ac273.qua'!
C:\Program Files\Shareaza\Downloads\Power ISO + serial 3.8. latest.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ec275.qua'!
C:\Program Files\Shareaza\Downloads\Power ISO 3.8 + Aiudos + key.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ec278.qua'!
C:\Program Files\Shareaza\Downloads\Power ISO 3.9 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ec27b.qua'!
C:\Program Files\Shareaza\Downloads\PS3 Video Converter 3.1.21.0115 NEW.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '494ac261.qua'!
C:\Program Files\Shareaza\Downloads\Psiloc Irremote 3Rd (n80-n73-n95) Crack!.zip
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4980c284.qua'!
C:\Program Files\Shareaza\Downloads\RapidGet Download Manager by kenshin.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c274.qua'!
C:\Program Files\Shareaza\Downloads\Rapidshare Leecher + Rapidshare Tools.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c277.qua'!
C:\Program Files\Shareaza\Downloads\RapidShare Manager _2008.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c27a.qua'!
C:\Program Files\Shareaza\Downloads\Rapidshare Premium Downloader Manager.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c27c.qua'!
C:\Program Files\Shareaza\Downloads\Real Player 11.0.0.373 keygen-W0rking.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978c283.qua'!
C:\Program Files\Shareaza\Downloads\Real Player v10 Gold Ita Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978c285.qua'!
C:\Program Files\Shareaza\Downloads\RealPlayer 11 Plus for XP-VISTA.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4978c288.qua'!
C:\Program Files\Shareaza\Downloads\Regcure Crack All Versions.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ec28a.qua'!
C:\Program Files\Shareaza\Downloads\Registry First Aid Platinum 6.1.0.154 + Key.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ec28c.qua'!
C:\Program Files\Shareaza\Downloads\Resident Evil 3 Nemesis[PcGame][MULTI5]Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ac28f.qua'!
C:\Program Files\Shareaza\Downloads\Ripcast Streaming Audio Ripper V1.9 + crack (Yaya).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c296.qua'!
C:\Program Files\Shareaza\Downloads\Rosetta Stone 2007 and language pack..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ac29e.qua'!
C:\Program Files\Shareaza\Downloads\Roxio Easy Media Creator 10a crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498fc2a1.qua'!
C:\Program Files\Shareaza\Downloads\Screen Grab Pro Deluxe 1.1 (pics of your desktop)..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c297.qua'!
C:\Program Files\Shareaza\Downloads\serial + crack Panda Platinum e Titanium antivirus 200623_02_06.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c29c.qua'!
C:\Program Files\Shareaza\Downloads\SlySoft AnyDVD & AnyDVD HD 6.3 Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c2a6.qua'!
C:\Program Files\Shareaza\Downloads\SlySoft AnyDVD HD 6.3.0 FINAL incl. crack by Team Resurrection.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c2a9.qua'!
C:\Program Files\Shareaza\Downloads\Slysoft AnyDVD HD 6.3.0.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c2ab.qua'!
C:\Program Files\Shareaza\Downloads\Socket Wifi Companion v2.9.3 Crack Updated-Fixed 09-2006.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ac2b1.qua'!
C:\Program Files\Shareaza\Downloads\SolSuite 2008 8 (Best Card Game!).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4983c2b3.qua'!
C:\Program Files\Shareaza\Downloads\Sony DVD Architect Studio 4.5 (Complete Disk).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c2b6.qua'!
C:\Program Files\Shareaza\Downloads\Sony Vegas 8 Complete.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c2b8.qua'!
C:\Program Files\Shareaza\Downloads\Sony Vegas Pro 8 0a build 179 .Corporate Full.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c2bb.qua'!
C:\Program Files\Shareaza\Downloads\Sophos Antivirus 6.5.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c2be.qua'!
C:\Program Files\Shareaza\Downloads\Spyware Doctor 5.1.0.27.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c2c1.qua'!
C:\Program Files\Shareaza\Downloads\spyware doctor CRACK 4.0.0.2618 SERIAL.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c2c4.qua'!
C:\Program Files\Shareaza\Downloads\Spyware.Doctor.v5.0.0.169.Multilangages.Incl-Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4990c2c7.qua'!
C:\Program Files\Shareaza\Downloads\Steinberg Cubase SX3 + update 3.1.1.944 + dongle crack [H2O].rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cc2cd.qua'!
C:\Program Files\Shareaza\Downloads\Super Internet TV 7 2007 Patched.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c2d1.qua'!
C:\Program Files\Shareaza\Downloads\Super Todo En Uno V3 [DVD9][Spanish].rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c2d4.qua'!
C:\Program Files\Shareaza\Downloads\Surfoffline 1.4 Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c2d6.qua'!
C:\Program Files\Shareaza\Downloads\Symantec AntiVirus Corporate Edition 1.0.3-8 for Server.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4984c2dc.qua'!
C:\Program Files\Shareaza\Downloads\System Mechanic 7.5 Keygen.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ac2df.qua'!
C:\Program Files\Shareaza\Downloads\System Mechanic Professional 7.5.5.1 Full.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ac2e1.qua'!
C:\Program Files\Shareaza\Downloads\TechSmith Camtasia Studio 5 [Record your own videos]-Cracked.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497ac2cf.qua'!
C:\Program Files\Shareaza\Downloads\TEU Essentials 2007 .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '496cc2b2.qua'!
C:\Program Files\Shareaza\Downloads\The Elder Scrolls Iv Oblivion Crack (Test Ok).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cc2d8.qua'!
C:\Program Files\Shareaza\Downloads\The Shield Antivirus 2007 Pro & Firewall_.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cc2da.qua'!
C:\Program Files\Shareaza\Downloads\The.witcher.Crack.Only.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cc2dd.qua'!
C:\Program Files\Shareaza\Downloads\Tomtom Go Crack Mappe.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4984c2e7.qua'!
C:\Program Files\Shareaza\Downloads\TomTom.Navigator.6.Europa.DVD.6.010 + CRACK.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4984c2e9.qua'!
C:\Program Files\Shareaza\Downloads\Total Commander 7 for XP-VISTA.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc2ec.qua'!
C:\Program Files\Shareaza\Downloads\Trend Micro Anti-Spyware 3.5.0.104 (crackeado).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cc2f2.qua'!
C:\Program Files\Shareaza\Downloads\Trend Micro PC-Cillin Internet Security Pro 2008 16.05.10+ License Key patcher.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497cc2f5.qua'!
C:\Program Files\Shareaza\Downloads\TuneUp Utilities 2007 6.0.2312 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c2fa.qua'!
C:\Program Files\Shareaza\Downloads\TuneUp Utilities 2008 7 working Key.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c2fc.qua'!
C:\Program Files\Shareaza\Downloads\Turning.Point.Fall.Of.Liberty.PROPER.Crack.Only-FLT.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c2ff.qua'!
C:\Program Files\Shareaza\Downloads\Typing Master Pro 2005 6.30 (Multilanguage!)(Typingmaster) Crack Lic.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c305.qua'!
C:\Program Files\Shareaza\Downloads\ULEAD DVD MOVIE FACTORY V4.0 + crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495cc2da.qua'!
C:\Program Files\Shareaza\Downloads\UltraISO Premium Edition 8.6.6.2180 Working Crack + Keygenerator.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc2fd.qua'!
C:\Program Files\Shareaza\Downloads\USB Safely Remove 3.3.0.61.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4959c2e7.qua'!
C:\Program Files\Shareaza\Downloads\Video Fixer 3.23 .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '497bc2ff.qua'!
C:\Program Files\Shareaza\Downloads\Virtual Skipper 5 Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c302.qua'!
C:\Program Files\Shareaza\Downloads\Vista Codec Package 4.5(Audio and Video Codec).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498ac304.qua'!
C:\Program Files\Shareaza\Downloads\VISTA.All.Version.Activation.Code.2008..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '496ac2e7.qua'!
C:\Program Files\Shareaza\Downloads\VLC Media Player 0.8.6d . (Latest Version.). -Legal-Ups.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495ac2ed.qua'!
C:\Program Files\Shareaza\Downloads\WGA.Validate.2008.for.Windows.XP.Home+Professional..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4958c2eb.qua'!
C:\Program Files\Shareaza\Downloads\Winamp 5.5. Pro incluido plugins-advanced system.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c310.qua'!
C:\Program Files\Shareaza\Downloads\Winamp Pro v5.6 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c312.qua'!
C:\Program Files\Shareaza\Downloads\WinAVI Video Converter 8.0 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c314.qua'!
C:\Program Files\Shareaza\Downloads\WinAVI Video Converter 9.0+Serial.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c317.qua'!
C:\Program Files\Shareaza\Downloads\Windows 98 Second Edition Full Bootable CD + CD Key..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c319.qua'!
C:\Program Files\Shareaza\Downloads\Windows UE V.9.5 Fina [App][MULTI5]+.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c31c.qua'!
C:\Program Files\Shareaza\Downloads\Windows Update Genuine Advantage Validation Patch Crack Xp(1).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c321.qua'!
C:\Program Files\Shareaza\Downloads\Windows Vista 2007 Versione Definitiva In Italiano Crack!! Funziona Perfettamente!!!.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c324.qua'!
C:\Program Files\Shareaza\Downloads\Windows vista All Versions - All languages..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c327.qua'!
C:\Program Files\Shareaza\Downloads\Windows Vista Ultimate 32bit crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c329.qua'!
C:\Program Files\Shareaza\Downloads\Windows Vista Ultimate 32bit.Full.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c32c.qua'!
C:\Program Files\Shareaza\Downloads\Windows Vista Ultimate OEM EDITION (Pre-Activated + Genuine Forever with Patcher).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c32f.qua'!
C:\Program Files\Shareaza\Downloads\Windows Vista x86 MultiLang.AutoPatcher.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c331.qua'!
C:\Program Files\Shareaza\Downloads\Windows Vista x86 Ultimate Genuine OEM crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c334.qua'!
C:\Program Files\Shareaza\Downloads\Windows Xp Pro Sp3 3264 Vista Style ..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c336.qua'!
C:\Program Files\Shareaza\Downloads\Windows XP Professional Genuine Crack gennaio 2008.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c339.qua'!
C:\Program Files\Shareaza\Downloads\Windows XP Professional Service Pack 2 ..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c33c.qua'!
C:\Program Files\Shareaza\Downloads\Windows XP Professional Student SP3-Integrated + CD Key ..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c33e.qua'!
C:\Program Files\Shareaza\Downloads\Windows Xp Sp2 Pro & Home Activation Crack(1).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c341.qua'!
C:\Program Files\Shareaza\Downloads\Windows XP Ultimate Edition [December2007-R3 4 .No serial or activation needed].rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c343.qua'!
C:\Program Files\Shareaza\Downloads\Windows XP Ultimate Edition [January2008-R3.5].iso.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c346.qua'!
C:\Program Files\Shareaza\Downloads\WinRar 3.7 Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c349.qua'!
C:\Program Files\Shareaza\Downloads\WinRAR 3.7 Extreme cracked.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c34c.qua'!
C:\Program Files\Shareaza\Downloads\WinRar 3.7 Full.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c34e.qua'!
C:\Program Files\Shareaza\Downloads\Winrar 3.70 Beta7 Ita Crack Pack Icone Funziona Con Windows Vista.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c350.qua'!
C:\Program Files\Shareaza\Downloads\WinRar 3.71 final + keygen .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c353.qua'!
C:\Program Files\Shareaza\Downloads\WinRar 3.71 final Incl keygen (Works 100%)..rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c356.qua'!
C:\Program Files\Shareaza\Downloads\WinRAR 3.71.1.0 Multilingual for XP and VISTA + cRack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c359.qua'!
C:\Program Files\Shareaza\Downloads\WirelessMon 2.1 Patched .rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4989c35b.qua'!
C:\Program Files\Shareaza\Downloads\WS FTP Server with SSH 6.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4937c348.qua'!
C:\Program Files\Shareaza\Downloads\Xilisoft iPod to PC Copy 1.0.54.110.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4983c360.qua'!
C:\Program Files\Shareaza\Downloads\Xxx Clone Dvd Any Dvd Crack Serial.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498fc372.qua'!
C:\Program Files\Shareaza\Downloads\Yamicsoft Vista Manager 1.1.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4984c35e.qua'!
C:\Program Files\Shareaza\Downloads\Your Uninstaller 2006 Pro 5.0.0.230 crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498cc36f.qua'!
C:\Program Files\Shareaza\Downloads\YouTube FastDownloader.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498cc371.qua'!
C:\Program Files\Shareaza\Downloads\ZoneAlarm Anti-Spyware + Firewall 7.0.462 Retail-ReLEASD.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c374.qua'!
C:\Program Files\Shareaza\Downloads\ZoneAlarm Anti-Spyware and Antivirus 7.0.462 + working Key and Serial.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4985c377.qua'!
C:\Program Files\Shareaza\Downloads\Zuma Deluxe Luxor Amun Rising Atlantis Crack(1).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4984c37f.qua'!
C:\Program Files\Shareaza\Downloads\[App - Cad] - Autocad 2004 ITA + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4987c34d.qua'!
C:\Program Files\Shareaza\Downloads\[CRACK ITA] Football Manager 2008.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4969c352.qua'!
C:\Program Files\Shareaza\Downloads\[CRACK] - FINSON SERIAL.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4969c355.qua'!
C:\Program Files\Shareaza\Downloads\[CRACK]_Windows_XP_SP2_Wpa_Kill 2.0.0.2.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4969c357.qua'!
C:\Program Files\Shareaza\Downloads\[ITA] Avast! Antivirus 4.6.691 Professional Edition + Crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '496bc360.qua'!
C:\Program Files\Shareaza\Downloads\[PC GAME ITA] - Runaway 2 ita crack.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495ac369.qua'!
C:\Program Files\Shareaza\Downloads\[PC] - GTA 3 San Andreas Crack.rar.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '495ac36c.qua'!
C:\Program Files\Shareaza\Downloads\[Software-Ita] Adobe CS3 Creative suite design Premium (Include Crack).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4986c371.qua'!
C:\Program Files\Shareaza\Downloads\[Software] Adobe CS3 Creative suite design Premium (Include Crack).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4986c373.qua'!
C:\Program Files\Shareaza\Downloads\Windows XP Professional Genuine Crack gennaio 2008\Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '498bc388.qua'!
C:\System Volume Information\_restore{DB36F838-E630-4594-A34C-2D2D27C583D1}\RP3\A0002244.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656.2 worm
[NOTE] The file was moved to '4947c374.qua'!


End of the scan: lundi 10 novembre 2008 00:20
Used time: 43:11 Minute(s)

The scan has been done completely.

3205 Scanning directories
93323 Files were scanned
690 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
691 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
92631 Files not concerned
2363 Archives were scanned
1 Warnings
691 Notes
38950 Objects were scanned with rootkit scan
0 Hidden objects were found
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut,

Bien .... On avais oublier une bestiole ! .... ^^



donc fais ceci :


1- supprimes tout ce qui se trouve dans la quarantaine d' AntiVir .



2 - Télécharges MSNFix.zip (de !aur3n7) :
http://sosvirus.changelog.fr/MSNFix.zip
--> décompresses-le sur le Bureau ( = extraire tout ).

Déplaces ensuite le dossier que tu viens d'extraire directement sous ton disque dure ,
c'est à dire ici -> C:\MSNFix .
( c'est très important pour le bon fonctionnement de l'outil ! ).

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

Lances le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R (recherche).
- Si l'infection est détectée, exécute l'option N (nettoyage) .

-> Une fois finit, sauvegardes le rapport généré sur ton bureau .
Redémarres ton PC ( = retour au mode normal ).

-> il se peut aussi que l'infection doit être nettoyer au redémarrage du PC : avant l'arrivée du bureau , une fenêtre demandant l'exécution de "MSNfix" s'ouvre .
-> cliques sur ok pour que l'outil puisse finir de travailler (patiente jusqu'à l'apparition du bureau ... ceci peut s'avérer relativement long).
le rapport s'ouvrira à l'arrivée du bureau ...

( PS : le rapport est en outre sauvegardé ici C:\MSNFix\"date_heure".txt ou ici C:\WINDOWS\msnfix.txt )

---> postes moi ce rapport accompagné d'un nouveau rapport hijackthis ( fait en mode normal ) dans ta prochaine réponse pour analyse ...

Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

Salut!

J'ai fait ce que tu a sdit mais pour envoyer le msnfix(bon ok je le nomme a peu près) je n'arrive pas a l,envoyer sur le disque C:, il ne me donne comme choix que le bureau, mes documents ou disquette A:. DisquetteA: est-ce ok?

Désolée pour le contre-temps!
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
le .zip , comme je l'ai dis , c'est sur le bureau ....Puis tu le décompresses sur ton bureau : un dossier MSNFix est alors créer sur ton bureau et c'est ce dernier qu'il faut que tu déplaces sous C .... ^^

ensuite tu enchaines la manipe ...
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

oui c'est ça! mais c'est lui que je n'arrive pas a envoyer sur C: , il ne me donne que le choix de l'envoyer sur A disquette! si si!
j,essaie sur A;?
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461 >
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

non , sur le bureau !

tu cliques droit sur le lien et choisis " enregistrer la cible sous..." et la dans la fenêtre qui s'ouvre , tu choisis le BUREAU et cliques sur enregistrer ...

Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012
>
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012

Allo! désolée encore pour le délai!! les jours filent!

Bon j'ai fait comme j'ai pu..voici le log de mnfix

read file error: C:\DOCUME~1\Admin\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\Admin\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.


et voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:43:41, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut,


bien ce n'est pas le bon rapport .... regardes ici : C:\Windows\msnfix.txt et postes ce rapport ...


dis moi si tu as encore des prb ... sinon on peut finaliser ....



1- Désinstalles proprement COMODO et réinstalles le .... il manque des composantes imlportante ...
-> http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto :
https://www.malekal.com/tutorial-comodo-firewall/
Attention : pour Comodo 3 , ne pas installer la barre de recherche pour les navigateurs !



2- Mets à jours ce qui suit, c'est important ( des versions pas à jours = failles de sécurité ) :
* Adobe Reader :
-> désinstalles avant l'ancienne version via le panneau de config./"Ajout et suppression de programmes" (pour XP) ou " Programmes et fonctionnalités " (pour Vista) .
-> Important : si tu as une imprimante ,désactives la et la débranches du PC avant de faire la mise à jour.
-> télécharges et installes la dernière version ici :
http://www.commentcamarche.net/telecharger/telecharger 27 acrobat reader



3- repostes un dernier hijackthis de contrôle et attends la suite ....
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

MSNFix 1.749

C:\Documents and Settings\Admin\Bureau\MSNFix\MSNFix
Fix exécuté le 2008-11-19 - 0:37:42,51 By Admin
mode sans échec

************************ Recherche les fichiers présents

... C:\??????.exe
... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Admin\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\DOCUME~1\Admin\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\cftmon.exe
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\system32\tmp.txt



************************ Nettoyage du registre
voila pour la rapport msnfix..je continue..
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
très bien ... effectivement tu peux continuer ....

Tu ne m'as pas dis .... Encore des soucis particuliers ou pas ?
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

ben mon ordi plante avec un bel écran bleu mais le message a changé..hihi...
maintenant ce n'est plus irql mais bad caller page..ou un truc semblable
mais je dis dire que Un: il plante sensiblement moins souvent et Deux: mon espace sur mon disque dur est redevenu normal!!! c'est bon c'est bon...


voici mon rapport hijackthis..ne sais plus si je l'avais envoyé...ensuite j'installe a nouveau comodo avec le tuto...
et j'attends de tes nouvelles!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:17, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Ok ....


donc la suite pour le moment :

Ouvre le bloc-notes (menu démarrer/accessoire/bloc-note) et fais un copier coller de ce qui est en citation en gras ci-dessous ( copie tout d'un trait ) :


REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""



Sauvegarder le document sur ton bureau :
Vas sur "fichier"/"enregistrer sous" :
--->Nom du fichier, tu tapes : fix.reg
Type de fichier, tu choisis : "tous les fichiers"
cliques sur "enregistrer"

-!!Déconnectes toi et fermes toute tes applications en cours !!

Doubles clique sur fix.reg qui est sur ton bureau => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"



2- Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

!!Déconnectes toi et fermes tes application en cours !!

Dézippes (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .

Ouvres le dossier Genproc :
double-cliques sur GenProc.bat et laisses faire ...

Une fois terminé, postes le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

hello!
voici donc le rapport genproc

Rapport GenProc 2.223 [1] -2008-11-19- Windows XP


GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


Poste un rapport Nod32 https://www.eset.com/
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

j'ai entre-temps, enlevé comodo et réinstallé..youpii! je n,ai plus la barre de recherche!
J'ai enlevé adobe, débrancher mon imprimante et téléchargé a nouveau...

un ti scan hijack??
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Nickel donc ... ^^



repostes moi un nouvel hijackthis stp ...


Puis je te donnerai la suite demain .... C'est l'heure pour moi d'aller me coucher ... ;)
Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

Oui..pas sur le même fuseau!
voici donc:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:45, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
461
Salut ,


impec ... suite et fin dans l'ordre :


1- Déconnectes toi et fermes bien toutes tes applications en cours .

Lances Toolscleaner2 .
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
---> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

Puis enfin supprimes Toolscleaner2 ...



2- Refais un coup de CCleaner ( registre compris ) .



3- Fais ce check-up pour finir :

( étape A à faire de suite ! et le reste dès que tu peux mais ne tardes pas trop ;) )


A-Purge de la restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).


Attention : ne pas toucher au PC pendant qu'il travaille !

B-Nettoyage et Défragmentation de tes Disques
*Nettoyage :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
Cliques sur le bouton "nettoyage de disque", OK
tu le fais pour chacun de tes disques

*Vérifications des erreurs :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
"Vérifier maintenant", une boîte s'ouvre, cocher les cases :
-réparer automatiquement les erreurs...
-rechercher et tenter une récupération...
--->Démarrer, ok
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
tu le fais pour chacun de tes disques

ensuite toujours dans le même onglet tu choisis :
*Défragmentation :
"défragmenter maintenant", OK
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
tu le fais pour chacun de tes disques

Note : si tu as un utilitaire pour défragmenter , utilises le à la place ...


C-Crées un point de restauration de ton PC :

Aller dans le Menu Démarrer puis dans Programmes,
- Ensuite dans Accessoires et enfin dans Outils système,
- Choisir "Restauration du système",
- Sélectionner "Créer un point de restauration",
- Cliquer sur "Suivant",
- Entrer un nom pour le point de restauration (ce nom doit être assez évocateur), exemple :
<< Point restauration sain >> .

--> Cliquer sur "Créer" et le point de restauration se créé automatiquement.




---> une fois terminé, dis moi ce que cela a donné et comment va le PC ... =)



Messages postés
55
Date d'inscription
dimanche 23 septembre 2007
Statut
Membre
Dernière intervention
27 août 2012

Allo!

J'ai fait tout ce que tu as dit!
Et cela semble bien aller depuis!!!
Nous pouvons dire alors que le problème est réglé!!!
Un gros merci et je te souhaite de passer de joyeuses fêtes !!
MERCI!
Nikita