Sujet Précédent Sujet Suivant

Avast ne veut pa straiter le virus

Fermé
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 - 2 déc. 2008 à 15:55
 metoo.59 - 7 déc. 2008 à 02:25
Bonjour,me voilà avec un autre problème je cherche dans les autres tuto mais ça ne me dit rien que je comprenne
en regardant ses email mon mari a recu un virus et l'a supprimé et depuis problème de mise a jour automatique et virus toujours là ordi qui buggue j'ai peur de perdre mes document
win32:Rootkit-gen[Rtk]
C:\windows\system32\byXrPJYr.dll
A voir également:

76 réponses

Réponse 1 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
2 déc. 2008 à 16:00
Salut,

Infection Vundo/Virtumonde.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Je te conseille vivement d'installer la Console de récupération.

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
0
Réponse 2 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
2 déc. 2008 à 16:37
merci de cette reponse ultra rapide mais je suis une femme tres novice qui me debroullait pourtant bien jusque là..et tu me perles trop pro alors je vais proceder par etapes et je te dirai quand je sais pas faire si tu veux bien, là je vais telecharger ce que tu as dit
0
Réponse 3 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
2 déc. 2008 à 17:51
voilà j'ai tout fait et maintenant il ne me reste plus qu'à te poster le rapport(si j'y arrive...)
ComboFix 08-12-01.03 - Michèle 2008-12-02 16:50:54.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.368 [GMT 1:00]
Lancé depuis: c:\documents and settings\Michèle\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bernard\err.log
c:\documents and settings\Bernard\Menu Démarrer\Programmes\moviebox
c:\documents and settings\Bernard\Menu Démarrer\Programmes\moviebox\Uninstall.lnk
c:\documents and settings\Johanna\err.log
c:\documents and settings\Laura\Application Data\ShoppingReport
c:\documents and settings\Laura\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Laura\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Laura\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Laura\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Laura\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Laura\err.log
c:\documents and settings\Michèle\Application Data\DriveCleaner 2006
c:\documents and settings\Michèle\Application Data\DriveCleaner 2006\activator_info.txt
c:\documents and settings\Michèle\Application Data\DriveCleaner 2006\Logs\Activate.log
c:\documents and settings\Michèle\Application Data\DriveCleaner 2006\Logs\update.log
c:\documents and settings\Michèle\Application Data\errorsafefrenchnewreleaseinstall[1].exe
c:\documents and settings\Michèle\Application Data\Seekmo
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893236.sdf
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25043
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42915
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79079
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\363f.dat
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\btntrans.idx
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\btntrans1.dat
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\buttondir.txt
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\components.cdf
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\cursors.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_1000.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_2000.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_3000.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_bar.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_bbar1.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_logos.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_buttons_other.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\d_icons_weather.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\default.cdf
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_511745-514279.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_categorize.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_comparison.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_explorer-Mails.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_explorer-people.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_favorites.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_Games.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_Hide.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_hotbarcom.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_Hotmail.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_hsskin.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_Mails.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_new.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_premium.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_searchfor.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_searchgo.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_weather.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Default_yellowpages.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\email-def-511724-548964.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\email-def-511724-9595.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\email-t1-bg.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\icons2.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\ie_games_icon.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\ie_video.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\keywords.idx
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\keywords1.dat
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\layout.cdf
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\linkpathlegal.txt
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\progress.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\s_icons_buttons.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\sales_buttons.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\seekmo.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\seekmo_ie_menu.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\t2_bg.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\theweb.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\top7.cdf
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\Top7_theweb.mnu
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\2(2)\tsd_bg.res
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
c:\documents and settings\Michèle\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
c:\documents and settings\Michèle\Application Data\ShoppingReport
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Michèle\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Michèle\Local Settings\Application Data\cuusw.dat
c:\documents and settings\Michèle\Local Settings\Application Data\cuusw.exe
c:\documents and settings\Michèle\Local Settings\Application Data\cuusw_nav.dat
c:\documents and settings\Michèle\Local Settings\Application Data\cuusw_navps.dat
c:\documents and settings\Michèle\Local Settings\Application Data\dpdyui.dat
c:\documents and settings\Michèle\Local Settings\Application Data\dpdyui_nav.dat
c:\documents and settings\Michèle\Local Settings\Application Data\dpdyui_navps.dat
c:\documents and settings\Sarah\Application Data\DriveCleaner 2006
c:\documents and settings\Sarah\Application Data\DriveCleaner 2006\Logs\Activate.log
c:\documents and settings\Sarah\Application Data\DriveCleaner 2006\Logs\update.log
c:\documents and settings\Sarah\Application Data\ShoppingReport
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Sarah\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Sarah\err.log
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\program files\video activex object
c:\program files\webmediaplayer
c:\windows\fxstaller.exe
c:\windows\system32\ajrflbcc.dll
c:\windows\system32\bbraegvu.dll
c:\windows\system32\dpbltb.dll
c:\windows\system32\dwifillu.dll
c:\windows\system32\geBsrRhi.dll
c:\windows\system32\iifcYRjk.dll
c:\windows\system32\kjRYcfii.ini
c:\windows\system32\kjRYcfii.ini2
c:\windows\system32\kSDKnUvw.ini
c:\windows\system32\kSDKnUvw.ini2
c:\windows\system32\ljJBrOFW.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nnnnLeBu.dll
c:\windows\system32\orfybyla.dll
c:\windows\system32\pjtpbo.dll
c:\windows\system32\sracvr.dll
c:\windows\system32\WFOrBJjl.ini
c:\windows\system32\WFOrBJjl.ini2
c:\windows\system32\wvUnKDSk.dll
c:\windows\system32\xaqpqn.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
.

2008-12-02 16:24 . 2008-12-02 16:24 34,816 --a------ c:\windows\system32\tuvSljjI.dll
2008-12-02 14:16 . 2008-12-02 17:20 <REP> d-------- c:\documents and settings\Michèle\Tracing
2008-12-02 14:16 . 2008-12-02 17:20 <REP> d-------- c:\documents and settings\Michèle\Tracing
2008-12-02 14:15 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-12-02 14:11 . 2008-12-02 14:11 <REP> d-------- c:\program files\Microsoft
2008-12-02 14:07 . 2008-12-02 14:07 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-02 09:47 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00002_.tmp
2008-12-02 09:03 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00001_.tmp
2008-12-01 21:54 . 2008-12-01 21:53 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 18:46 . 2008-12-01 18:53 5,089 --a------ C:\rrrreet.exe
2008-11-29 09:05 . 2008-12-02 09:59 1,374 --a------ c:\windows\imsins.BAK
2008-11-29 01:32 . 2008-11-29 01:32 <REP> d-------- c:\program files\iPod
2008-11-29 01:31 . 2008-11-29 01:32 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 01:25 . 2008-11-29 01:26 <REP> d-------- c:\program files\QuickTime
2008-11-25 19:42 . 2008-11-26 13:52 <REP> d-------- c:\program files\Slide
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\program files\Uniblue
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\documents and settings\Michèle\Application Data\Uniblue
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-21 15:23 . 2008-11-21 15:24 <REP> d-------- c:\program files\RamBoost XP
2008-11-19 22:28 . 2008-11-19 22:32 <REP> d-------- c:\program files\Histoire
2008-11-18 11:40 . 2008-11-18 11:44 <REP> d-------- c:\documents and settings\Michèle\iWizz
2008-11-18 11:40 . 2008-11-18 11:44 <REP> d-------- c:\documents and settings\Michèle\iWizz
2008-11-18 11:29 . 2008-11-18 11:46 <REP> d-------- c:\documents and settings\Michèle\.bitrock
2008-11-18 11:29 . 2008-11-18 11:46 <REP> d-------- c:\documents and settings\Michèle\.bitrock
2008-11-16 22:09 . 2008-11-16 22:09 <REP> d-------- c:\program files\PowerpointImageExtractor_V1_2
2008-11-16 12:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 12:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-15 23:03 . 2008-11-15 23:03 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-15 22:51 . 2008-11-15 22:51 <REP> d-------- c:\program files\NOS
2008-11-15 22:51 . 2008-11-15 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-13 10:07 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-13 10:06 . 2008-11-13 10:06 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-08 15:38 . 2008-11-08 15:39 <REP> d-------- c:\program files\FinePixViewerS
2008-11-08 15:37 . 2008-11-08 16:01 <REP> d-------- c:\documents and settings\Michèle\Application Data\FUJIFILM
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 13:14 --------- d-----w c:\program files\Windows Live
2008-12-02 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-02 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-02 09:54 --------- d-----w c:\program files\Sony
2008-12-01 20:53 --------- d-----w c:\program files\Java
2008-11-29 00:32 --------- d-----w c:\program files\iTunes
2008-11-29 00:32 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-23 19:13 --------- d-----w c:\documents and settings\Laura\Application Data\OpenOffice.org2
2008-11-21 15:17 --------- d-----w c:\documents and settings\Michèle\Application Data\OpenOffice.org2
2008-11-16 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-16 11:33 --------- d-----w c:\program files\KaraFun
2008-11-15 22:01 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-14 13:03 --------- d-----w c:\program files\eMule
2008-11-13 09:06 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-08 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 12:20 --------- d-----w c:\documents and settings\Michèle\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-14 07:36 --------- d-----w c:\program files\Bonjour
2008-10-02 17:31 --------- d-----w c:\documents and settings\Sarah\Application Data\HiYo
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-08 23:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-05 15:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-06 19:57 2,722,460 ----a-w c:\documents and settings\Nouveau dossier\XXX-Ne_pas_oublier_de_beurrer_le_mou.zip
2008-04-06 17:18 3,205,100 ----a-w c:\documents and settings\Nouveau dossier\ts xx bon gateau.zip
2007-07-25 20:36 17,155,148 -c--a-w c:\program files\LimeWire.rar
2007-06-02 22:20 6,652,812 -c--a-w c:\program files\sld.codec.pack.2.2.exe
2006-10-11 13:24 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-02 16:24 34816 --a------ c:\windows\system32\tuvSljjI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-15 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Johanna\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\MichŠle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-11-13 143360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-11-08 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-15 450560]
Rappels du Calendrier Microsoft Works.lnk - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 53317]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\tuvSljjI.dll" [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSljjI]
2008-12-02 16:24 34816 c:\windows\system32\tuvSljjI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pjtpbo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.NSVI"= nsvideo.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\yayyYOeD

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michèle^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Michèle\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
--a------ 2008-03-09 10:00 480648 c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muscbrigade]
--a------ 2005-12-22 09:26 40960 c:\musicbrigade\Musicbrigade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slide.exe]
--a------ 2007-06-08 12:47 37760 c:\program files\Slide\Slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 17:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Magentic\\bin\\Magentic_Install.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2008-01-24 16855]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-02 56344]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2008-01-24 21808]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys [2008-01-24 44256]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-15 33752]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\system32\Drivers\resc_dwb.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-02 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{C07C3E5B-5181-4646-9EE4-76C99E9B0054} - c:\windows\system32\iifcYRjk.dll
BHO-{e19eca95-bfcb-4fb9-85b5-559c008ebbdd} - c:\windows\system32\pjtpbo.dll
HKCU-Run-fsc-reminder.exe - c:\windows\reminder\fsc-reminder.exe
HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
HKCU-Run-dpdyui - c:\documents and settings\michèle\local settings\application data\dpdyui.exe
HKCU-Run-cuusw - c:\documents and settings\michèle\local settings\application data\cuusw.exe
Notify-byXrPJYr - byXrPJYr.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Michèle\Application Data\Mozilla\Firefox\Profiles\cjjngcnf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT669491&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 17:16:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tuvSljjI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\documents and settings\Michèle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
c:\documents and settings\Michèle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-02 17:23:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-02 16:23:21

Avant-CF: 179 902 693 376 octets libres
Après-CF: 183,594,868,736 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

435 --- E O F --- 2008-11-17 11:08:37
0
Réponse 4 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
2 déc. 2008 à 18:02
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
2 déc. 2008 à 19:54
voila
Search Navipromo version 3.6.9 commencé le 02/12/2008 à 18:12:53,17

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "MichÞle"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit
Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\MichÞle\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Laura\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Sarah\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\MichÞle\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Bernard\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Laura\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Sarah\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\MichÞle\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Bernard\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Johanna\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Laura\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\Sarah\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\MichÞle\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Bernard\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Laura\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Sarah\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\MichÞle\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Bernard\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Laura\locals~1\applic~1" :


* Dans "C:\DOCUME~1\Sarah\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\DeOYyyay.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 02/12/2008 à 18:32:01,62 ***
0
Réponse 6 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
2 déc. 2008 à 19:57
---> Relance Navilog1, fais l'option 2 et poste le rapport.
0
Réponse 7 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
2 déc. 2008 à 21:57
bon j'espère que j'ai tout bien fait car autour de moi il y avait beaucoup qui me prenait la tête
Clean Navipromo version 3.6.9 commencé le 02/12/2008 à 21:42:29,92

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "MichÞle"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Michèle\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\Bernard\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Laura\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Sarah\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Michèle\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Laura\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Sarah\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Michèle\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Bernard\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Laura\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Sarah\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Michèle\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Bernard\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Johanna\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Laura\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\Sarah\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\MichŠle\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Michèle\locals~1\applic~1" *


* Dans "C:\DOCUME~1\Bernard\locals~1\applic~1" *


* Dans "C:\DOCUME~1\Laura\locals~1\applic~1" *


* Dans "C:\DOCUME~1\Sarah\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 02/12/2008 à 21:49:56,92 ***
0
Réponse 8 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
2 déc. 2008 à 21:58
"bon j'espère que j'ai tout bien fait car autour de moi il y avait beaucoup qui me prenait la tête "
---> Je n'ai pas compris cette phrase.

(Je m'absente)
0
Réponse 9 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
2 déc. 2008 à 22:08
çà c'est pas grave on etait parti chez des amis , j'ai vu ta reponse en revenant et je t'ai posté dessous la phrase que tu comprends pas le resultat.mais autour de moi mon mari telephonait et parlait fort, du coup je me demandait si j'avais bien fait la manip
en tout cas je te remercie car dans avast je ne vois plus le virus, est ce qu'il y a autre chose a faire??
bonsoir
a demain peut être
0
Réponse 10 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
2 déc. 2008 à 23:02
/!\ Seul metoo.59 peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
c:\windows\system32\tuvSljjI.dll
C:\rrrreet.exe
C:\WINDOWS\system32\DeOYyyay.ini2

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSljjI]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]






---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 11 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
3 déc. 2008 à 10:14
ComboFix 08-12-01.03 - Michèle 2008-12-03 8:56:02.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.266 [GMT 1:00]
Lancé depuis: c:\documents and settings\Michèle\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Michèle\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\rrrreet.exe
c:\windows\system32\DeOYyyay.ini2
c:\windows\system32\tuvSljjI.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\rrrreet.exe
c:\windows\system32\blqpde.dll
c:\windows\system32\bnsdxdeh.ini
c:\windows\system32\DeOYyyay.ini
c:\windows\system32\DeOYyyay.ini2
c:\windows\system32\edJknqru.ini
c:\windows\system32\edJknqru.ini2
c:\windows\system32\hedxdsnb.dll
c:\windows\system32\invosx.dll
c:\windows\system32\mkcqwfhj.dll
c:\windows\system32\qfqamefk.dll
c:\windows\system32\tuvSljjI.dll
c:\windows\system32\yayyYOeD.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.

2008-12-03 08:37 . 2008-12-03 08:37 303,104 --a------ c:\windows\system32\urqnkJde.dll
2008-12-02 22:24 . 2008-12-03 06:47 <REP> d-------- c:\documents and settings\Bernard\Tracing
2008-12-02 18:10 . 2008-12-02 21:49 <REP> d-------- c:\program files\Navilog1
2008-12-02 14:16 . 2008-12-03 08:34 <REP> d-------- c:\documents and settings\Michèle\Tracing
2008-12-02 14:16 . 2008-12-03 08:34 <REP> d-------- c:\documents and settings\Michèle\Tracing
2008-12-02 14:15 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-12-02 14:11 . 2008-12-02 14:11 <REP> d-------- c:\program files\Microsoft
2008-12-02 14:07 . 2008-12-02 14:07 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-02 11:29 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-02 09:47 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00002_.tmp
2008-12-02 09:03 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00001_.tmp
2008-12-01 21:54 . 2008-12-01 21:53 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-29 09:05 . 2008-12-02 09:59 1,374 --a------ c:\windows\imsins.BAK
2008-11-29 01:32 . 2008-11-29 01:32 <REP> d-------- c:\program files\iPod
2008-11-29 01:31 . 2008-11-29 01:32 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 01:25 . 2008-11-29 01:26 <REP> d-------- c:\program files\QuickTime
2008-11-25 19:42 . 2008-11-26 13:52 <REP> d-------- c:\program files\Slide
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\program files\Uniblue
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\documents and settings\Michèle\Application Data\Uniblue
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-21 15:23 . 2008-11-21 15:24 <REP> d-------- c:\program files\RamBoost XP
2008-11-19 22:28 . 2008-11-19 22:32 <REP> d-------- c:\program files\Histoire
2008-11-18 11:40 . 2008-11-18 11:44 <REP> d-------- c:\documents and settings\Michèle\iWizz
2008-11-18 11:40 . 2008-11-18 11:44 <REP> d-------- c:\documents and settings\Michèle\iWizz
2008-11-18 11:29 . 2008-11-18 11:46 <REP> d-------- c:\documents and settings\Michèle\.bitrock
2008-11-18 11:29 . 2008-11-18 11:46 <REP> d-------- c:\documents and settings\Michèle\.bitrock
2008-11-16 22:09 . 2008-11-16 22:09 <REP> d-------- c:\program files\PowerpointImageExtractor_V1_2
2008-11-16 12:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 12:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-15 23:03 . 2008-11-15 23:03 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-15 22:51 . 2008-11-15 22:51 <REP> d-------- c:\program files\NOS
2008-11-15 22:51 . 2008-11-15 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-13 10:07 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-13 10:06 . 2008-11-13 10:06 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-08 15:38 . 2008-11-08 15:39 <REP> d-------- c:\program files\FinePixViewerS
2008-11-08 15:37 . 2008-11-08 16:01 <REP> d-------- c:\documents and settings\Michèle\Application Data\FUJIFILM
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 13:14 --------- d-----w c:\program files\Windows Live
2008-12-02 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-02 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-02 09:54 --------- d-----w c:\program files\Sony
2008-12-01 20:53 --------- d-----w c:\program files\Java
2008-11-29 00:32 --------- d-----w c:\program files\iTunes
2008-11-29 00:32 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-23 19:13 --------- d-----w c:\documents and settings\Laura\Application Data\OpenOffice.org2
2008-11-21 15:17 --------- d-----w c:\documents and settings\Michèle\Application Data\OpenOffice.org2
2008-11-16 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-16 11:33 --------- d-----w c:\program files\KaraFun
2008-11-15 22:01 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-14 13:03 --------- d-----w c:\program files\eMule
2008-11-13 09:06 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-08 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 12:20 --------- d-----w c:\documents and settings\Michèle\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-14 07:36 --------- d-----w c:\program files\Bonjour
2008-09-05 15:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-04-06 19:57 2,722,460 ----a-w c:\documents and settings\Nouveau dossier\XXX-Ne_pas_oublier_de_beurrer_le_mou.zip
2008-04-06 17:18 3,205,100 ----a-w c:\documents and settings\Nouveau dossier\ts xx bon gateau.zip
2007-07-25 20:36 17,155,148 -c--a-w c:\program files\LimeWire.rar
2007-06-02 22:20 6,652,812 -c--a-w c:\program files\sld.codec.pack.2.2.exe
2006-10-11 13:24 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_17.21.55.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 20:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-18 20:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-18 20:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
+ 2008-12-03 08:04:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_134.dat
- 2008-12-02 16:13:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2008-12-03 08:04:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-15 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Johanna\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\MichŠle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-11-13 143360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-11-08 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-15 450560]
Rappels du Calendrier Microsoft Works.lnk - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 53317]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.NSVI"= nsvideo.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michèle^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Michèle\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
--a------ 2008-03-09 10:00 480648 c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muscbrigade]
--a------ 2005-12-22 09:26 40960 c:\musicbrigade\Musicbrigade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slide.exe]
--a------ 2007-06-08 12:47 37760 c:\program files\Slide\Slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 17:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Magentic\\bin\\Magentic_Install.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2008-01-24 16855]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-02 56344]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2008-01-24 21808]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys [2008-01-24 44256]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-15 33752]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\system32\Drivers\resc_dwb.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{B37E30CF-FAB9-4EB4-A005-F2D02B0A5616} - c:\windows\system32\yayyYOeD.dll
BHO-{edb49e1f-31c5-466d-80fa-fa870e46b7f8} - c:\windows\system32\invosx.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 10:06:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\documents and settings\Michèle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\documents and settings\Michèle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-03 10:11:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-03 09:11:34
ComboFix2.txt 2008-12-02 16:23:29

Avant-CF: 184 674 553 856 octets libres
Après-CF: 184,732,467,200 octets libres

263 --- E O F --- 2008-11-17 11:08:37
0
Réponse 12 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
3 déc. 2008 à 13:34
je vois que vous n'êtes pas là , dîtes moi si il y a autre chose à faire quand vous reviendrez
merci encore!!!!
0
Réponse 13 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
3 déc. 2008 à 13:40
Elle est bien incrustée ton infection Vundo.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 14 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
3 déc. 2008 à 18:27
et bien là j'ai vu l'infection? c'est grave? voici le rapport..

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1454
Windows 5.1.2600 Service Pack 3

03/12/2008 18:23:15
mbam-log-2008-12-03 (18-23-15).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Eléments examinés: 241365
Temps écoulé: 2 hour(s), 34 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 35
Fichier(s) infecté(s): 202

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{85fdd2b5-1ab3-425f-b572-d0d322e038b2} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d8f004e-9746-42c5-87e3-e699e9b745ef} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b1339ea1-5ffc-4cf5-aba9-728af0647296} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\DriveCleaner 2006 (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\DriveCleaner 2006\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\DriveCleaner 2006 (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\DriveCleaner 2006\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\IESkins (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\HostOI (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\HostOI\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\HostOI\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\HostOL (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\HostOL\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\HostOL\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Documents and Settings\Michèle\Application Data\errorsafefrenchnewreleaseinstall[1].exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\fxstaller.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ajrflbcc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bbraegvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\blqpde.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpbltb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dwifillu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hedxdsnb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifcYRjk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJBrOFW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\orfybyla.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pjtpbo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qfqamefk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sracvr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvSljjI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xaqpqn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyYOeD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP796\A0225726.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP796\A0225821.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP809\A0229074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP809\A0229075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232512.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232497.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232503.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232505.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232510.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232514.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232516.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232517.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232518.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP849\A0232521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP852\A0232717.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP852\A0232719.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP852\A0232721.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP852\A0232724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0D40B3-BE3B-4506-A3B9-6F679A96EC40}\RP852\A0232725.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner 2006\DCPChk.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner 2006\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\DriveCleaner 2006\Logs\Activate.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\DriveCleaner 2006\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\DriveCleaner 2006\Logs\Activate.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bernard\Application Data\DriveCleaner 2006\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\803618.sdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000032954 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\11208 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34123 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42013 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Johanna\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqnkJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 15 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
3 déc. 2008 à 18:28
---> Fais un nouveau scan ComboFix et poste le rapport.
0
Réponse 16 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
3 déc. 2008 à 19:29
ComboFix 08-12-02.02 - Michèle 2008-12-03 19:15:00.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.416 [GMT 1:00]
Lancé depuis: c:\documents and settings\Michèle\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.

2008-12-03 15:27 . 2008-12-03 15:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 15:27 . 2008-12-03 15:27 <REP> d-------- c:\documents and settings\Michèle\Application Data\Malwarebytes
2008-12-03 15:27 . 2008-12-03 15:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 15:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 15:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-02 22:24 . 2008-12-03 12:10 <REP> d-------- c:\documents and settings\Bernard\Tracing
2008-12-02 18:10 . 2008-12-02 21:49 <REP> d-------- c:\program files\Navilog1
2008-12-02 14:16 . 2008-12-03 10:09 <REP> d-------- c:\documents and settings\Michèle\Tracing
2008-12-02 14:16 . 2008-12-03 10:09 <REP> d-------- c:\documents and settings\Michèle\Tracing
2008-12-02 14:15 . 2008-09-04 22:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-12-02 14:11 . 2008-12-02 14:11 <REP> d-------- c:\program files\Microsoft
2008-12-02 14:07 . 2008-12-02 14:07 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-02 11:29 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-02 09:47 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00002_.tmp
2008-12-02 09:03 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00001_.tmp
2008-12-01 21:54 . 2008-12-01 21:53 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-29 09:05 . 2008-12-02 09:59 1,374 --a------ c:\windows\imsins.BAK
2008-11-29 01:32 . 2008-11-29 01:32 <REP> d-------- c:\program files\iPod
2008-11-29 01:31 . 2008-11-29 01:32 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 01:25 . 2008-11-29 01:26 <REP> d-------- c:\program files\QuickTime
2008-11-25 19:42 . 2008-11-26 13:52 <REP> d-------- c:\program files\Slide
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\program files\Uniblue
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d-------- c:\documents and settings\Michèle\Application Data\Uniblue
2008-11-21 15:33 . 2008-11-21 15:33 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-21 15:23 . 2008-11-21 15:24 <REP> d-------- c:\program files\RamBoost XP
2008-11-19 22:28 . 2008-11-19 22:32 <REP> d-------- c:\program files\Histoire
2008-11-18 11:40 . 2008-11-18 11:44 <REP> d-------- c:\documents and settings\Michèle\iWizz
2008-11-18 11:40 . 2008-11-18 11:44 <REP> d-------- c:\documents and settings\Michèle\iWizz
2008-11-18 11:29 . 2008-11-18 11:46 <REP> d-------- c:\documents and settings\Michèle\.bitrock
2008-11-18 11:29 . 2008-11-18 11:46 <REP> d-------- c:\documents and settings\Michèle\.bitrock
2008-11-16 22:09 . 2008-11-16 22:09 <REP> d-------- c:\program files\PowerpointImageExtractor_V1_2
2008-11-16 12:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 12:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-15 23:03 . 2008-11-15 23:03 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-15 22:51 . 2008-11-15 22:51 <REP> d-------- c:\program files\NOS
2008-11-15 22:51 . 2008-11-15 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-13 10:07 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-11-13 10:06 . 2008-11-13 10:06 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-08 15:38 . 2008-11-08 15:39 <REP> d-------- c:\program files\FinePixViewerS
2008-11-08 15:37 . 2008-11-08 16:01 <REP> d-------- c:\documents and settings\Michèle\Application Data\FUJIFILM
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-03 09:30 --------- d-----w c:\program files\IncrediMail
2008-12-02 13:14 --------- d-----w c:\program files\Windows Live
2008-12-02 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-02 09:54 --------- d-----w c:\program files\Sony
2008-12-01 20:53 --------- d-----w c:\program files\Java
2008-11-29 00:32 --------- d-----w c:\program files\iTunes
2008-11-29 00:32 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-23 19:13 --------- d-----w c:\documents and settings\Laura\Application Data\OpenOffice.org2
2008-11-21 15:17 --------- d-----w c:\documents and settings\Michèle\Application Data\OpenOffice.org2
2008-11-16 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-16 11:33 --------- d-----w c:\program files\KaraFun
2008-11-15 22:01 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-14 13:03 --------- d-----w c:\program files\eMule
2008-11-13 09:06 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-08 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 12:20 --------- d-----w c:\documents and settings\Michèle\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-14 07:36 --------- d-----w c:\program files\Bonjour
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-08 23:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-05 15:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-06 19:57 2,722,460 ----a-w c:\documents and settings\Nouveau dossier\XXX-Ne_pas_oublier_de_beurrer_le_mou.zip
2008-04-06 17:18 3,205,100 ----a-w c:\documents and settings\Nouveau dossier\ts xx bon gateau.zip
2007-07-25 20:36 17,155,148 -c--a-w c:\program files\LimeWire.rar
2007-06-02 22:20 6,652,812 -c--a-w c:\program files\sld.codec.pack.2.2.exe
2006-10-11 13:24 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_17.21.55.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-12-03 08:04:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_134.dat
- 2008-12-02 16:13:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2008-12-03 08:04:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-09 243072]
"MSMSGS"="c:\progra~1\MESSEN~1\Msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-15 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ares"="c:\program files\Ares\Ares.exe" [2007-12-31 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Johanna\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\MichŠle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-11-13 143360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-11-08 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-15 450560]
Rappels du Calendrier Microsoft Works.lnk - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 53317]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.NSVI"= nsvideo.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michèle^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Michèle\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
--a------ 2008-03-09 10:00 480648 c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muscbrigade]
--a------ 2005-12-22 09:26 40960 c:\musicbrigade\Musicbrigade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slide.exe]
--a------ 2007-06-08 12:47 37760 c:\program files\Slide\Slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 17:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Magentic\\bin\\Magentic_Install.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\Drivers\Achernar.sys [2008-01-24 16855]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-02 56344]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\Drivers\Aldebaran.sys [2008-01-24 21808]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys [2008-01-24 44256]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-15 33752]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\system32\Drivers\resc_dwb.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Michèle\Application Data\Mozilla\Firefox\Profiles\cjjngcnf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT669491&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 19:18:38
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-03 19:20:54
ComboFix-quarantined-files.txt 2008-12-03 18:19:45
ComboFix2.txt 2008-12-03 09:11:41
ComboFix3.txt 2008-12-02 16:23:29

Avant-CF: 184 591 400 960 octets libres
Après-CF: 184,635,150,336 octets libres

243 --- E O F --- 2008-11-17 11:08:37
0
Réponse 17 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
3 déc. 2008 à 19:54
---> Relance MBAM, va dans Quarantaine et supprime tout.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 18 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
4 déc. 2008 à 06:54
Logfile of random's system information tool 1.04 (written by random/random)
Run by Michèle at 2008-12-04 06:50:42
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 176 GB (74%) free of 238 GB
Total RAM: 959 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:51:19, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Michèle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Michèle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michèle\Bureau\RSIT.exe
C:\Program Files\trend micro\Michèle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [FlyAway] (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe (User 'Bernard')
O4 - HKUS\S-1-5-21-2503222481-428756792-2038800543-1007\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User 'Bernard')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2503222481-428756792-2038800543-1007 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Bernard')
O4 - S-1-5-21-2503222481-428756792-2038800543-1007 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Bernard')
O4 - S-1-5-21-2503222481-428756792-2038800543-1007 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Bernard')
O4 - S-1-5-21-2503222481-428756792-2038800543-1007 User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Bernard')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 19 / 76
metoo.59 Messages postés 104 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 1 mai 2014 3
4 déc. 2008 à 06:57
info.txt logfile of random's system information tool 1.04 2008-12-04 06:51:25

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{3AD59E07-5D54-4142-8505-62889FEDFA59}\setup.exe" REMOVEALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\USBToolbox\setup.exe
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BB529C7-855D-11D7-8444-0050BA1D384D}\setup.exe" -l0x40c -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Album photo Microsoft 9-->C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3225}
AnglaisFacile.com - Planet English-->"C:\Program Files\AnglaisFacile.com\Planet English\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
ATI Catalyst Control Center-->MsiExec.exe /I{C4B9F065-85EA-4649-919C-3FE8BF63A299}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belote plus Demo-->MsiExec.exe /X{4495BC1E-64E5-11D7-9EAE-0050FC3A098F}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Christmas PhotoAlbum ScreenSaver-->C:\WINDOWS\3D_Album.scr /u
Christmas Tree Screensaver-->C:\WINDOWS\Christmas Tree Screensaver.scr /u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual Mode Digital Camera Z-->C:\Program Files\InstallShield Installation Information\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}\setup.exe -runfromtemp -l0x040c -removeonly
Ecran de Veille - Mers du Sud-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10667692-82F1-4744-8AD6-7309DD46382E}\SETUP.EXE" -uninst
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EZface ActiveX 207-->C:\PROGRA~1\EZFace\ActiveX\uninst.bat 207 C:\PROGRA~1\EZFace\ActiveX
Favorit-->"c:\documents and settings\michèle\local settings\application data\cuusw.exe" -uninstall
Favorit-->"c:\documents and settings\michèle\local settings\application data\dpdyui.exe" -uninstall
FreeZip-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\freezip.inf,Uninstall
FUJIFILM FinePixViewer S Ver.2.1-->C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Galerie de photos Windows Live (bêta)-->MsiExec.exe /X{B229A0D2-F322-4A30-8E0F-F4AEA3000A14}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Histoire Version 15.2.2-->"C:\Program Files\Histoire\unins000.exe"
HiYo -->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUnInstallLog.log"
HiYo-->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
InterVideo MediaOne Gallery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JLIP VideoCapture3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JLIP VideoCapture3.0\Uninst.isu"
KC Softwares IDPhotoStudio-->"C:\Program Files\KC Softwares\IDPhotoStudio\unins000.exe"
K-Lite Mega Codec Pack 3.8.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2000 Standard-->C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Photo Pro 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0905}
Microsoft Picture It! Express 2001-->MsiExec.exe /I{FB10FE1A-9906-44A1-B8AB-B70B19FEAB58}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2000-->MsiExec.exe /I{A3088CD2-612B-11D3-AF43-00C04F443448}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0.4)-->c:\program files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.6.9-->"C:\Program Files\Navilog1\unins000.exe"
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Netlog Music Tool-->C:\WINDOWS\system32\netlogun.exe
Noel-->C:\Program Files\Noel\uninstall.exe
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PHOTO SLIDE SHOW version 3.1.0-->"C:\Program Files\PSLIDESHOW\unins000.exe"
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerpointImageExtractor-->"C:\Program Files\PowerpointImageExtractor_V1_2\unins000.exe"
Presto! Mr. Photo 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}\SETUP.EXE" -l0x40c
Presto! VideoWorks 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}\SETUP.EXE" -l0x40c anything -removeonly
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Reflex-->C:\WINDOWS\UnGins.exe "C:\Program Files\Reflex\install.log"
River Past Screen Recorder-->C:\WINDOWS\Screen Recorder Uninstaller.exe
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Slide-->C:\WINDOWS\unvise32.exe C:\Program Files\Slide\uninstall.log
Suivi des soins et des remboursements de Santé v1.5-->"C:\Program Files\Emjysoft\sante\unins000.exe"
SweetIM For Internet Explorer 1.0a-->MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0012-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
USB Mass Storage Toolbox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62B002C5-1AB3-11D8-8092-00E018B21FC0}\Setup.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Volumouse-->C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\Volumouse\uninst1~.nsu"
Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
Windows Live Contrôle parental-->MsiExec.exe /X{EE02C20E-E82B-4693-8106-862D6F6DB6E5}
Windows Live Mail-->MsiExec.exe /I{DA0FC90D-5D87-445E-90B4-B938C57FE16F}
Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081203-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0409
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 20 / 76
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 294
4 déc. 2008 à 14:26
"c:\documents and settings\Nouveau dossier\XXX-Ne_pas_oublier_de_beurrer_le_mou.zip
c:\documents and settings\Nouveau dossier\ts xx bon gateau.zip
c:\program files\LimeWire.rar
c:\program files\sld.codec.pack.2.2.exe"

---> Tu connais ces fichiers ?
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Hameçonnage ce soir 499 euros pour abonnement Avast
Colette34 -
Gerper -

2 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Prélèvement dri Avast software
Ml -
dadout -

2 réponses