Trojan/virus help!
Résolu
Togusa
Messages postés
52
Date d'inscription
Statut
Membre
Dernière intervention
-
Togusa Messages postés 52 Date d'inscription Statut Membre Dernière intervention -
Togusa Messages postés 52 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Depuis un bon moment j'ai un pc qui est rempli de virus, trojan, spyware qui lance des pub à chaque fois que j'utilise un navigateur. C'était supportable tant que j'y touchais pas, mais les pubs et les nombreux ralentissements ont eu raison de ma patience (j'utilise ccleaner régulièrement, j'ai antivir et spyware terminator). Alors j'ai décidé de supprimer tout ça une bonne fois pour toute, je suis passé en mode sans echec avec prise en charge réseau, j'ai d'abord effectué un nettoyage avec ccleaner, ensuite un scan en ligne avec bitdefender puis antivir, s'en est suivit un scan avec spybott, et enfin un ultime nettoyage avec ccleaner. Inutile de préciser qu'il y avait beaucoup de fichiers suspects supprimés. Je suis alors revenu au mode normal et là les alertes redondantes d'antivir se déchaînent: tr/cryptxpack.gen avec 3 dll bizarres: fizelugo.dll woyadolu.dll (plus sur de l'orthographe exact pour celui-ci) et ronuruso.dll toutes situées dans le systeme32.
Je suis sous windows xp home sp3 Aidez moi svp!
Depuis un bon moment j'ai un pc qui est rempli de virus, trojan, spyware qui lance des pub à chaque fois que j'utilise un navigateur. C'était supportable tant que j'y touchais pas, mais les pubs et les nombreux ralentissements ont eu raison de ma patience (j'utilise ccleaner régulièrement, j'ai antivir et spyware terminator). Alors j'ai décidé de supprimer tout ça une bonne fois pour toute, je suis passé en mode sans echec avec prise en charge réseau, j'ai d'abord effectué un nettoyage avec ccleaner, ensuite un scan en ligne avec bitdefender puis antivir, s'en est suivit un scan avec spybott, et enfin un ultime nettoyage avec ccleaner. Inutile de préciser qu'il y avait beaucoup de fichiers suspects supprimés. Je suis alors revenu au mode normal et là les alertes redondantes d'antivir se déchaînent: tr/cryptxpack.gen avec 3 dll bizarres: fizelugo.dll woyadolu.dll (plus sur de l'orthographe exact pour celui-ci) et ronuruso.dll toutes situées dans le systeme32.
Je suis sous windows xp home sp3 Aidez moi svp!
A voir également:
- Trojan/virus help!
- Virus mcafee - Accueil - Piratage
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Virus facebook demande d'amis - Accueil - Facebook
- Faux message virus iphone ✓ - Forum Virus
- Undisclosed-recipients virus - Guide
76 réponses
Salut,
Encore une infection Vundo ^^
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
Encore une infection Vundo ^^
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
Merci pour ta réponse, j'ai bien peur de ne pas pouvoir faire ça en mode normal, puisque windows ne s'ouvre même plus correctement: explorer.exe ne s'exécute plus du coup j'ai que le fond d'écran et les alertes qui augmentent quand on y touche. Ma dernière chance est le mode sans échec j'espère que les solutions garderont leur efficacité, si toutefois je parvenais à y accéder pleinement lol. Je précise que j'ecris ce message avec mon pc personnel et non celui qui est infecté.
voici les fichiers texte (je ne pouvais le faire que uniquement en mode sans echec):
info.txt logfile of random's system information tool 1.04 2008-12-13 11:55:50
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x40c -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3f3f
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Beneton Movie GIF 1.1.2-->"C:\Program Files\Beneton Movie GIF\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP150-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x000c
CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart-->MsiExec.exe /I{9AD431FE-B352-4E99-9246-0E68C337DD9E}
ccCommon-->MsiExec.exe /I{9D2DB433-483F-4C3B-B4B1-243DBAB15125}
Code de la Route-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{9A9ED286-6A6F-441D-AF19-C872C5FD0EA2}
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{7054ED85-498D-4D20-906F-14646AEC5581}
Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DiscJuggler-->C:\Program Files\Padus\DiscJuggler\Uninstall.exe
eoEngine 6.3-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Gif Movie Gear 4-->"C:\Program Files\Visicom Media\GifMovieGear 4\uninst-gmg.exe"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2-->C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402-->MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
ItsTV 3.0-->"C:\Program Files\ItsLabel\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Ma-Config.com-->MsiExec.exe /X{D1874C3B-A0A5-446F-B76C-5265F11D8A1A}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3 & Sponsor-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117}
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_wu_fre.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{F396D99B-1FA8-4ED1-A006-B7A5972E06E2}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
PaltalkScene-->"C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC-Doctor pour Windows-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCI Audio Driver-->cmuninst.exe
Photo et imagerie HP 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PPMate Network TV 2.3.1.69-->C:\Program Files\PPMate\uninst.exe
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SC Video Cut and Split 4.2.0.2-->"C:\Program Files\SoftwareClub.ws\SC Video Cut and Split\unins000.exe"
SecondLife (remove only)-->"C:\Documents and Settings\Océa.ane\Mes documents\Mes vidéos\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TreeSize Professional 5.1.1-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
FW: Norton Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
*******************************************************************
Ainsi que l'autre:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-12-13 11:55:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 9 GB (5%) free of 186 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:45, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
K:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {bb3f132e-11de-4927-ab33-d8e719d50299} - C:\WINDOWS\system32\fizelugo.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\VGA DRAW.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [savurupodu] Rundll32.exe "C:\WINDOWS\system32\labesina.dll",s
O4 - HKLM\..\Run: [24318522] rundll32.exe "C:\WINDOWS\system32\puderoye.dll",b
O4 - HKLM\..\Run: [CPM2702b6be] Rundll32.exe "c:\windows\system32\tedegeru.dll",a
O4 - HKCU\..\RunOnce: [SpybotDeletingB75] command /c del "c:\windows\system32\muyipeve.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1702] cmd /c del "c:\windows\system32\muyipeve.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2651] command /c del "c:\windows\system32\mikolobe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9246] cmd /c del "c:\windows\system32\mikolobe.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\feyiloto.dll C:\WINDOWS\system32\ronuruso.dll C:\WINDOWS\system32\fizelugo.dll c:\windows\system32\mikolobe.dll c:\windows\system32\muyipeve.dll c:\windows\system32\hagijipa.dll C:\WINDOWS\system32\woyadolu.dll c:\windows\system32\tedegeru.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hagijipa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hagijipa.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
info.txt logfile of random's system information tool 1.04 2008-12-13 11:55:50
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x40c -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3f3f
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Beneton Movie GIF 1.1.2-->"C:\Program Files\Beneton Movie GIF\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP150-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x000c
CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart-->MsiExec.exe /I{9AD431FE-B352-4E99-9246-0E68C337DD9E}
ccCommon-->MsiExec.exe /I{9D2DB433-483F-4C3B-B4B1-243DBAB15125}
Code de la Route-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{9A9ED286-6A6F-441D-AF19-C872C5FD0EA2}
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{7054ED85-498D-4D20-906F-14646AEC5581}
Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DiscJuggler-->C:\Program Files\Padus\DiscJuggler\Uninstall.exe
eoEngine 6.3-->"C:\Program Files\EoRezo\unins000.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Gif Movie Gear 4-->"C:\Program Files\Visicom Media\GifMovieGear 4\uninst-gmg.exe"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2-->C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402-->MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
ItsTV 3.0-->"C:\Program Files\ItsLabel\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Ma-Config.com-->MsiExec.exe /X{D1874C3B-A0A5-446F-B76C-5265F11D8A1A}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3 & Sponsor-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{E6BAE954-487E-488B-BC4E-2E69E54E8117}
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_wu_fre.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{F396D99B-1FA8-4ED1-A006-B7A5972E06E2}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
PaltalkScene-->"C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC-Doctor pour Windows-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCI Audio Driver-->cmuninst.exe
Photo et imagerie HP 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PPMate Network TV 2.3.1.69-->C:\Program Files\PPMate\uninst.exe
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SC Video Cut and Split 4.2.0.2-->"C:\Program Files\SoftwareClub.ws\SC Video Cut and Split\unins000.exe"
SecondLife (remove only)-->"C:\Documents and Settings\Océa.ane\Mes documents\Mes vidéos\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d'installation de Microsoft Works 2004-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TreeSize Professional 5.1.1-->"C:\Program Files\JAM Software\TreeSize Professional\unins000.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
FW: Norton Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
*******************************************************************
Ainsi que l'autre:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-12-13 11:55:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 9 GB (5%) free of 186 GB
Total RAM: 511 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:45, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
K:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {bb3f132e-11de-4927-ab33-d8e719d50299} - C:\WINDOWS\system32\fizelugo.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\VGA DRAW.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [savurupodu] Rundll32.exe "C:\WINDOWS\system32\labesina.dll",s
O4 - HKLM\..\Run: [24318522] rundll32.exe "C:\WINDOWS\system32\puderoye.dll",b
O4 - HKLM\..\Run: [CPM2702b6be] Rundll32.exe "c:\windows\system32\tedegeru.dll",a
O4 - HKCU\..\RunOnce: [SpybotDeletingB75] command /c del "c:\windows\system32\muyipeve.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1702] cmd /c del "c:\windows\system32\muyipeve.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2651] command /c del "c:\windows\system32\mikolobe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9246] cmd /c del "c:\windows\system32\mikolobe.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\feyiloto.dll C:\WINDOWS\system32\ronuruso.dll C:\WINDOWS\system32\fizelugo.dll c:\windows\system32\mikolobe.dll c:\windows\system32\muyipeve.dll c:\windows\system32\hagijipa.dll C:\WINDOWS\system32\woyadolu.dll c:\windows\system32\tedegeru.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hagijipa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hagijipa.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
1/
---> Désinstalle les programmes suivants :
- Crawler Toolbar with Web Security Guard
- eoEngine 6.3
- SweetIM for Messenger 2.6
- SweetIM Toolbar for Internet Explorer 3.3
2/
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
---> Désinstalle les programmes suivants :
- Crawler Toolbar with Web Security Guard
- eoEngine 6.3
- SweetIM for Messenger 2.6
- SweetIM Toolbar for Internet Explorer 3.3
2/
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci, je vais faire ça de suite mais que veux tu dire par installer la console de récupération? C'est déjà installé en principe, enfin je crois :s , je l'ai vu en option dans le bios en tout cas donc c'est que c'est disponible (j'espère).
Impossible de desinstallé en mode sans echec pour les sweet >< je le fais en dur tantpis puisque il n'y a pas d'autre moyen et en mode normal les alertes ne me laissent rien faire
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
voilà le rapport:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1497
Windows 5.1.2600 Service Pack 3
13/12/2008 21:58:47
mbam-log-2008-12-13 (21-58-47).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 298967
Temps écoulé: 1 hour(s), 34 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 46
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ronuruso.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fizelugo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lepefihi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rirupage.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb3f132e-11de-4927-ab33-d8e719d50299} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb3f132e-11de-4927-ab33-d8e719d50299} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\savurupodu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2702b6be (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24318522 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bend logo clock film (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\ronuruso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ronuruso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\ronuruso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\woyadolu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\woyadolu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\woyadolu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fizelugo.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fizelugo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ronuruso.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP209\A0120709.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0122720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0122721.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0122722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0123704.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0125768.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0125769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126882.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126884.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126885.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126962.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0129920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0129921.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bajibuli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\demibigi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\durifesu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feyiloto.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fisalunu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiyobubi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gajukilu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hagijipa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kogetagi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lejivaya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lepefihi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lubujoko.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luruwono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyeyihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\migirega.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nilimuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\penonoge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puwisuro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rirupage.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sabafiru.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tedegeru.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vajarusu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisegava.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ziluyuda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\DOG MULTI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\VGA DRAW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
***********************************************************************************
A la fin il y a une fenêtre qui s'est ouverte avec les fichiers qui n'ont pas pu être supprimé et qui le seront au redémarrage, donc je vais redémarrer en espérant pouvoir supprimer ces fichiers en mode sans echec.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1497
Windows 5.1.2600 Service Pack 3
13/12/2008 21:58:47
mbam-log-2008-12-13 (21-58-47).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 298967
Temps écoulé: 1 hour(s), 34 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 46
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ronuruso.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fizelugo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lepefihi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rirupage.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb3f132e-11de-4927-ab33-d8e719d50299} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb3f132e-11de-4927-ab33-d8e719d50299} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\savurupodu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2702b6be (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24318522 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bend logo clock film (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\ronuruso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ronuruso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\ronuruso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\woyadolu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\woyadolu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\woyadolu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fizelugo.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\fizelugo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ronuruso.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\woyadolu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP209\A0120709.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0122720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0122721.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0122722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0123704.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0125768.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0125769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126882.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126884.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126885.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0126962.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0129920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0129921.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bajibuli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\demibigi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\durifesu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feyiloto.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fisalunu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiyobubi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gajukilu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hagijipa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kogetagi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lejivaya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lepefihi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lubujoko.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luruwono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyeyihi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\migirega.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nilimuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\penonoge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puwisuro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rirupage.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sabafiru.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tedegeru.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vajarusu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisegava.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ziluyuda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\DOG MULTI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\VGA DRAW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
***********************************************************************************
A la fin il y a une fenêtre qui s'est ouverte avec les fichiers qui n'ont pas pu être supprimé et qui le seront au redémarrage, donc je vais redémarrer en espérant pouvoir supprimer ces fichiers en mode sans echec.
Comme j'étais persuadé d'avoir recours à la console de récupération après combofix (lol) j'ai effectué un nouveau scan avec anti malwares en mode normal et c'est sur le pc "infecté" que je poste actuellement, il y avait encore 18 fichiers suspects. Aussi j'arrive pas du tout à désinstaller sweetIM toolbar, alors que l'autre s'est désinstallé tranquillement. Voilà le rapport du scan avec malwarebytes:
Malwarebytes' Anti-Malware 1.31
Database version: 1497
Windows 5.1.2600 Service Pack 3
14/12/2008 15:26:38
mbam-log-2008-12-14 (15-26-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 297798
Time elapsed: 2 hour(s), 45 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bend logo clock film (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
*******************************************************************************************
Est-ce que je dois utiliser combofix? Je précise que les alertes redondantes sont belles et bien parties (MERCIIIIIIII BCP !!! XD)
Malwarebytes' Anti-Malware 1.31
Database version: 1497
Windows 5.1.2600 Service Pack 3
14/12/2008 15:26:38
mbam-log-2008-12-14 (15-26-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 297798
Time elapsed: 2 hour(s), 45 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bend logo clock film (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131128.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131131.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP210\A0131148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
*******************************************************************************************
Est-ce que je dois utiliser combofix? Je précise que les alertes redondantes sont belles et bien parties (MERCIIIIIIII BCP !!! XD)
voilà le rapport de combofix:
ComboFix 08-12-14.01 - HP_Propriétaire 2008-12-14 18:49:48.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.260 [GMT 1:00]
LancÚ depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a ÚtÚ crÚÚ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ReinEGwadA\Application Data\HbTools
c:\documents and settings\ReinEGwadA\Application Data\HbTools\HbTools.log
c:\windows\pack.epk
c:\windows\system32\egapurir.ini
c:\windows\system32\nujamizi.dll
c:\windows\system32\viveveno.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.
2008-12-13 22:07 . 2008-12-13 22:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-13 20:18 . 2008-12-13 20:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 20:18 . 2008-12-13 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 20:18 . 2008-12-13 20:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-13 20:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 20:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 19:06 . 2008-12-13 19:06 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Simply Super Software
2008-12-13 19:01 . 2008-12-13 19:01 <REP> d-------- c:\documents and settings\Administrateur\Application Data\EoRezo
2008-12-13 18:44 . 2008-12-13 19:10 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 18:43 . 2008-12-13 18:43 <REP> d-------- c:\program files\Trojan Remover
2008-12-13 18:43 . 2008-12-13 18:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-13 18:43 . 2008-12-13 18:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Simply Super Software
2008-12-13 18:43 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-12-13 18:43 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-12-13 18:43 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-12-13 18:43 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-12-13 18:43 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-12-13 16:26 . 2008-12-13 16:31 <REP> d-------- c:\program files\EsetOnlineScanner
2008-12-13 15:21 . 2008-12-13 15:28 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Spyware Terminator
2008-12-13 14:53 . 2008-12-13 14:53 0 --a------ c:\documents and settings\Administrateur\Application Data\wklnhst.dat
2008-12-13 14:15 . 2008-12-13 14:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX
2008-12-13 11:55 . 2008-12-13 11:55 <REP> d-------- C:\rsit
2008-12-12 20:02 . 2004-01-02 00:45 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2008-12-12 20:02 . 2004-01-01 21:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-12 20:02 . 2004-01-01 21:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-12 20:02 . 2008-05-18 04:28 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-12 20:02 . 2008-12-13 21:59 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-12-12 20:02 . 2008-05-18 04:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-12 20:02 . 2008-05-17 19:47 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-12-12 20:02 . 2008-12-13 20:16 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-12 20:02 . 2004-01-02 04:04 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2008-12-12 20:02 . 2004-01-02 01:12 <REP> d-------- c:\documents and settings\Administrateur\Application Data\SampleView
2008-12-12 20:02 . 2004-01-02 00:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intervideo
2008-12-12 20:02 . 2004-01-02 00:45 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-12-12 20:02 . 2008-12-13 18:48 <REP> d-------- c:\documents and settings\Administrateur
2008-12-07 10:51 . 2008-12-07 10:51 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:06 . 2008-11-23 11:06 <REP> d-------- c:\program files\Ooze Debug Mix
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 14:44 --------- d-----w c:\program files\Rockstar Games
2008-12-14 14:44 --------- d-----w c:\program files\Atari
2008-12-14 14:37 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-14 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-12-14 11:10 --------- d-----w c:\program files\Spyware Terminator
2008-12-14 11:10 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Spyware Terminator
2008-12-13 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-13 18:01 --------- d-----w c:\program files\EoRezo
2008-12-13 18:01 --------- d-----w c:\program files\Crawler
2008-12-12 22:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-12 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 19:59 --------- d-----w c:\program files\mIRC
2008-12-12 19:52 --------- d-----w c:\program files\Circle Developement
2008-12-12 19:25 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ooze Debug Mix
2008-12-12 12:11 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\EoRezo
2008-12-11 06:18 --------- d-----w c:\documents and settings\Océa.ane\Application Data\EoRezo
2008-12-11 05:39 --------- d-----w c:\documents and settings\Océa.ane\Application Data\Spyware Terminator
2008-12-07 09:51 --------- d-----w c:\program files\iTunes
2008-12-07 09:51 --------- d-----w c:\program files\iPod
2008-12-07 09:51 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-07 09:48 --------- d-----w c:\program files\QuickTime
2008-11-16 10:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-14 20:26 --------- d-----w c:\program files\Easy Internet signup
2008-11-02 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2008-11-02 09:21 --------- d-----w c:\program files\KONAMI
2008-10-29 09:35 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 17:46 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2008-10-18 08:24 --------- d-----w c:\program files\Shareaza
2008-10-02 12:45 330 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2007-08-20 00:18 1,140,304 -c--a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2007-02-18 12:10 54 -c--a-w c:\program files\delir.gio
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2008-05-17 08:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-09 1817600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-25 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-12-10 1230728]
"Alcmtr"="ALCMTR.EXE" [2004-07-03 c:\windows\ALCMTR.EXE]
c:\documents and settings\Shou—k'\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-02-03 23:36 70760 c:\program files\Fichiers communs\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a------ 2004-04-07 12:38 124016 c:\program files\Fichiers communs\Symantec Shared\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-12 03:02 61440 c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2004-04-07 12:38 124016 c:\program files\Fichiers communs\Symantec Shared\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 17:41 1232896 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 11:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-15 03:43 233472 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
--a------ 2008-10-01 11:00 5723136 c:\program files\Shareaza\Shareaza.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-17 03:42 218240 c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 17:00 1818624 c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-02 01:58 73728 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\PPMate\\ppamnet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-09 141312]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-05-30 576680]
S3 QCAbsee;QuickCam Web Logitech (0801);c:\windows\system32\DRIVERS\OVCA.sys [2008-05-18 25088]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6da0a9bb-6d00-11dd-9ee1-00112f78332b}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c242e4d5-2698-11dd-9e6c-00112f78332b}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3b21859-7907-11dd-9ef0-00112f78332b}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-14 c:\windows\Tasks\AF511EF4918A9090.job
- c:\docume~1\hp_pro~1\applic~1\oozede~1\Longfirstroad.exe []
2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-14 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-06-22 04:19]
2004-01-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-09-10 03:39]
2008-12-14 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
BHO-{bb3f132e-11de-4927-ab33-d8e719d50299} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
MSConfigStartUp-bend logo clock film - c:\documents and settings\All Users\Application Data\Frag great bend logo\knob online.exe
MSConfigStartUp-EoEngine - c:\program files\EoRezo\EoEngine.exe
MSConfigStartUp-ItsTV - c:\program files\ItsLabel\ItsTV.exe
MSConfigStartUp-Memotick - c:\docume~1\HP_PRO~1\APPLIC~1\OOZEDE~1\Burn Bags Sixth.exe
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://lo.st
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: Crawler Search - tbr:iemenu
IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk -
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 19:00:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
.
**************************************************************************
.
Heure de fin: 2008-12-14 19:06:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-14 18:06:02
Avant-CF: 21 555 421 184 octets libres
Après-CF: 22,893,846,528 octets libres
301 --- E O F --- 2008-11-13 08:41:13
*****************************************************************************************
Par contre j'ai oublié de stopper le lancement au démarrage des anti virus spyware etc donc quand combofix préparait le rapport ils se sont tous ouverts mais je n'ai rien touché comme le demandait la fenêtre, j'espère qu'il n'y a pas eu de problème à ce niveau là.
ComboFix 08-12-14.01 - HP_Propriétaire 2008-12-14 18:49:48.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.260 [GMT 1:00]
LancÚ depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a ÚtÚ crÚÚ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ReinEGwadA\Application Data\HbTools
c:\documents and settings\ReinEGwadA\Application Data\HbTools\HbTools.log
c:\windows\pack.epk
c:\windows\system32\egapurir.ini
c:\windows\system32\nujamizi.dll
c:\windows\system32\viveveno.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.
2008-12-13 22:07 . 2008-12-13 22:07 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-13 20:18 . 2008-12-13 20:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 20:18 . 2008-12-13 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 20:18 . 2008-12-13 20:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-13 20:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 20:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 19:06 . 2008-12-13 19:06 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Simply Super Software
2008-12-13 19:01 . 2008-12-13 19:01 <REP> d-------- c:\documents and settings\Administrateur\Application Data\EoRezo
2008-12-13 18:44 . 2008-12-13 19:10 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 18:43 . 2008-12-13 18:43 <REP> d-------- c:\program files\Trojan Remover
2008-12-13 18:43 . 2008-12-13 18:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-13 18:43 . 2008-12-13 18:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Simply Super Software
2008-12-13 18:43 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-12-13 18:43 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-12-13 18:43 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-12-13 18:43 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-12-13 18:43 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-12-13 16:26 . 2008-12-13 16:31 <REP> d-------- c:\program files\EsetOnlineScanner
2008-12-13 15:21 . 2008-12-13 15:28 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Spyware Terminator
2008-12-13 14:53 . 2008-12-13 14:53 0 --a------ c:\documents and settings\Administrateur\Application Data\wklnhst.dat
2008-12-13 14:15 . 2008-12-13 14:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX
2008-12-13 11:55 . 2008-12-13 11:55 <REP> d-------- C:\rsit
2008-12-12 20:02 . 2004-01-02 00:45 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2008-12-12 20:02 . 2004-01-01 21:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-12 20:02 . 2004-01-01 21:59 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-12 20:02 . 2008-05-18 04:28 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-12 20:02 . 2008-12-13 21:59 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-12-12 20:02 . 2008-05-18 04:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-12 20:02 . 2008-05-17 19:47 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-12-12 20:02 . 2008-12-13 20:16 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-12 20:02 . 2004-01-02 04:04 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2008-12-12 20:02 . 2004-01-02 01:12 <REP> d-------- c:\documents and settings\Administrateur\Application Data\SampleView
2008-12-12 20:02 . 2004-01-02 00:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intervideo
2008-12-12 20:02 . 2004-01-02 00:45 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-12-12 20:02 . 2008-12-13 18:48 <REP> d-------- c:\documents and settings\Administrateur
2008-12-07 10:51 . 2008-12-07 10:51 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 11:06 . 2008-11-23 11:06 <REP> d-------- c:\program files\Ooze Debug Mix
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 14:44 --------- d-----w c:\program files\Rockstar Games
2008-12-14 14:44 --------- d-----w c:\program files\Atari
2008-12-14 14:37 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-14 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-12-14 11:10 --------- d-----w c:\program files\Spyware Terminator
2008-12-14 11:10 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Spyware Terminator
2008-12-13 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-13 18:01 --------- d-----w c:\program files\EoRezo
2008-12-13 18:01 --------- d-----w c:\program files\Crawler
2008-12-12 22:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-12 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 19:59 --------- d-----w c:\program files\mIRC
2008-12-12 19:52 --------- d-----w c:\program files\Circle Developement
2008-12-12 19:25 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Ooze Debug Mix
2008-12-12 12:11 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\EoRezo
2008-12-11 06:18 --------- d-----w c:\documents and settings\Océa.ane\Application Data\EoRezo
2008-12-11 05:39 --------- d-----w c:\documents and settings\Océa.ane\Application Data\Spyware Terminator
2008-12-07 09:51 --------- d-----w c:\program files\iTunes
2008-12-07 09:51 --------- d-----w c:\program files\iPod
2008-12-07 09:51 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-07 09:48 --------- d-----w c:\program files\QuickTime
2008-11-16 10:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-14 20:26 --------- d-----w c:\program files\Easy Internet signup
2008-11-02 09:36 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2008-11-02 09:21 --------- d-----w c:\program files\KONAMI
2008-10-29 09:35 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 17:46 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Apple Computer
2008-10-18 08:24 --------- d-----w c:\program files\Shareaza
2008-10-02 12:45 330 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2007-08-20 00:18 1,140,304 -c--a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2007-02-18 12:10 54 -c--a-w c:\program files\delir.gio
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2008-05-17 08:46 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-09 1817600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-25 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-12-10 1230728]
"Alcmtr"="ALCMTR.EXE" [2004-07-03 c:\windows\ALCMTR.EXE]
c:\documents and settings\Shou—k'\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-02-03 23:36 70760 c:\program files\Fichiers communs\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a------ 2004-04-07 12:38 124016 c:\program files\Fichiers communs\Symantec Shared\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-12 03:02 61440 c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2004-04-07 12:38 124016 c:\program files\Fichiers communs\Symantec Shared\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 17:41 1232896 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 11:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-15 03:43 233472 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
--a------ 2008-10-01 11:00 5723136 c:\program files\Shareaza\Shareaza.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-17 03:42 218240 c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 17:00 1818624 c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-02 01:58 73728 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\PPMate\\ppamnet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-09 141312]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-05-30 576680]
S3 QCAbsee;QuickCam Web Logitech (0801);c:\windows\system32\DRIVERS\OVCA.sys [2008-05-18 25088]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6da0a9bb-6d00-11dd-9ee1-00112f78332b}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c242e4d5-2698-11dd-9e6c-00112f78332b}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3b21859-7907-11dd-9ef0-00112f78332b}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-14 c:\windows\Tasks\AF511EF4918A9090.job
- c:\docume~1\hp_pro~1\applic~1\oozede~1\Longfirstroad.exe []
2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-14 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-06-22 04:19]
2004-01-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-09-10 03:39]
2008-12-14 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
BHO-{bb3f132e-11de-4927-ab33-d8e719d50299} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
MSConfigStartUp-bend logo clock film - c:\documents and settings\All Users\Application Data\Frag great bend logo\knob online.exe
MSConfigStartUp-EoEngine - c:\program files\EoRezo\EoEngine.exe
MSConfigStartUp-ItsTV - c:\program files\ItsLabel\ItsTV.exe
MSConfigStartUp-Memotick - c:\docume~1\HP_PRO~1\APPLIC~1\OOZEDE~1\Burn Bags Sixth.exe
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://lo.st
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: Crawler Search - tbr:iemenu
IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk -
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 19:00:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
.
**************************************************************************
.
Heure de fin: 2008-12-14 19:06:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-14 18:06:02
Avant-CF: 21 555 421 184 octets libres
Après-CF: 22,893,846,528 octets libres
301 --- E O F --- 2008-11-13 08:41:13
*****************************************************************************************
Par contre j'ai oublié de stopper le lancement au démarrage des anti virus spyware etc donc quand combofix préparait le rapport ils se sont tous ouverts mais je n'ai rien touché comme le demandait la fenêtre, j'espère qu'il n'y a pas eu de problème à ce niveau là.
Pas mal d'infections encore.
---> Désinstalle EoEngine.
● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
---> Désinstalle EoEngine.
● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Voilà le rapport, j'arrive toujours pas à désinstallé sweetim et eorezo :
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
# START at: 9:32:36 | Lun 15/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-641695C7437 | USER: HP_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 37 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[14/12/2008 21:30|d--------] C:\PROGRA~1\EoRezo
[13/12/2008 19:01|d--------] C:\PROGRA~1\EoRezo\EoAdv
[14/09/2008 11:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.OLD
[31/05/2008 18:43|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.187
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.999
[12/12/2008 13:11|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\cmhost.cyp
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\CONFME~1.CYP
[18/09/2008 09:06|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\db
[18/09/2008 22:07|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1
[02/12/2008 16:30|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\eoStats
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1
[17/05/2008 19:04|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1.CFG
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\host.cyp
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\user.cyp
[18/09/2008 09:06|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\db\cat.cyp
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1\config.xml
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[12/12/2008 13:13|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\eoStats\eoStats.txt
[17/05/2008 18:54|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\EOWEAT~1.CFG
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\images
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\67_day.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\67_night.png
[21/08/2006 12:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\69_day.png
[21/08/2006 12:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\69_night.png
[13/07/2005 15:04|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\70_day.png
[13/07/2005 15:04|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\70_night.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\78_day.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\78_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\82_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\82_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\83_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\83_night.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\84_day.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\84_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\85_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\85_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\89_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\89_night.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\back.png
[30/10/2006 11:31|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BA24E2~1.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~4.PNG
[24/10/2006 09:58|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~3.PNG
[27/09/2006 13:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~1.PNG
[27/09/2006 13:57|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~2.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKPR~1.PNG
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\band.png
[30/06/2005 09:14|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BAND_S~1.PNG
[10/07/2006 11:38|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\close.png
[10/07/2006 11:37|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\CLOSEP~1.PNG
[23/10/2006 10:32|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\DAYPRE~2.PNG
[23/10/2006 10:33|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\DAYPRE~1.PNG
[25/10/2006 10:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\earth.png
[04/10/2006 10:21|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\FONDS_~1.PNG
[10/07/2006 11:50|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\help.png
[10/07/2006 11:49|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\HELPPR~1.PNG
[10/07/2006 11:24|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\minimise.png
[10/07/2006 11:23|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\MINIMI~1.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\next.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\NEXTPR~1.PNG
[31/10/2006 11:45|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\option.png
[31/10/2006 11:45|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\OPTION~1.PNG
[02/10/2006 17:36|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\REFLET~1.PNG
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\SMALL_~1.PNG
[06/11/2006 10:05|--ahs----] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\Thumbs.db
[30/10/2006 12:05|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\67_day.png
[30/10/2006 12:05|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\67_night.png
[02/10/2006 16:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\69_day.png
[02/10/2006 14:12|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\69_night.png
[06/11/2006 15:18|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\70_day.png
[06/11/2006 15:19|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\70_night.png
[02/10/2006 16:00|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\78_day.png
[02/10/2006 16:00|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\78_night.png
[02/10/2006 15:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\82_day.png
[02/10/2006 15:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\82_night.png
[02/10/2006 15:58|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\83_day.png
[02/10/2006 15:57|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\83_night.png
[02/10/2006 15:54|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\84_day.png
[02/10/2006 15:56|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\84_night.png
[02/10/2006 13:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\85_day.png
[02/10/2006 14:12|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\85_night.png
[02/10/2006 15:56|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\89_day.png
[02/10/2006 15:56|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\89_night.png
[10/01/2007 10:33|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\about.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\back.png
[06/11/2006 12:37|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~4.PNG
[06/11/2006 12:38|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BADB1B~1.PNG
[24/10/2006 09:58|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~3.PNG
[27/09/2006 13:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~1.PNG
[27/09/2006 13:57|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~2.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKPR~1.PNG
[10/07/2006 11:38|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\close.png
[10/07/2006 11:37|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\CLOSEP~1.PNG
[23/10/2006 10:32|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\DAYPRE~2.PNG
[23/10/2006 10:33|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\DAYPRE~1.PNG
[25/10/2006 10:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\earth.png
[04/10/2006 10:21|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\FONDS_~1.PNG
[10/07/2006 11:50|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\help.png
[10/07/2006 11:49|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\HELPPR~1.PNG
[10/07/2006 11:24|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\minimise.png
[10/07/2006 11:23|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\MINIMI~1.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\next.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\NEXTPR~1.PNG
[06/11/2006 12:46|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\option.png
[31/10/2006 11:45|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\OPTION~1.PNG
[02/10/2006 17:36|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\REFLET~1.PNG
[10/01/2007 10:33|--ahs----] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\Thumbs.db
[12/07/2005 13:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\TXT_14~1.PNG
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| Messenger Skinner Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[12/07/2008 00:44|d--------] C:\PROGRA~1\MACROG~1
[02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 01:23|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SWEETI~1
[02/11/2008 01:23|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SWEETI~1\logs
[14/12/2008 15:31|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[02/11/2008 00:55|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[02/11/2008 00:55|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[02/11/2008 00:56|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[30/11/2008 21:33|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[12/12/2008 17:31|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\7mqrmerd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0 ~~~~
Start Page : "http://www.lo.st"
+----------+
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
Alcmtr REG_SZ ALCMTR.EXE
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://lo.st
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-15.12.2008.log" (~18324 bytes)
# END at: 9:33:03 | 15/12/2008 - Time elapsed: 27.0 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 239 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
# START at: 9:32:36 | Lun 15/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-641695C7437 | USER: HP_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 37 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[14/12/2008 21:30|d--------] C:\PROGRA~1\EoRezo
[13/12/2008 19:01|d--------] C:\PROGRA~1\EoRezo\EoAdv
[14/09/2008 11:20|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.OLD
[31/05/2008 18:43|d--------] C:\PROGRA~1\EoRezo\EoAdv\tmp
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.187
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\tmp\EOREZO~1.999
[12/12/2008 13:11|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\cmhost.cyp
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\CONFME~1.CYP
[18/09/2008 09:06|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\db
[18/09/2008 22:07|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1
[02/12/2008 16:30|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\eoStats
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1
[17/05/2008 19:04|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1.CFG
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\host.cyp
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\user.cyp
[18/09/2008 09:06|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\db\cat.cyp
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1\config.xml
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[18/09/2008 22:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[12/12/2008 13:13|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\eoStats\eoStats.txt
[17/05/2008 18:54|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\EOWEAT~1.CFG
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\images
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2
[12/03/2008 20:40|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\67_day.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\67_night.png
[21/08/2006 12:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\69_day.png
[21/08/2006 12:07|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\69_night.png
[13/07/2005 15:04|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\70_day.png
[13/07/2005 15:04|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\70_night.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\78_day.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\78_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\82_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\82_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\83_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\83_night.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\84_day.png
[30/06/2005 13:40|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\84_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\85_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\85_night.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\89_day.png
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\89_night.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\back.png
[30/10/2006 11:31|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BA24E2~1.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~4.PNG
[24/10/2006 09:58|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~3.PNG
[27/09/2006 13:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~1.PNG
[27/09/2006 13:57|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKGR~2.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BACKPR~1.PNG
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\band.png
[30/06/2005 09:14|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\BAND_S~1.PNG
[10/07/2006 11:38|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\close.png
[10/07/2006 11:37|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\CLOSEP~1.PNG
[23/10/2006 10:32|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\DAYPRE~2.PNG
[23/10/2006 10:33|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\DAYPRE~1.PNG
[25/10/2006 10:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\earth.png
[04/10/2006 10:21|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\FONDS_~1.PNG
[10/07/2006 11:50|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\help.png
[10/07/2006 11:49|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\HELPPR~1.PNG
[10/07/2006 11:24|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\minimise.png
[10/07/2006 11:23|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\MINIMI~1.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\next.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\NEXTPR~1.PNG
[31/10/2006 11:45|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\option.png
[31/10/2006 11:45|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\OPTION~1.PNG
[02/10/2006 17:36|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\REFLET~1.PNG
[18/05/2006 13:20|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\SMALL_~1.PNG
[06/11/2006 10:05|--ahs----] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~2\Thumbs.db
[30/10/2006 12:05|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\67_day.png
[30/10/2006 12:05|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\67_night.png
[02/10/2006 16:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\69_day.png
[02/10/2006 14:12|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\69_night.png
[06/11/2006 15:18|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\70_day.png
[06/11/2006 15:19|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\70_night.png
[02/10/2006 16:00|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\78_day.png
[02/10/2006 16:00|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\78_night.png
[02/10/2006 15:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\82_day.png
[02/10/2006 15:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\82_night.png
[02/10/2006 15:58|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\83_day.png
[02/10/2006 15:57|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\83_night.png
[02/10/2006 15:54|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\84_day.png
[02/10/2006 15:56|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\84_night.png
[02/10/2006 13:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\85_day.png
[02/10/2006 14:12|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\85_night.png
[02/10/2006 15:56|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\89_day.png
[02/10/2006 15:56|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\89_night.png
[10/01/2007 10:33|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\about.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\back.png
[06/11/2006 12:37|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~4.PNG
[06/11/2006 12:38|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BADB1B~1.PNG
[24/10/2006 09:58|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~3.PNG
[27/09/2006 13:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~1.PNG
[27/09/2006 13:57|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKGR~2.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\BACKPR~1.PNG
[10/07/2006 11:38|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\close.png
[10/07/2006 11:37|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\CLOSEP~1.PNG
[23/10/2006 10:32|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\DAYPRE~2.PNG
[23/10/2006 10:33|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\DAYPRE~1.PNG
[25/10/2006 10:59|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\earth.png
[04/10/2006 10:21|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\FONDS_~1.PNG
[10/07/2006 11:50|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\help.png
[10/07/2006 11:49|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\HELPPR~1.PNG
[10/07/2006 11:24|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\minimise.png
[10/07/2006 11:23|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\MINIMI~1.PNG
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\next.png
[30/10/2006 10:01|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\NEXTPR~1.PNG
[06/11/2006 12:46|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\option.png
[31/10/2006 11:45|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\OPTION~1.PNG
[02/10/2006 17:36|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\REFLET~1.PNG
[10/01/2007 10:33|--ahs----] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\Thumbs.db
[12/07/2005 13:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\EoRezo\EOWEAT~1\IMAGES~1\TXT_14~1.PNG
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| Messenger Skinner Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[12/07/2008 00:44|d--------] C:\PROGRA~1\MACROG~1
[02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 01:23|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SWEETI~1
[02/11/2008 01:23|d--------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SWEETI~1\logs
[14/12/2008 15:31|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[02/11/2008 00:55|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[02/11/2008 00:55|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[02/11/2008 00:56|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[30/11/2008 21:33|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[12/12/2008 17:31|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\7mqrmerd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0 ~~~~
Start Page : "http://www.lo.st"
+----------+
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
Alcmtr REG_SZ ALCMTR.EXE
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://lo.st
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-15.12.2008.log" (~18324 bytes)
# END at: 9:33:03 | 15/12/2008 - Time elapsed: 27.0 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 239 lines ]
+---------------------------------------------------------------------------+
"Voilà le rapport, j'arrive toujours pas à désinstallé sweetim et eorezo"
---> D'où l'utilisation d'AD-Remover.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
● Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG
Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)
● Puis choisis S, le programme va travailler.
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
---> D'où l'utilisation d'AD-Remover.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
● Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
● Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG
Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)
● Puis choisis S, le programme va travailler.
● Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
C'est encore infecté je crois, la page d'accueil c'est toujours: "lo.st" ><
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
Messenger Skinner
Sweetim
******************
# START at: 17:32:30 | Lun 15/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-641695C7437 | USER: HP_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 34 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[14/12/2008 21:30|d--------] C:\Program Files\EoRezo
[12/12/2008 13:11|d--------] C:\Documents and Settings\HP_Propri‚taire\Application Data\EoRezo
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| Messenger Skinner Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[12/07/2008 00:44|d--------] C:\Program Files\Macrogaming
/!\ NOT DELETED - [02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 01:23|d--------] C:\Documents and Settings\HP_Propri‚taire\Application Data\Mozilla\Firefox\Profiles\7mqrmerd.default\SweetIMToolbarData
[14/12/2008 15:31|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\7mqrmerd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0 ~~~~
Start Page : "http://www.lo.st"
+----------+
+--[HKEY_CURRENT_USER\..\Run]
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
Alcmtr REG_SZ ALCMTR.EXE
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-15.12.2008.log" (~7747 bytes)
- "C:\AD-report-Scan-15.12.2008.log" (~18660 bytes)
# END at: 17:38:04 | 15/12/2008 - Time elapsed: 5 minutes, 33 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 129 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
Messenger Skinner
Sweetim
******************
# START at: 17:32:30 | Lun 15/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-641695C7437 | USER: HP_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
# Internet Explorer v6.0.2900.5512
--------- [ RUNNING PROCESSES: 34 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
.
+-----------------------| Eorezo Elements Deleted :
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[14/12/2008 21:30|d--------] C:\Program Files\EoRezo
[12/12/2008 13:11|d--------] C:\Documents and Settings\HP_Propri‚taire\Application Data\EoRezo
+-----------------------| Everest Poker Elements Deleted :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
+-----------------------| Messenger Skinner Elements Deleted :
.
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[12/07/2008 00:44|d--------] C:\Program Files\Macrogaming
/!\ NOT DELETED - [02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 00:55|--a------] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Mozilla\Firefox\Profiles\7MQRME~1.DEF\SEARCH~1\sweetim.xml
[02/11/2008 01:23|d--------] C:\Documents and Settings\HP_Propri‚taire\Application Data\Mozilla\Firefox\Profiles\7mqrmerd.default\SweetIMToolbarData
[14/12/2008 15:31|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\7mqrmerd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0 ~~~~
Start Page : "http://www.lo.st"
+----------+
+--[HKEY_CURRENT_USER\..\Run]
TomTomHOME.exe REG_SZ "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
Alcmtr REG_SZ ALCMTR.EXE
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-15.12.2008.log" (~7747 bytes)
- "C:\AD-report-Scan-15.12.2008.log" (~18660 bytes)
# END at: 17:38:04 | 15/12/2008 - Time elapsed: 5 minutes, 33 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 129 lines ]
+---------------------------------------------------------------------------+
D'après le rapport, ta page d'accueil n'est plus lo.st.
Bonjour Destrio,
Desole d'utiliser un sujet qui n est pas le mien mais je n ai pas de moyen de te contacter autrement. Tu m avais tres gentillement et tres efficacement aide il y a plusieurs moi pour un problem de trojan.
J ai malheureusement un nouveau prob que j ai poste sur "j ai recu un virus pour noel". Pourrais tu me donner ton avis ? Ce serait trop sympa :)
Ps: si ca t embete de repondre, ne le fais pas, pas de probleme. Je ne veux pas t embeter.
Desole d'utiliser un sujet qui n est pas le mien mais je n ai pas de moyen de te contacter autrement. Tu m avais tres gentillement et tres efficacement aide il y a plusieurs moi pour un problem de trojan.
J ai malheureusement un nouveau prob que j ai poste sur "j ai recu un virus pour noel". Pourrais tu me donner ton avis ? Ce serait trop sympa :)
Ps: si ca t embete de repondre, ne le fais pas, pas de probleme. Je ne veux pas t embeter.
Pourtant dès l'ouverture c'est bien lo.st qui est là >< il y a surement un truc que j'ai du mal faire, j'ai pourtant confirmé la valeur supprimée avec spybot, il y a quelque chose qui reste malgré tous ces scans, je me demande si je ne vais pas en refaire un en mode sans échec cette fois ci.
