Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Exploit.ADODB.Stream.Y

dombilepetitlutin
 Partager

Messages recommandés

dombilepetitlutin Junior Member

dombilepetitlutin

Posté(e)
Posté(e) (modifié)

Salut,

 

Voila BitDefender me detecte ce virus, enfin plutot il me dit qu'il est suspect. Mais depuis que ce fichier est là, ba mon PC bogue. Je le supprime en mode sans echec mais il revient même en enlevant la restauration du système. Voila si vous pouviez m'aider merci. Il se trouve ici "C:\1.vbs"

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:30:33, on 02/09/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\System32\RunDll32.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

c:\program files\softwin\bitdefender10\bdmcon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe

O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Modifié par dombilepetitlutin

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

il est dans c:\1.vbs ?

Faudrait le chemin complet stp.

 

 

- Télécharge DiagHelp.zip sur ton bureau

- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout

- Un nouveau dossier chercher va être créé DiagHelp

- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)

- Une fenêtre va s'ouvrir, choisis l'option 1

- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :

-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout

-- A nouveau menu Edition / copier

-- Dans un nouveau message ici, faire un clic droit / coller

dombilepetitlutin Junior Member

dombilepetitlutin

Posté(e)
  • Auteur
Posté(e)

Le virus se trouve juste dans C:\ et c'est un fichier, un script, il se nomme "1.vbs"

 

C:\WINDOWS\System32\bdod.bin -->02/09/2006 20:54:29

C:\WINDOWS\System32\V -->02/09/2006 13:43:47

C:\WINDOWS\System32\wpa.dbl -->28/08/2006 22:59:18

C:\WINDOWS\System32\getfile.dat -->28/08/2006 22:03:30

C:\WINDOWS\System32\Uninstall.ico -->28/08/2006 18:02:14

C:\WINDOWS\System32\pavas.ico -->28/08/2006 18:02:14

C:\WINDOWS\System32\Help.ico -->28/08/2006 18:02:14

C:\WINDOWS\System32\cserv.dll -->26/08/2006 16:56:02

C:\WINDOWS\System32\SVKP.sys -->22/08/2006 09:27:22

C:\WINDOWS\System32\apache.dll -->21/07/2006 23:11:43

C:\WINDOWS\System32\FNTCACHE.DAT -->11/07/2006 21:58:55

C:\WINDOWS\System32\OODBS.lor -->11/07/2006 17:10:28

C:\WINDOWS\System32\uxtheme.dll -->09/07/2006 23:13:14

C:\WINDOWS\System32\sirenacm.dll -->06/06/2006 12:37:54

C:\WINDOWS\System32\QuickTimeVR.qtx -->04/05/2006 17:35:12

C:\WINDOWS\System32\QuickTime.qts -->04/05/2006 17:35:08

C:\WINDOWS\System32\MRT.exe -->03/05/2006 21:26:24

C:\WINDOWS\System32\atiiiexx.dll -->03/05/2006 18:54:10

C:\WINDOWS\System32\ati2dvag.dll -->03/05/2006 18:51:00

C:\WINDOWS\System32\atipdlxx.dll -->03/05/2006 18:45:35

C:\WINDOWS\System32\Oemdspif.dll -->03/05/2006 18:45:22

C:\WINDOWS\System32\Ati2mdxx.exe -->03/05/2006 18:45:14

C:\WINDOWS\System32\ati2edxx.dll -->03/05/2006 18:45:07

C:\WINDOWS\System32\ati2evxx.dll -->03/05/2006 18:44:55

C:\WINDOWS\System32\ati2evxx.exe -->03/05/2006 18:43:46

 

C:\WINDOWS\win.ini -->02/09/2006 21:54:28

C:\WINDOWS\QTFont.qfn -->02/09/2006 21:21:59

C:\WINDOWS\QTFont.for -->02/09/2006 21:21:59

C:\WINDOWS\NeroDigital.ini -->02/09/2006 20:51:16

C:\WINDOWS\0.log -->02/09/2006 20:25:55

C:\WINDOWS\wiaservc.log -->02/09/2006 20:25:39

C:\WINDOWS\wiadebug.log -->02/09/2006 20:25:39

C:\WINDOWS\bootstat.dat -->02/09/2006 20:25:23

C:\WINDOWS\ntbtlog.txt -->02/09/2006 20:24:19

C:\WINDOWS\SchedLgU.Txt -->02/09/2006 20:18:40

C:\WINDOWS\Sti_Trace.log -->02/09/2006 19:15:49

C:\WINDOWS\ModemLog_U.S. Robotics 56K Fax Host Int.txt -->30/08/2006 07:35:41

C:\WINDOWS\BlendSettings.ini -->15/08/2006 20:22:49

C:\WINDOWS\mozver.dat -->26/07/2006 19:58:53

C:\WINDOWS\Benjamin.pcb -->13/07/2006 20:12:24

 

C:\WINDOWS\ml-cleanup.exe |02/04/2002 17:08:34

C:\WINDOWS\ml-uninstall-v10.exe |02/04/2002 17:08:36

C:\WINDOWS\ml-winamp-shutdown.exe |02/04/2002 17:08:32

C:\WINDOWS\uneng.exe |29/07/2005 19:52:56

C:\WINDOWS\UninstallFirefox.exe |17/03/2006 22:58:29

C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20

C:\WINDOWS\hcextoutput.dll |28/04/2006 21:58:19

C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46

C:\WINDOWS\system32\append.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\ati2sgag.exe |25/06/2006 21:54:15

C:\WINDOWS\system32\debug.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\DeleteCPL.exe |26/07/2005 22:56:05

C:\WINDOWS\system32\dosx.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34

C:\WINDOWS\system32\edlin.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\EndInstall.exe |24/07/2005 15:01:36

C:\WINDOWS\system32\exe2bin.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\fastopen.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\FirstReboot.exe |22/07/2006 16:29:07

C:\WINDOWS\system32\mem.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\mscdexnt.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\nlsfunc.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\nw16.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\redir.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\setver.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\share.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\swreg.exe |22/05/2006 21:28:03

C:\WINDOWS\system32\swsc.exe |22/05/2006 21:28:03

C:\WINDOWS\system32\UninstallXP.exe |22/07/2006 16:29:07

C:\WINDOWS\system32\vwipxspx.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\WRKGADM.EXE |17/12/1996 00:00:00

C:\WINDOWS\system32\amstream.dll |22/01/2006 13:15:27

C:\WINDOWS\system32\apache.dll |21/07/2006 23:11:43

C:\WINDOWS\system32\compatUI.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\cpuinf32.dll |17/12/2005 15:20:17

C:\WINDOWS\system32\cserv.dll |27/08/2006 18:43:25

C:\WINDOWS\system32\DOCOBJ.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\HLINKPRX.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\Ir32_32.dll |07/11/1995 14:46:00

C:\WINDOWS\system32\Iyvu9_32.dll |17/12/2005 15:20:20

C:\WINDOWS\system32\mciqtz32.dll |22/01/2006 13:15:27

C:\WINDOWS\system32\MMSwitch.dll |15/11/2002 14:11:26

C:\WINDOWS\system32\msdmo(3).dll |24/07/2005 19:05:08

C:\WINDOWS\system32\msdmo.dll |22/01/2006 13:15:30

C:\WINDOWS\system32\msencode.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\ODBCSTF.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\ogg.dll |14/12/2002 23:46:02

C:\WINDOWS\system32\oggDS.dll |14/12/2002 23:46:02

C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16

C:\WINDOWS\system32\psfind.dll |30/06/2006 18:00:38

C:\WINDOWS\system32\psisdecd.dll |22/01/2006 13:15:47

C:\WINDOWS\system32\qedwipes.dll |22/01/2006 13:15:31

C:\WINDOWS\system32\scriptpw.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\SIntf16.dll |25/09/2005 14:32:26

C:\WINDOWS\system32\SIntf32.dll |25/09/2005 14:32:27

C:\WINDOWS\system32\SIntfNT.dll |25/09/2005 14:32:27

C:\WINDOWS\system32\sockspy.dll |26/01/2006 20:19:52

C:\WINDOWS\system32\tsd32.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\unrar.dll |17/12/2005 15:20:22

C:\WINDOWS\system32\VAFR232.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\vidx16.dll |29/12/2005 13:09:57

C:\WINDOWS\system32\vorbis.dll |14/12/2002 23:46:02

C:\WINDOWS\system32\vorbisenc.dll |14/12/2002 22:46:04

C:\WINDOWS\system32\win87em.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\xmlparse.dll |26/10/2005 16:51:39

C:\WINDOWS\system32\xmltok.dll |26/10/2005 16:51:39

C:\WINDOWS\system32\xreglib.dll |06/12/2002 17:37:06

C:\WINDOWS\system32\xvidcore.dll |20/12/2004 12:03:26

C:\WINDOWS\system32\xvidvfw.dll |20/12/2004 12:08:28

C:\WINDOWS\system32\ZPORT4AS.dll |28/08/2006 18:03:10

C:\WINDOWS\ml-cleanup.exe |02/04/2002 17:08:34

C:\WINDOWS\ml-uninstall-v10.exe |02/04/2002 17:08:36

C:\WINDOWS\ml-winamp-shutdown.exe |02/04/2002 17:08:32

C:\WINDOWS\uneng.exe |29/07/2005 19:52:56

C:\WINDOWS\UninstallFirefox.exe |17/03/2006 22:58:29

C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20

C:\WINDOWS\hcextoutput.dll |28/04/2006 21:58:19

C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46

C:\WINDOWS\system32\append.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\debug.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\DeleteCPL.exe |26/07/2005 22:56:05

C:\WINDOWS\system32\dosx.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\edlin.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\EndInstall.exe |24/07/2005 15:01:36

C:\WINDOWS\system32\exe2bin.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\fastopen.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\FirstReboot.exe |22/07/2006 16:29:07

C:\WINDOWS\system32\mem.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\mscdexnt.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\nlsfunc.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\nw16.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\redir.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\setver.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\share.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\SrchSTS.exe |22/05/2006 21:28:03

C:\WINDOWS\system32\swreg.exe |22/05/2006 21:28:03

C:\WINDOWS\system32\swsc.exe |22/05/2006 21:28:03

C:\WINDOWS\system32\UninstallXP.exe |22/07/2006 16:29:07

C:\WINDOWS\system32\vwipxspx.exe |28/09/2001 14:00:00

C:\WINDOWS\system32\WRKGADM.EXE |17/12/1996 00:00:00

C:\WINDOWS\system32\amstream.dll |22/01/2006 13:15:27

C:\WINDOWS\system32\apache.dll |21/07/2006 23:11:43

C:\WINDOWS\system32\cpuinf32.dll |17/12/2005 15:20:17

C:\WINDOWS\system32\cserv.dll |27/08/2006 18:43:25

C:\WINDOWS\system32\DOCOBJ.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\HLINKPRX.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\Ir32_32.dll |07/11/1995 14:46:00

C:\WINDOWS\system32\Iyvu9_32.dll |17/12/2005 15:20:20

C:\WINDOWS\system32\mciqtz32.dll |22/01/2006 13:15:27

C:\WINDOWS\system32\MMSwitch.dll |15/11/2002 14:11:26

C:\WINDOWS\system32\msdmo(3).dll |24/07/2005 19:05:08

C:\WINDOWS\system32\msdmo.dll |22/01/2006 13:15:30

C:\WINDOWS\system32\msencode.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\ODBCSTF.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\ogg.dll |14/12/2002 23:46:02

C:\WINDOWS\system32\psfind.dll |30/06/2006 18:00:38

C:\WINDOWS\system32\psisdecd.dll |22/01/2006 13:15:47

C:\WINDOWS\system32\qedwipes.dll |22/01/2006 13:15:31

C:\WINDOWS\system32\SIntf16.dll |25/09/2005 14:32:26

C:\WINDOWS\system32\SIntf32.dll |25/09/2005 14:32:27

C:\WINDOWS\system32\SIntfNT.dll |25/09/2005 14:32:27

C:\WINDOWS\system32\sockspy.dll |26/01/2006 20:19:52

C:\WINDOWS\system32\tsd32.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\unrar.dll |17/12/2005 15:20:22

C:\WINDOWS\system32\VAFR232.DLL |17/12/1996 00:00:00

C:\WINDOWS\system32\vidx16.dll |29/12/2005 13:09:57

C:\WINDOWS\system32\vorbis.dll |14/12/2002 23:46:02

C:\WINDOWS\system32\vorbisenc.dll |14/12/2002 22:46:04

C:\WINDOWS\system32\win87em.dll |28/09/2001 14:00:00

C:\WINDOWS\system32\xmlparse.dll |26/10/2005 16:51:39

C:\WINDOWS\system32\xmltok.dll |26/10/2005 16:51:39

C:\WINDOWS\system32\xreglib.dll |06/12/2002 17:37:06

C:\WINDOWS\system32\xvidcore.dll |20/12/2004 12:03:26

C:\WINDOWS\system32\xvidvfw.dll |20/12/2004 12:08:28

C:\WINDOWS\system32\ZPORT4AS.dll |28/08/2006 18:03:10

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 30EF-A7EC

 

Répertoire de C:\WINDOWS\system32

 

28/09/2001 14:00 4 096 csrss.exe

1 fichier(s) 4 096 octets

0 Rép(s) 17 116 581 888 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 30EF-A7EC

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

28/08/2006 18:06 <REP> .

28/08/2006 18:06 <REP> ..

18/04/2006 16:04 273 728 AdVerifierADP.dll

11/04/2006 17:10 135 168 asinst.dll

03/04/2006 11:00 537 asinst.inf

24/07/2005 12:04 65 desktop.ini

09/02/2005 16:54 1 271 erma.inf

06/04/2006 16:40 621 hcImpl.inf

26/04/2006 17:51 359 936 Housecall_ActiveX.dll

29/05/2003 15:00 160 864 messengerstatsclient.dll

29/05/2003 15:00 84 064 minesweeper.dll

18/11/1999 14:48 995 mpeg4ax.inf

27/08/2005 14:30 5 065 swflash.inf

26/05/2005 04:19 291 wuweb.inf

20/08/2002 20:48 172 664 xenroll.dll

20/08/2002 20:52 289 xenroll.inf

02/11/2005 18:01 1 777 xscan.inf

02/11/2005 18:07 435 712 xscan53.ocx

16 fichier(s) 1 633 047 octets

 

Total des fichiers listés :

16 fichier(s) 1 633 047 octets

2 Rép(s) 17 116 581 888 octets libres

 

Liste des programmes installes

 

2350

2350_Help

2350Trb

a-squared Free 2.0

Ad-Aware SE Personal

Adobe Acrobat 4.0

Adobe Photoshop Elements

AiO_Scan

AiOSoftware

Analyseur et SDK XML Microsoft

Archiveur WinRAR

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI HydraVision

µTorrent

Battlefield 2

BitDefender Antivirus Plus v10

BufferChm

Call of Duty® 2

Call of Duty® 2

CCleaner (remove only)

Copy

Correctif Windows XP - Article Base de Connaissances 834707

Correctif Windows XP - KB823559

Correctif Windows XP - KB828741

Correctif Windows XP - KB835732

Correctif Windows XP - KB842773

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

DH Driver Cleaner Professional Edition

Director

DocProc

DocumentViewer

EVEREST Home Edition v2.20

ewido anti-spyware 4.0

Far Cry

Far Cry

Far Cry (Patch 1.3)

Far Cry (Patch 1.31)

Far Cry (Patch 1.33)

Fax

FinePixViewer Resource

FinePixViewer Ver.5.1

FireTune

FUJIFILM USB Driver

Gestionnaire Internet

Google Earth

Google Toolbar for Internet Explorer

Half-Life® 2

Hercules Crystal Sound Cards

HijackThis 1.99.1

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

ImageMixer VCD2 LE for FinePix

InstantShare

iPod for Windows 2005-09-23

iPod for Windows 2005-09-23

iPod for Windows 2006-03-23

iPod for Windows 2006-03-23

iTunes

iTunes

J2SE Runtime Environment 5.0 Update 6

JourneySoftware

JourneySoftwarePromo

Language pack for Ad-Aware SE

Lecteur Windows Media 10

LimeWire PRO 4.12.0

Livebox

Lyra System File Update Utility

Macromedia Flash Player 8

Macromedia Shockwave Player

MarketResearch

Medi@Show

Media Player Classic fr

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft Data Access Components KB870669

Microsoft IntelliPoint 5.0

Microsoft IntelliType Pro 5.0

Microsoft Office 97 Professional

MoodLogic

MoodLogic DeviceLink

Mozilla Firefox (1.5.0.6)

Navigateur Orange

Nero 7 Demo

Nikon View 6

OpenOffice.org 2.0

Opera 9.01

Pack Longhorn Inspirat 1.0

Package du correctif Windows XP [voir Q329115 pour plus de détails]

Panda ActiveScan

PanoStandAlone

PhotoGallery

PowerDVD

ProductContext

QFolder

QuickTime

QuickTime

RAW FILE CONVERTER LE

Readme

Scan

ScannerCopy

Sentinel System Driver 5.42.1 (32-bit)

Shareaza version 2.2.1.0

SkinsHP1

SLD Codec Pack

Spybot - Search & Destroy 1.4

Steam

Steam

Titan Quest

TopSolid 2006 By Missler Software

TopSolid/Finder 2006 by Missler Software

TopSolid/Viewer 2006 by Missler Software

TrayApp

TuneUp Utilities 2006

Unload

Unlocker 1.8.4

VideoLAN VLC media player 0.8.5

Wanadoo Messager

WebFldrs XP

WebReg

Windows Live Messenger

Windows Media Format Runtime

Windows XP Hotfix - KB823980

Windows XP Hotfix (SP1) [see Q317181 for more information]

Windows XP Hotfix (SP1) [see Q329048 for more information]

Windows XP Hotfix (SP1) [see Q329390 for more information]

Windows XP Hotfix (SP1) [see Q329441 for more information]

Windows XP Hotfix (SP1) [see Q329834 for more information]

Windows XP Hotfix (SP1) Q329170

Windows XP Hotfix (SP1) Q810577

Windows XP Hotfix (SP1) Q810833

Windows XP Hotfix (SP1) Q815021

Windows XP Hotfix (SP1) Q817606

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 30EF-A7EC

 

Répertoire de C:\Program Files

 

01/09/2006 19:53 <REP> .

01/09/2006 19:53 <REP> ..

27/08/2006 20:01 <REP> a-squared Free

25/01/2006 11:34 <REP> Activision

16/10/2005 20:26 <REP> Adobe

25/06/2006 21:56 <REP> ATI Technologies

06/07/2006 18:24 <REP> CCleaner

01/09/2006 17:30 <REP> Common Files

29/12/2005 13:09 <REP> CyberLink

25/06/2006 21:09 <REP> Driver Cleaner Pro

23/06/2006 14:17 <REP> EA GAMES

28/08/2006 18:56 <REP> ewido anti-spyware 4.0

01/09/2006 17:30 <REP> Fichiers communs

08/01/2006 15:04 <REP> FinePixViewer

02/05/2006 20:01 <REP> FireTune

28/08/2006 18:06 <REP> Google

19/07/2006 21:44 <REP> Hercules

15/01/2006 19:15 <REP> Hewlett-Packard

15/01/2006 19:21 <REP> HP

03/08/2006 15:52 461 INSTALL.LOG

01/09/2006 17:30 <REP> Internet Explorer

23/04/2006 18:22 <REP> iPod

28/08/2006 18:06 <REP> iTunes

19/03/2006 00:10 <REP> Java

02/07/2006 20:50 <REP> Lavalys

19/04/2006 17:48 <REP> Lavasoft

09/08/2006 10:12 <REP> LimeWire

28/08/2006 23:05 <REP> Media Player Classic

24/07/2005 17:18 <REP> Messenger

24/07/2005 12:05 <REP> microsoft frontpage

28/08/2006 18:06 <REP> Microsoft IntelliPoint

28/08/2006 18:06 <REP> Microsoft IntelliType Pro

29/05/2006 17:12 <REP> Microsoft Office

03/08/2005 17:29 <REP> MoodLogic

24/07/2005 12:03 <REP> Movie Maker

02/09/2006 20:43 <REP> Mozilla Firefox

24/07/2005 12:02 <REP> MSN

24/07/2005 12:01 <REP> MSN Gaming Zone

20/06/2006 12:17 <REP> MSN Messenger

27/05/2006 19:40 <REP> MSXML 4.0

20/04/2006 22:14 <REP> Nero

27/05/2006 19:55 <REP> NetMeeting

26/07/2005 01:25 <REP> Nikon

04/07/2006 15:00 <REP> OpenOffice.org 2.0

28/08/2006 18:06 <REP> Opera

01/09/2006 17:30 <REP> Outlook Express

19/12/2005 21:25 <REP> PIXELA

30/06/2006 20:51 <REP> QuickTime

26/04/2006 19:51 <REP> Rainbow Technologies

24/06/2006 12:28 <REP> SAGEM

21/06/2006 23:42 <REP> Securitoo

24/07/2005 12:03 <REP> Services en ligne

28/06/2006 15:06 <REP> Shareaza

28/08/2006 23:05 <REP> SLD Codec Pack

28/08/2006 23:11 <REP> Softwin

28/08/2006 18:06 <REP> Spybot - Search & Destroy

03/08/2005 17:31 <REP> Thomson

30/06/2006 17:56 <REP> THQ

24/07/2005 14:56 <REP> Trend Micro

28/08/2006 18:07 <REP> TuneUp Utilities 2006

10/08/2006 13:05 <REP> Ubisoft

02/09/2006 13:42 <REP> Unlocker

12/08/2006 20:01 <REP> uTorrent

01/02/2006 22:55 <REP> Valve

13/07/2006 22:47 <REP> VideoLAN

02/09/2006 21:05 <REP> Wanadoo

24/07/2005 15:08 <REP> Wanadoo Messager

28/08/2006 18:06 <REP> Windows Media Player

29/05/2006 17:12 <REP> Windows Messaging

24/07/2005 12:01 <REP> Windows NT

19/04/2006 17:15 <REP> WinRAR

24/07/2005 12:05 <REP> xerox

1 fichier(s) 461 octets

71 Rép(s) 17 116 811 264 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 30EF-A7EC

 

Répertoire de C:\Program Files\fichiers communs

 

01/09/2006 17:30 <REP> .

01/09/2006 17:30 <REP> ..

29/07/2005 20:37 <REP> Adaptec Shared

16/10/2005 20:26 <REP> Adobe

21/04/2006 13:26 <REP> Ahead

18/04/2006 15:04 <REP> DirectX

15/01/2006 19:15 <REP> Hewlett-Packard

15/01/2006 19:18 <REP> HP

26/10/2005 16:42 <REP> InstallShield

18/03/2006 23:18 <REP> Java

01/09/2006 17:30 <REP> Microsoft Shared

24/07/2005 12:02 <REP> MSSoap

26/07/2005 01:25 <REP> Nikon

24/07/2005 12:55 <REP> ODBC

24/07/2005 12:03 <REP> Services

28/08/2006 23:57 <REP> Softwin

24/07/2005 12:55 <REP> SpeechEngines

24/07/2005 12:03 <REP> System

15/03/2006 21:11 <REP> Wise Installation Wizard

0 fichier(s) 0 octets

19 Rép(s) 17 116 811 264 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 30EF-A7EC

 

Répertoire de C:\Program Files\common files

 

01/09/2006 17:30 <REP> .

01/09/2006 17:30 <REP> ..

29/03/2006 18:47 <REP> EasyInfo

03/08/2005 17:29 <REP> Microsoft Shared

01/09/2006 17:30 <REP> System

0 fichier(s) 0 octets

5 Rép(s) 17 116 811 264 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 30EF-A7EC

 

Répertoire de C:\

 

24/05/2001 13:59 162 304 UNWISE.EXE

1 fichier(s) 162 304 octets

0 Rép(s) 17 116 811 264 octets libres

c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\0U5Z3817\Gestionnaire_internetLB[1].exe

c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\G9M745U3\DSLTest[1].exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\77.30_winxp_international.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\77.72_win2kxp_international.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\AdAware_6_Standard_Plus_Pro_FR.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\dsltest.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\everestultimate250.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\gestionnaire_internetlb.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\googleearthwin.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\maxblast4.exe

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\PKUNZIP.EXE

c:\Documents and Settings\Alain\Mes documents\alain.cheyrou\spybotsd14.exe

c:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

c:\Documents and Settings\Benjamin\.limewire\.NetworkShare\LimeWireWin4.12.6-fixed.exe

c:\Documents and Settings\Benjamin\.limewire\.NetworkShare\Incomplete\T-4379440-LimeWireWin4.12.6-nopack.exe

c:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{0049F6AE-4FE2-4C43-A039-60FCE98A1986}\ARPPRODUCTICON.exe

c:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe

c:\Documents and Settings\Benjamin\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe

c:\Documents and Settings\Benjamin\Bureau\bitdefender_avplus_v10.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\FilesInfoCmd.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\Fport.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\grep.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\LFiles.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\LISTDLLS.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\pslist.exe

c:\Documents and Settings\Benjamin\Bureau\diaghelp\streams.exe

c:\Documents and Settings\Benjamin\Local Settings\Temp\a2temp\a2cmd.exe

c:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\a2FreeSetup.exe

c:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\setup.exe

c:\Documents and Settings\Benjamin\Mes documents\alain.cheyrou\Hercules downloads\cscv609.exe

c:\Documents and Settings\Benjamin\Mes documents\Downloads\Shareaza_2.2.1.0.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\media-player-classic_media_player_classic_6.4.9.0b_xp_.exe_francais_11019.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\sld.codec.pack.2.2.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\half life 2\mod\c14_chap1_setup.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\half life 2\mod\GmodPlus15.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Gestionnaire_internetLB.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\iPodSetup.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\itunes_itunes_6.0.5_francais_11140.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\DC3Setup_33\setup.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ad-aware-se-personal_ad-aware_se_personal_1.6_anglais_12797.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ATF-Cleaner.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ccleaner-crap-cleaner_ccleaner_crap_cleaner_1.31.325_francais_14492.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ccsetup129.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\daemon403-x86.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\everest_everest_2.20_francais_12281.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\ewido-setup.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\free-download-manager_free_download_manager_2.0.417_anglais_12841.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\free-download-manager_free_download_manager_patch_vf_francais_12841.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\klmcodec145.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\LimeWireWin.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\OOo_2.0.3_Win32Intel_install_fr.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\Shareaza_2.2.1.0.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\sld.codec.pack.2.2.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\uTorrent-1.6-install.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\windows-live-messenger_windows_live_messenger_8.0.0787.00_francais_19367.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Divers\wrar350fr.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Drivers carte graphique\6-5_xp-2k_dd_ccc_wdm_enu_32464.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\BF2_Incremental_122_13.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\bf2_patch_1.21.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Jeu\Patch\bf2incrementalpatch1.21-1.22.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Firefox Setup 1.5.0.1.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\firetune_firetune_1.1.1_francais_14750.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.3_francais_11003.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.4_francais_11003.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\mozilla-firefox_mozilla_firefox_1.5.0.5_francais_11003.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Opera 9 International Setup.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\Opera_9.01_International_Setup.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\ow32frfr853.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Navigateur Internet\ow32frfr854.exe

c:\Documents and Settings\Benjamin\Mes documents\Mes documents\telecharger\Nero\Nero-7.0.8.2_fra_no_yt.exe

c:\Documents and Settings\Benjamin\Mes documents\My Games\Titan Quest\TitanQuest1_08.exe

c:\Documents and Settings\Benjamin\Mes documents\My Games\Titan Quest\TitanQuest1_11.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

c:\Documents and Settings\Benjamin\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\uvucqgdo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll

c:\Documents and Settings\Reno\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Donne l'adresse de ton blog en privé stp.

 

____

 

 

- Télécharge et installe ewido

- Mets le à jour à partir du menu update en haut, n'hésite pas à consulter l'Aide ewido pour tout problème.

- Télécharge clean.zip, décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

 

-- Redémarre en mode en mode sans échec, si tu sais pas comment on fait lis ceci

-- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

 

Supprime ce fichier C:\1.vbs

 

- Ouvre ewido et clic sur l'onglet Settings, pour How to Act sélèctionne Quarantine.

Reviens a l'onglet Scan cliques Complete system Scan.

Le scan démarre.

A la fin cliquer sur Apply all actions

Puis sur Save report et pour finir Save report as enregistrer sur le Bureau.

 

 

Aide : N'hésite pas à consulter l'Aide ewido pour tout problème.

 

 

-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur

Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

 

-- Fais un scan en ligne avec Internet Explorer : Scan Kaspersky et colle le rapport ici. Si tu es perdu, tu peux suivre cette aide pour les scans en ligne

-- Copie/Colle ici les rapports :

- ewido

- le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt

- ainsi qu'un nouveau log HijackThis

dombilepetitlutin Junior Member

dombilepetitlutin

Posté(e)
  • Auteur
Posté(e) (modifié)

Salut, je met ici les rapports d'Ewido et de Clean, pour ce qui est de celui de Kaspersky je le posterai demain matin car la, je vais aller me coucher. Merci d'avance de ton aide. Pour ce qui est du blog, je n'en ai pas.

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 23:53:27 02/09/2006

 

+ Scan result:

 

 

 

C:\Program Files\FinePixViewer\System\slideshow_setting.dll -> Adware.Dm : Cleaned with backup (quarantined).

C:\Documents and Settings\Alain\Cookies\alain@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

C:\Documents and Settings\Alain\Cookies\alain@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\Benjamin\Cookies\benjamin@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).

 

 

::Report end

 

 

Script clean par Malekal_morte - http://www.malekal.com

 

Microsoft Windows XP [version 5.1.2600]

Script execute en mode sans echec

 

*** Suppression de fichiers sur C:

 

*** Suppression des fichiers dans C:\WINDOWS\

C:\WINDOWS\IsUninst.exe FOUND

 

*** Suppression des fichiers dans C:\WINDOWS\system32

C:\WINDOWS\system32\bdod.bin FOUND

C:\WINDOWS\system32\TFTP* FOUND

 

 

*** Suppression des clefs du registre effectuee..

Modifié par dombilepetitlutin
dombilepetitlutin Junior Member

dombilepetitlutin

Posté(e)
  • Auteur
Posté(e)

Kaspersky n'a rien trouvé et voici le log d'hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 14:45:48, on 03/09/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

c:\program files\softwin\bitdefender10\bdmcon.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Benjamin\Mes documents\Mes documents\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe

O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148737195947

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

 

 

PS : Le fichier 1.vbs est revenu.

Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Désinstalle ewido.

 

Ouvre le bloc-note et copie/colle le contenu du cadre ci-dessous :

 

cd \

dir /a /s /o:n /b c:\*.vbs > %systemdrive%\resultat.txt

dir /a /s /o:n /b c:\*DRVBACKUP* >> %systemdrive%\resultat.txt

dir /a /s /o:n /b c:\*DRVBACKUP* >> %systemdrive%\resultat.txt

dir /a /s /o:n /b ICMON.exe >> %systemdrive%\resultat.txt

dir /a /s /o:n /b ICNTMON.exe >> %systemdrive%\resultat.txt

notepad %systemdrive%\resultat.txt

 

- Une fois le contenu collé dans le bloc-note

- Enregistre le fichier (Menu fichier puis enregistrer-sous) sous le nom go.cmd sur ton bureau

- Double-clic sur go, une fenetre va s'ouvrir... Cela va durer plusieurs minutes, ne touche à rien.

- Le Bloc-note va s'ouvrir, copie/colle le rapport ici.

 

____

 

Télécharge et utilise Silentrunners http://www.silentrunners.org/Silent%20Runners.vbs

Clic droit sur le lien et choisis Enregistrer la cible sous

Double clic sur Silentrunners, patiente un peu rapport sera généré, quant ce sera terminé tu en sera averti, poste ce rapport

dombilepetitlutin Junior Member

dombilepetitlutin

Posté(e)
  • Auteur
Posté(e)

Voila :

 

c:\1.vbs

c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\8260WR61\eliotManager[1].vbs

c:\Documents and Settings\Alain\Local Settings\Temporary Internet Files\Content.IE5\DJ3X7DJ4\FlashPlayerDetect[2].vbs

c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\counter-strike source\cstrike\detail.vbsp

c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\day of defeat source\dod\detail.vbsp

c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\half-life 2\hl2\detail.vbsp

c:\Program Files\Valve\Steam\SteamApps\dombilepetitlutin\half-life 2 deathmatch\hl2mp\detail.vbsp

c:\Program Files\Valve\Steam\SteamApps\SourceMods\Hypnose\detail.vbsp

c:\Program Files\Valve\Steam\SteamApps\SourceMods\Source Racer\detail.vbsp

c:\WINDOWS\system32\eventquery.vbs

c:\WINDOWS\system32\pagefileconfig.vbs

c:\WINDOWS\system32\prncnfg.vbs

c:\WINDOWS\system32\prndrvr.vbs

c:\WINDOWS\system32\prnjobs.vbs

c:\WINDOWS\system32\prnmngr.vbs

c:\WINDOWS\system32\prnport.vbs

c:\WINDOWS\system32\prnqctl.vbs

c:\WINDOWS\system32\pubprn.vbs

c:\WINDOWS\system32\dllcache\evtquery.vbs

c:\WINDOWS\system32\dllcache\pagefile.vbs

c:\WINDOWS\system32\dllcache\prncnfg.vbs

c:\WINDOWS\system32\dllcache\prndrvr.vbs

c:\WINDOWS\system32\dllcache\prnjobs.vbs

c:\WINDOWS\system32\dllcache\prnmngr.vbs

c:\WINDOWS\system32\dllcache\prnport.vbs

c:\WINDOWS\system32\dllcache\prnqctl.vbs

c:\WINDOWS\system32\dllcache\pubprn.vbs

 

 

 

"Silent Runners.vbs", revision 47, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [empty string]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]

"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]

"BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

"HGTXPEI" = "C:\WINDOWS\System32\FirstReboot.exe" [null data]

"SoundFusion" = "RunDll32 hercplgs.cpl,BootEntryPoint" [MS]

"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]

"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]

"BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]

"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]

"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]

"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"

-> {HKLM...CLSID} = "Page de propriétés sans fil"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]

"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"

-> {HKLM...CLSID} = "Page des propriétés de la roulette"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]

"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"

-> {HKLM...CLSID} = "Page des propriétés des activités"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]

"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"

-> {HKLM...CLSID} = "Page des propriétés des boutons"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]

"{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"

-> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]

"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"

-> {HKLM...CLSID} = "NikonView Drop Extension"

\InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0787.00.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"

-> {HKLM...CLSID} = "SimpleShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"

-> {HKLM...CLSID} = "a-squared Free Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

 

 

Startup items in "Benjamin" & "All Users" startup folders:

----------------------------------------------------------

 

C:\Documents and Settings\Benjamin\Menu Démarrer\Programmes\Démarrage

"Stardock ObjectDock" -> shortcut to: "C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"]

 

 

Enabled Scheduled Tasks:

------------------------

 

"HPpromotions journeysoftware" -> launches: "C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"]

"Maintenance en 1 clic" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

"{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]

 

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"]

BitDefender Desktop Update Service, LIVESRV, "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe /service" ["SOFTWIN S.R.L."]

BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data]

BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender10\vsserv.exe /service" ["SOFTWIN S.R.L."]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]

Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}

TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe" ["TuneUp Software GmbH"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 669 seconds, including 4 seconds for message boxes)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...