URGENT - INFECTE PAR WIN32

[maouss]

Bonjour,

 

J'utilise avast et pourtant mon système est infecté par win32. Aidez-moi à m'en débarrasser. Ci-après mon rapport Hijackthis. Merci.

 

Logfile of HijackThis v1.99.1

Scan saved at 09:59 Nathalie, on 19/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\bittorrent.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

[bruce lee]

Bonjour maouss,

 

Peux tu me dire le nom du fichier infecté s'il te plait ainsi que son emplacement (quel dossier)

 

@+

[maouss]

Je te joins le journal d'avast :

 

18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\xnwisdtr.dll" file.

18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\xnwisdtr.dll" file.

18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnwisdtr.dll" file.

18/04/2007 10:58 Nathalie SYSTEM 1924 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnwisdtr.dll" file.

18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\prmvymfs.dll" file.

18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\prmvymfs.dll" file.

18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prmvymfs.dll" file.

18/04/2007 11:32 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prmvymfs.dll" file.

18/04/2007 11:58 Nathalie Nathalie 3516 Sign of "Win32:Rjump [Wrm]" has been found in "c:\windows\bittorrent.exe" file.

18/04/2007 12:00 Nathalie Nathalie 3736 Sign of "Win32:Rjump [Wrm]" has been found in "c:\windows\bittorrent.exe" file.

18/04/2007 12:04 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\qomgelhy.dll" file.

18/04/2007 12:04 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\qvuvdivk.dll" file.

18/04/2007 12:05 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\WINDOWS\system32\vespflix.dll" file.

18/04/2007 12:05 Nathalie Nathalie 3880 Sign of "Win32:BHO-BG [Trj]" has been found in "C:\WINDOWS\system32\uaslcqqy.dll" file.

18/04/2007 12:05 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\tqtobjft.dll" file.

18/04/2007 12:06 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\aamhfbmj.dll" file.

18/04/2007 12:11 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\rngutbof.dll" file.

18/04/2007 12:11 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\rwgntlpo.exe" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\wubuxdug.exe" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\rduqidvw.exe" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\bbwrmfeg.dll" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\amsplwms.exe" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\epxuitdk.dll" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\yekcelya.dll" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\jxaqgekw.exe" file.

18/04/2007 12:12 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\ludugqmi.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnbjmaqd.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\ifmxpffe.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\csilrgux.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\txwrvxsd.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\pujgeipj.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dbmusjpd.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\WINDOWS\system32\qgogwmjp.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\WINDOWS\system32\poxbhnvg.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\lyknvwjm.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\noohfjgr.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\pbgpoxgu.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\yeygysxm.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\ccakbabl.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\deanxxhi.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\eioljopn.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\gvrdesrj.exe" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\coniauho.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prvluydh.dll" file.

18/04/2007 12:13 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\dwmtkkfv.dll" file.

18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\tnoueehr.dll" file.

18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\vtwxvjdw.dll" file.

18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\jmgvjbdt.dll" file.

18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\gsbycapn.dll" file.

18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\xnwisdtr.dll" file.

18/04/2007 12:14 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\WINDOWS\system32\prmvymfs.dll" file.

18/04/2007 12:22 Nathalie Nathalie 3880 Sign of "Win32:Rjump [Wrm]" has been found in "C:\WINDOWS\bittorrent.exe" file.

18/04/2007 13:01 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\Documents and Settings\Jean-Michel\Local Settings\Temp\yuolonpd.dll" file.

18/04/2007 13:56 Nathalie Nathalie 3880 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Documents and Settings\Yohan\Local Settings\Temp\4\cdn.dll" file.

18/04/2007 13:56 Nathalie Nathalie 3880 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Documents and Settings\Yohan\Local Settings\Temp\4\cdnaux.dll" file.

18/04/2007 14:11 Nathalie SYSTEM 1756 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\DOCUME~1\Nathalie\LOCALS~1\Temp\tqdulfpx.dll" file.

18/04/2007 14:22 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Lou\Local Settings\Temp\jptggwsu.exe" file.

18/04/2007 14:22 Nathalie Nathalie 3880 Sign of "Win32:Trojano-1165 [Trj]" has been found in "C:\Documents and Settings\Kévin.SALLEÀMANGER\Local Settings\Temp\WER60a2.dir00\iexplore.exe.hdmp" file.

18/04/2007 15:12 Nathalie Nathalie 3880 Sign of "Win32:Rjump [Wrm]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP815\A0201946.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208205.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208206.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208207.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BG [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208208.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208209.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208210.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208211.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208212.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208213.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208214.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208215.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208216.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208217.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208218.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208219.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208220.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208221.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208222.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208223.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208224.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208225.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208226.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208227.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:BHO-BS [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208228.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208229.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208230.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208231.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208232.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208233.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208234.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208235.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208236.exe" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208237.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208238.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208239.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208240.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208241.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208242.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208243.dll" file.

18/04/2007 15:16 Nathalie Nathalie 3880 Sign of "Win32:VBStat-C [Trj]" has been found in "C:\System Volume Information\_restore{C3469B3C-22F0-4A76-8B3B-F11115B6BF29}\RP844\A0208244.dll" file.

[bruce lee]

Re,

 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
  
• Clique sur le bouton Scan for Vundo
  
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
  
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
  
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt
  

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

 

==> Télécharge navilog1.zip (de IL-MAFIOSO) http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip enregistre ce fichier sur le bureau.

Extraie la totalité de navilog1.zip sur le bureau

==> double clic sur navilog1.bat choisis l'option 1 appuie sur la touche Entrée.

 

Laisse le scan se dérouler, ne touche pas à la souris et au clavier.

 

Le scan fini un rapport portant ce fixnavi.txt souvrira poste le contenu de ce rapport.

Si le résultat du scan ne s'affiche pas tu le trouvera dans C:\fixnavi.txt.

 

Télécharge Deckard's System Scanner http://deckard.geekstogo.com/dss.exe sur ton bureau

 

 

Ferme toutes les applications en cours

Doublie clique sur dss.exe. Tu auras deux messages qui vont apparaitre à l'écran, clique sur OK pour les deux.

 

Sois patient, le scan peut être long.

 

A la fin tu auras de nouveau un message disant que bloc-notes va s'ouvrir clique sur OK puis fais un copier/coller de tout son contenu.

Modifié le 19 avril 2007 par bruce lee

[maouss]

J'ai effectué les manips demandées. Ci-après tous les "rapports" collectés : Bon courage !

 

VundoFix V6.3.19

 

Checking Java version...

 

Java version is 1.4.2.1

Old versions of java are exploitable and should be removed.

 

Java version is 1.4.2.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.11

 

Scan started at 13:15:00 Nathalie 19/04/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\eksjllcr.dll

C:\WINDOWS\system32\fhkmp.bak1

C:\WINDOWS\system32\fhkmp.bak2

C:\WINDOWS\system32\fhkmp.ini

C:\WINDOWS\system32\fhkmp.ini2

C:\WINDOWS\system32\fhkmp.tmp

C:\WINDOWS\system32\hjkkj.ini

C:\WINDOWS\system32\hswcslvm.dll

C:\WINDOWS\system32\jkkjh.dll

C:\WINDOWS\system32\jrtgioea.dll

C:\WINDOWS\system32\kkymlmfx.dll

C:\WINDOWS\system32\nvqnvdlp.dll

C:\WINDOWS\system32\pmkhf.dll

C:\WINDOWS\system32\qghhyhsk.dll

C:\WINDOWS\system32\qupcxfly.dll

C:\WINDOWS\system32\roipxblw.ini

C:\WINDOWS\system32\ssneydkh.dll

C:\WINDOWS\system32\tgrvknsa.dll

C:\WINDOWS\system32\tvbauxyp.dll

C:\WINDOWS\system32\ugdsrvno.dll

C:\WINDOWS\system32\vtustsr.dll

C:\WINDOWS\system32\wlbxpior.dll

C:\WINDOWS\system32\xfmlmykk.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\eksjllcr.dll

C:\WINDOWS\system32\eksjllcr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fhkmp.bak1

C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fhkmp.bak2

C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fhkmp.ini

C:\WINDOWS\system32\fhkmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fhkmp.ini2

C:\WINDOWS\system32\fhkmp.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fhkmp.tmp

C:\WINDOWS\system32\fhkmp.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hjkkj.ini

C:\WINDOWS\system32\hjkkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkkjh.dll

C:\WINDOWS\system32\jkkjh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jrtgioea.dll

C:\WINDOWS\system32\jrtgioea.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kkymlmfx.dll

C:\WINDOWS\system32\kkymlmfx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\nvqnvdlp.dll

C:\WINDOWS\system32\nvqnvdlp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkhf.dll

C:\WINDOWS\system32\pmkhf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qghhyhsk.dll

C:\WINDOWS\system32\qghhyhsk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qupcxfly.dll

C:\WINDOWS\system32\qupcxfly.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\roipxblw.ini

C:\WINDOWS\system32\roipxblw.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssneydkh.dll

C:\WINDOWS\system32\ssneydkh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tgrvknsa.dll

C:\WINDOWS\system32\tgrvknsa.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ugdsrvno.dll

C:\WINDOWS\system32\ugdsrvno.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wlbxpior.dll

C:\WINDOWS\system32\wlbxpior.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xfmlmykk.ini

C:\WINDOWS\system32\xfmlmykk.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Search Navipromo version 1.1.5 commencé le 19/04/2007 à 14:02:18,07

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Poster ce rapport sur le forum pour le faire analyser !!!

!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

 

Fix lancé depuis C:\Documents and Settings\Nathalie\Bureau

Mise a jour le 13.04.2007 a 20h00 by IL-MAFIOSO

 

Executé en mode normal

 

*** Recherche Programmes installes ***

 

 

 

 

*** Recherche dossiers dans C:\WINDOWS ***

 

 

 

 

*** Recherche dossiers dans C:\Program Files ***

 

 

 

 

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

 

 

 

 

*** Recherche dossiers dans C:\Documents and Settings\Nathalie\Application Data ***

 

 

 

*** Recherche avec BlackLight Engine/F-secure ***

BlackLight Engine est un produit de F-secure, pour + d'infos :

http://www.f-secure.com/blacklight/blacklight_help.html

 

 

F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR

======================================

 

Copyright 2005-2006 F-Secure Corporation. All rights reserved.

This is a beta version. It will expire on 1st of April, 2007.

Version information: 2.2.1061.

 

[+] Started on 04/19/07 at 14:02:19.

[-] ERROR: F-Secure BlackLight could not acquire debug privileges.

[+] Exited on 04/19/07 at 14:02:19 (return code = 3).

 

 

*** Recherche fichiers ***

 

 

 

 

*** Recherche cles registre ***

 

 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

 

 

 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

 

 

 

Recherche Clé Magic Control

 

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche fichiers connus:

 

 

2)Recherche Heuristique :

*

**

C:\WINDOWS\system32\bfpzneuw.dat trouvé !

***

****

*****

******

*******

********

 

 

*** Analyse Terminé le 19/04/2007 à 14:02:34,57 ***

 

Deckard's System Scanner v20070411.38

Run by Nathalie on 2007-04-19 at 14:04:52

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

41: 2007-04-19 12:05:22 UTC - RP846 - Deckard's System Scanner Restore Point

40: 2007-04-18 20:35:48 UTC - RP845 - Point de vérification système

39: 2007-04-17 19:36:28 UTC - RP844 - Point de vérification système

38: 2007-04-16 11:53:08 UTC - RP843 - Point de vérification système

37: 2007-04-15 11:33:08 UTC - RP842 - Point de vérification système

 

 

-- First Restore Point --

1: 2007-03-24 19:23:56 UTC - RP806 - Installation de pilote non signé

 

 

Backed up registry hives.

 

Performed disk cleanup.

 

 

-- HijackThis Clone ------------------------------------------------------------

 

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-04-19 14:09:25

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.0.5730.11)

 

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\Nathalie\Bureau\dss.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

O2 - BHO: (no name) - {39F64A9C-963E-41A8-A7A6-0F785F2EAA78} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ssneydkh.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7B278C59-AB49-4F36-8C33-4DC040DB1034} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {7BF9F18C-E294-45E7-BCCB-9FDC9E9AC3EB} - C:\WINDOWS\system32\pmkhf.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

O2 - BHO: (no name) - {E861E125-5ECA-40C8-A503-0CED98ABF7E5} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {F278BBB7-EF6E-4018-AC6F-CF66CA4F25F9} - C:\WINDOWS\system32\kvugkhwp.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE

O4 - HKLM\..\Run: [disk monitor] c:\program files\generic\usb card reader driver v1.9e3\disk_monitor.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [soft help more eq] C:\Documents and Settings\All Users\Application Data\DefaultGramSoftHelp\Remotedrv.exe

O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS\system32\kkymlmfx.dll",setvm

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\wlbxpior.dll",setvm

O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe

O9 - Extra 'Tools' menuitem: (no name) - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: teleir_cert () - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000

O16 - DPF: {D27CDB55-0000-0000-0000-000000000000} () - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O18 - Protocol: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: vtustsr - C:\WINDOWS\system32\vtustsr.dll (file missing)

O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"

O23 - Service: avast! Mail Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

O23 - Service: avast! Web Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Boonty Games - Unknown owner - "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - "C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe"

 

 

-- HijackThis Fixed Entries (C:\Documents and Settings\Kévin\Bureau\hijackthis\backups\) --------------------------------------------------------------------------------

 

backup-20050423-193543-622 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

backup-20050423-193543-539 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/

backup-20050423-193543-319 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

backup-20050423-193543-494 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

backup-20050423-193543-309 R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

backup-20050423-193543-131 O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\system32\winprox.dll

backup-20050423-193543-992 O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll

backup-20050423-193543-190 O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe

backup-20050423-193543-859 O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe

backup-20050423-193543-853 O4 - HKCU\..\Run: [Win32 USB2.0 Driver] 386.exe

backup-20050423-193543-607 O4 - HKCU\..\Run: [instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess

backup-20050423-193543-344 O4 - HKCU\..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES

backup-20050423-193543-867 O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe

backup-20050423-193543-579 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

backup-20050423-193543-821 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm79689FR

backup-20050423-193543-739 O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1029_FR_XP.cab

backup-20050423-193543-134 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/Bridge-c139.cab

backup-20050423-193544-310 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

backup-20050423-193544-294 O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

backup-20050423-193544-478 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

backup-20050423-193545-665 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.56.77.243/activex/AxisCamControl.cab

backup-20050423-193545-271 O18 - Filter: text/html - {3163110E-D499-4773-AEA8-59D1A570CF41} - C:\Documents and Settings\Kévin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

backup-20050501-113316-832 O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)

backup-20050501-113316-289 O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll

backup-20050502-082215-947 R3 - Default URLSearchHook is missing

backup-20050502-082215-116 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm79689FR

backup-20050502-210529-582 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50184

backup-20050502-210529-362 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

backup-20050502-210529-757 O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe

backup-20050502-210529-227 O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe

backup-20050502-210529-317 O4 - HKCU\..\Run: [Win32 USB2.0 Driver] 386.exe

backup-20050502-210529-516 O4 - HKCU\..\Run: [instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess

backup-20050502-210529-184 O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe

backup-20050502-210529-178 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm79689FR

backup-20061105-175007-512 R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

backup-20061105-175007-242 O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

backup-20061105-175007-585 O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

backup-20061105-175007-981 O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing)

backup-20061105-175007-795 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

backup-20061105-175007-733 O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

backup-20061105-175007-199 O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys

R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys

R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys

R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys

R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys

R1 prodrv04 (Star Force copy protection driver v4) - c:\windows\system32\drivers\prodrv04.sys

R2 atksgt - c:\windows\system32\drivers\atksgt.sys

R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys

R2 enodpl - c:\windows\system32\drivers\enodpl.sys

R2 Fallback - c:\windows\system32\drivers\c4c_fall.sys

R2 Fsks - c:\windows\system32\drivers\c4c_fsks.sys

R2 K56 - c:\windows\system32\drivers\c4c_k56k.sys

R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys

R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys

R2 SoftFax - c:\windows\system32\drivers\c4c_faxx.sys

R2 tandpl - c:\windows\system32\drivers\tandpl.sys

R2 TICalc - c:\windows\system32\drivers\ticalc.sys

R2 Tones - c:\windows\system32\drivers\c4c_tone.sys

R2 V124 - c:\windows\system32\drivers\c4c_v124.sys

R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys

R3 C4C_BSC2 - c:\windows\system32\drivers\c4c_bsc2.sys

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys

R3 PALLADIA (Palladia 300/400 Usb Adsl Modem) - c:\windows\system32\drivers\usbiad.sys

R3 Rksample - c:\windows\system32\drivers\c4c_samp.sys

R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

 

S1 Exportit - c:\windows\system32\drivers\exportit.sys

S2 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing)

S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)

S3 CAM1210 (SM0121 USB 2.0 Video Camera) - c:\windows\system32\drivers\cam1210.sys

S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys

S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys

S3 DcPTP - c:\windows\system32\drivers\dcptp.sys

S3 DMSKSSRh - c:\documents and settings\yohan\local settings\temp\dmskssrh.sys

S3 DSDrv4 - c:\progra~1\k!tv\plugins\s_bt8x8\dsdrv4.sys (file missing)

S3 Maplom - c:\windows\system32\drivers\maplom.sys

S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys

S3 memsysdrv (Memory System) - c:\windows\system32\drivers\memsysdrv.sys

S3 PortlUSB - c:\windows\system32\drivers\mtc.sys

S3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\sscdbus.sys

S3 sscdmdfl (SAMSUNG CDMA Modem Filter) - c:\windows\system32\drivers\sscdmdfl.sys

S3 sscdmdm (SAMSUNG CDMA Modem Drivers) - c:\windows\system32\drivers\sscdmdm.sys

S3 ssm_bus (SAMSUNG Mobile USB Device II 1.0 driver (WDM)) - c:\windows\system32\drivers\ssm_bus.sys

S3 ssm_mdfl (SAMSUNG Mobile USB Modem II 1.0 Filter) - c:\windows\system32\drivers\ssm_mdfl.sys

S3 ssm_mdm (SAMSUNG Mobile USB Modem II 1.0 Drivers) - c:\windows\system32\drivers\ssm_mdm.sys

S3 usbbus (LGE Mobile Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys

S3 UsbDiag (LGE Mobile USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys

S3 USBModem (LGE Mobile USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys

S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys

S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 UxTuneUp (TuneUp Design Expansion) - c:\windows\system32\svchost.exe -k netsvcs

 

S3 SC Test Branding Service 1 - "c:\program files\fichiers communs\sc test branding 1 shared\service\sctestservice1.exe"

S4 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" (file missing)

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-04-19 14:00:02 266 --ah----- C:\WINDOWS\Tasks\B6797712990AE3C6.job<B67977~1.JOB>

2007-04-19 12:00:02 408 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>

2007-04-19 09:00:02 402 --ah----- C:\WINDOWS\Tasks\{090DF807-D890-4C8C-B528-C7BC031F1B07}_SALLEÀMANGER_Kévin.job<{090DF~1.JOB>

2007-04-18 18:37:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

2007-04-18 16:00:02 402 --ah----- C:\WINDOWS\Tasks\{8868444E-8FCB-42E2-B9F5-9642D65E87BE}_SALLEÀMANGER_Kévin.job<{88684~1.JOB>

2007-04-13 21:00:02 362 --a------ C:\WINDOWS\Tasks\fée_du_logis.job<FÉE_DU~1.JOB>

2007-04-13 17:15:02 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>

2007-04-13 16:00:02 402 --ah----- C:\WINDOWS\Tasks\{4CA5B36E-F9A4-4FA1-A437-31D869AED1CF}_SALLEÀMANGER_Kévin.job<{4CA5B~1.JOB>

 

 

-- Files created between 2007-03-19 and 2007-04-19 -----------------------------

 

2007-04-19 14:01:57 53248 --a------ C:\WINDOWS\system32\Process.exe

2007-04-19 13:15:00 0 d-------- C:\VundoFix Backups<VUNDOF~1>

2007-04-18 14:11:54 125460 --a------ C:\WINDOWS\system32\hlbxfugu.dll

2007-04-18 10:58:22 125460 --a------ C:\WINDOWS\system32\uhrcakql.dll

2007-04-14 14:43:13 0 d-------- C:\Program Files\VirtualDJ<VIRTUA~3>

2007-04-13 22:48:27 5 --a------ C:\Documents and Settings\Yohan\RavMonLog<RAVMON~1>

2007-04-12 18:25:18 0 d--hs---- C:\FOUND.002

2007-04-11 13:31:49 5 --a------ C:\Documents and Settings\Kévin.SALLEÀMANGER\RavMonLog<RAVMON~1>

2007-04-11 08:01:22 0 d--hs---- C:\FOUND.001

2007-04-07 15:22:47 440832 --a------ C:\icsetup.exe

2007-04-07 03:41:19 0 --a------ C:\Documents and Settings\Jean-Michel\svc012.exe

2007-04-06 22:07:32 5 --a------ C:\Documents and Settings\Nathalie\RavMonLog<RAVMON~1>

2007-04-06 06:14:27 5 --a------ C:\Documents and Settings\Jean-Michel\RavMonLog<RAVMON~1>

2007-04-04 19:07:10 0 d--hs---- C:\FOUND.000

2007-04-04 07:51:41 132116 --a------ C:\WINDOWS\system32\trqlojxl.dll

2007-04-03 21:00:36 39248 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys<LGUSBM~1.SYS>

2007-04-03 21:00:36 38144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys<LGUSBD~1.SYS>

2007-04-03 21:00:36 21344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2007-04-03 21:00:33 0 d-------- C:\Program Files\LG Electronics<LGELEC~1>

2007-04-03 18:20:25 5 --a------ C:\RavMonLog<RAVMON~1>

2007-03-29 21:19:47 132116 --a------ C:\WINDOWS\system32\fdgtlhkd.dll

2007-03-29 20:14:17 132116 --a------ C:\WINDOWS\system32\sobkykfw.dll

2007-03-24 01:53:06 132116 --a------ C:\WINDOWS\system32\dilsuija.dll

2007-03-24 01:29:33 132116 --a------ C:\WINDOWS\system32\lcbiejnt.dll

2007-03-23 22:23:26 54784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-03-23 22:02:33 132116 --a------ C:\WINDOWS\system32\tuvibcgs.dll

2007-03-23 21:53:29 0 d-------- C:\Program Files\PC Camera<PCCAME~1>

2007-03-23 21:46:12 132116 --a------ C:\WINDOWS\system32\rshhoplo.dll

2007-03-23 21:17:44 132116 --a------ C:\WINDOWS\system32\moqfqisc.dll

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-04-14 15:19:06 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-03-17 18:26:52 132116 --a------ C:\WINDOWS\system32\lotequnm.dll

2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll

2007-03-10 18:08:34 131604 --a------ C:\WINDOWS\system32\kvugkhwp.dll

2007-03-10 04:00:36 131604 --a------ C:\WINDOWS\system32\wfldvbgi.dll

2007-03-10 01:25:30 131604 --a------ C:\WINDOWS\system32\jqhhwkak.dll

2007-03-09 15:55:10 131604 --a------ C:\WINDOWS\system32\vybxwlnf.dll

2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys

2007-03-03 15:44:00 0 d-------- C:\Program Files\Hasbro Interactive<HASBRO~1>

2007-03-03 13:23:18 0 d-------- C:\Program Files\hopemessbook<HOPEME~1>

2007-02-25 20:48:54 0 d-------- C:\Program Files\Tropico

2007-02-25 19:42:56 69792 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>

2007-02-25 01:19:42 0 d-------- C:\Program Files\Monte Cristo<MONTEC~1>

2007-02-24 14:40:38 0 d-------- C:\Program Files\Wall Street Tycoon<WALLST~1>

2007-02-23 17:49:50 0 d-------- C:\Program Files\Transport Tycoon Deluxe<TRANSP~1>

2007-02-23 03:35:04 0 d-------- C:\Program Files\Dial-Messenger<DIAL-M~1>

2007-02-23 00:32:00 0 d-------- C:\Program Files\IncrediMail<INCRED~1>

2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll

2007-01-20 10:04:16 46 --a------ C:\AUTOEXEC.BAT

2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"cursorxp"="\"C:\\Program Files\\CursorXP\\CursorXP.exe\" -s"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Steam"="\"c:\\valve\\steam\\steam.exe\" -silent"

"msnmsgr"="\"C:\\PROGRA~1\\MSNMES~1\\msnmsgr.exe\" /background"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"sunjavaupdatesched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

"soundman"="SOUNDMAN.EXE"

"disk monitor"="c:\\program files\\generic\\usb card reader driver v1.9e3\\disk_monitor.exe"

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"soft help more eq"="C:\\Documents and Settings\\All Users\\Application Data\\DefaultGramSoftHelp\\Remotedrv.exe"

"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\kkymlmfx.dll\",setvm"

"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\wlbxpior.dll\",setvm"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logiciel Kodak EasyShare.lnk"

"backup"="C:\\WINDOWS\\pss\\Logiciel Kodak EasyShare.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"

"item"="Logiciel Kodak EasyShare"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SolidWorks Task Scheduler Engine.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\SolidWorks Task Scheduler Engine.lnk"

"backup"="C:\\WINDOWS\\pss\\SolidWorks Task Scheduler Engine.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Documents and Settings\\Nathalie\\Bureau\\swScheduler\\swBOEngine.exe "

"item"="SolidWorks Task Scheduler Engine"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\WinZip Quick Pick.lnk"

"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "

"item"="WinZip Quick Pick"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emurayden PSX Emulator]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Emurayden PSX AutoLauncher"

"hkey"="HKLM"

"command"="c:\\Program Files\\Emurayden PSX Emulator v2.1\\Emurayden PSX AutoLauncher.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="outlook"

"hkey"="HKLM"

"command"="C:\\Program Files\\outlook\\outlook.exe /auto"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Shareaza"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{0F01FF26-18F5-4613-BFD6-14DE2FBA24C3}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"alualert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtustsr

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

HTTPFilter REG_MULTI_SZ HTTPFilter\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

WudfServiceGroup REG_MULTI_SZ WUDFSvc\

 

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*

UxTuneUp

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 dle-news.ru

127.0.0.1 www.dle-news.ru

127.0.0.1 pc-soft.ru

127.0.0.1 www.pc-soft.ru

127.0.0.1 forum.pc-soft.ru

127.0.0.1 www.forum.pc-soft.ru

127.0.0.1 yandex.ru

127.0.0.1 www.yandex.ru

127.0.0.1 ya.ru

127.0.0.1 www.ya.ru

 

150 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2007-04-19 at 14:10:01 ---------

 

Deckard's System Scanner v20070411.38

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Édition familiale (build 2600) SP 2.0

Architecture: X86; Language: French

 

CPU 0: AMD Athlon XP 2600+

Percentage of Memory in Use: 72%

Physical Memory (total/avail): 255.48 MiB / 69.45 MiB

Pagefile Memory (total/avail): 617.7 MiB / 281.14 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1958.84 MiB

 

A: is Removable (No Media)

C: is Fixed (FAT32) - 74.51 GiB total, 22.76 GiB free.

D: is CDROM (No Media)

E: is CDROM (CDFS)

F: is Removable (No Media)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is CDROM (No Media)

K: is CDROM (No Media)

L: is CDROM (No Media)

M: is CDROM (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

AV: avast! antivirus 4.7.981 [VPS 000734-3] v4.7.981 (ALWIL Software)

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Nathalie\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Fichiers communs

COMPUTERNAME=SALLE·MANGER

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Nathalie

LOGONSERVER=\\SALLE·MANGER

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0a00

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Nathalie\LOCALS~1\Temp

TMP=C:\DOCUME~1\Nathalie\LOCALS~1\Temp

USERDOMAIN=SALLE·MANGER

USERNAME=Nathalie

USERPROFILE=C:\Documents and Settings\Nathalie

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Nathalie (admin)

Jean-Michel (admin)

Kévin.SALLEÀMANGER (admin)

Kévin (admin)

Yohan (admin)

Lou

Administrateur (new local, admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x40c

--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x40c

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"

ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}

ABBYY FineReader 6.0 --> MsiExec.exe /I{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Photoshop 6.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"

Adobe SVG Viewer --> C:\WINDOWS\IsUn040c.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"

AGF --> C:\Program Files\AGF\uninstagf.exe "C:\Program Files\AGF\" "C:\Documents and Settings\Yohan\Menu Démarrer\Programmes\AGF\"

Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}

Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe

ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x40c -uninst

ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audiator3 --> MsiExec.exe /I{78B283AC-7F3C-41ED-9102-28E12CE08026}

avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}

CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}

CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

CMN --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C8FC80-E542-11D3-8F7F-009027591AA8}\setup.exe"

Compel Adaptec WinASPI --> "C:\Program Files\WinASPI\unins000.exe"

Copernic Agent Basic --> "C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"

Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Correctif Windows XP - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe

Correctif Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe

Correctif Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Correctif Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"

Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Correctif Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"

CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}

CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u

Dial-Messenger 1.0.39 --> "C:\Program Files\Dial-Messenger\unins000.exe"

DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"

EPSON Copy Utility --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x40c ADDREMOVEDLG

EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C51957C2-F025-4FB3-B181-09131504A29D}\setup.exe" -l0x40c MyUninstall

EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst

EPSON Scan --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x40c UNINSTALL

EPSON Smart Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall

ESCX5400 Guide de référence --> C:\Program Files\EPSON\ESCX5400\REF_G\DOCUNINS.EXE

ESCX5400 Guide des logiciels --> C:\Program Files\EPSON\ESCX5400\PQU_G\DOCUNINS.EXE

ESCX5400 Guide du copieur --> C:\Program Files\EPSON\ESCX5400\COPY_G\DOCUNINS.EXE

ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}

ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}

ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}

ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}

ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}

ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}

ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}

ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}

ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}

ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}

Gimp pour Windows --> "C:\Program Files\Gimp\uninstall.exe"

HijackThis 1.99.1 --> C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe /uninstall

HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}

HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}

HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}

HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}

Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}

Kit d'installation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C650676-CDDB-42C0-8D11-3EEB7F791F99}\setup.exe" -l0x40c -usb

KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}

Les Sims : Entre Chiens et Chats --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l040c

LG PhoneManager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}\setup.exe" -l0x40c -removeonly

LG SyncManager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFD25152-1916-4744-BAAF-F2D2EBF38284}\setup.exe" -l0x40c -removeonly

LG USB Modem driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c -removeonly

LGeneral 1.1 --> "C:\Program Files\LGeneral\unins000.exe"

Logiciel Kodak EasyShare --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_49be1a4f\Setup.exe /APR-REMOVE

Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log

Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf

Microsoft Office 2000 CD-ROM 2 --> MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}

Microsoft Office 2000 Professional --> MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}

Microsoft Reader --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

MP3Guest Encoder Wizard --> C:\PROGRA~1\MP3GUEST\ENCODE~1\UNWISE.EXE C:\PROGRA~1\MP3GUEST\ENCODE~1\INSTALL.LOG

Neodivx --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C043F4-56F0-440F-BC5E-149666045A55}\setup.exe" -l0x40c

Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}

NTI CD & DVD-Maker 6.5 Gold --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1036 AnyText

OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}

OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}

Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan

PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}

PhotoFiltre --> "c:\Program Files\PhotoFiltre\Uninst.exe"

PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}

RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung\SSCDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly

Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly

Samsung Samples Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly

ScanToWeb --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG

SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}

SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}

Shareaza version 2.2.5.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"

ShareazaPlus version 2.3.0.0 --> "C:\Program Files\ShareazaPlus\Uninstall\unins000.exe"

Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SweetIM For Internet Explorer 1.0a --> MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}

Theme Hospital --> C:\WINDOWS\unin040c.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"

TMPGEnc 2.01 Fr --> "C:\Program Files\TMPGEnc\uninstall.exe"

Transport Tycoon Deluxe --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE3F2D10-B80D-4A41-A626-EE4673659120}\Setup.exe" -l0x40c

Téléchargement PHOTOWAYS 1.0 --> "C:\Program Files\Téléchargement PHOTOWAYS\uninstall.exe"

USB MODEM Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL

USB Video Camera Driver v1.10 --> MsiExec.exe /I{926B578B-505F-4820-A62D-088E1124FED4}

VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}

Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~3\UNWISE.EXE C:\PROGRA~1\VIRTUA~3\INSTALL.LOG

Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}

VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

Wall Street Tycoon --> C:\PROGRA~1\WALLST~1\UNWISE.EXE C:\PROGRA~1\WALLST~1\INSTALL.LOG

WinCue (Remove only) --> "C:\Program Files\Winamp\Plugins\WinCue\uninstall.exe"

WindowBlinds --> C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\INSTALL.LOG

Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}

Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinMind --> D:\Simul\Stratege\wm32usa\WINMIND.EXE uninstall

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

 

 

-- End of Deckard's System Scanner: finished at 2007-04-19 at 14:10:01 ---------

[bruce lee]

Re,

 

1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou ici: http://siri.geekstogo.com/SmitfraudFix.exe (de S!Ri) sur ton bureau

 

 

2/Double cliquer sur smitfraudfix.exe

 

Sélectionner 1 dans le menu pour créer un rapport des fichiers responsables de l'infection.

sauvegarde ce rapport et poste le.

 

 

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

 

Télécharge Brute Force Uninstaller (de Merijn).

Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

 

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

 

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

 

- Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute") ;

- Double-clique sur EGDACCESS.bfu

- Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :

C:\BFU\EGDACCESS.bfu

- Clique sur Execute

 

Attendre que Complete script execution apparaîsse et clique sur OK.

Clique Exit pour fermer le programme BFU.

 

redemare le PC et post un nouveau log hijackthis

[maouss]

Bonjour,

 

Ci-après le rapport de smitfraufix + rapport hijackthis :

 

SmitFraudFix v2.171

 

Rapport fait à 8:32:03,68, 20/04/2007

Executé à partir de C:\Documents and Settings\Nathalie\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est FAT32

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nathalie

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nathalie\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NATHALIE\FAVORIS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Palladia 300/400 Usb Adsl Modem #3 - Miniport d'ordonnancement de paquets

DNS Server Search Order: 192.168.1.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5B10C8B-EEE2-4256-82DC-1DF8B33E5BBB}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{B5B10C8B-EEE2-4256-82DC-1DF8B33E5BBB}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5B10C8B-EEE2-4256-82DC-1DF8B33E5BBB}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Logfile of HijackThis v1.99.1

Scan saved at 09:04 Nathalie, on 20/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\CursorXP\CursorXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Documents and Settings\Kévin\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {39F64A9C-963E-41A8-A7A6-0F785F2EAA78} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ssneydkh.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7B278C59-AB49-4F36-8C33-4DC040DB1034} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {7BF9F18C-E294-45E7-BCCB-9FDC9E9AC3EB} - C:\WINDOWS\system32\pmkhf.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

O2 - BHO: (no name) - {E861E125-5ECA-40C8-A503-0CED98ABF7E5} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {F278BBB7-EF6E-4018-AC6F-CF66CA4F25F9} - C:\WINDOWS\system32\kvugkhwp.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKCU\..\Run: [cursorxp] "C:\Program Files\CursorXP\CursorXP.exe" -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998031104

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158123758000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: vtustsr - vtustsr.dll (file missing)

O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

[maouss]

Bonjour,

 

Que dois-je faire maintenant ? Y-a-t-il toujours win32 ? Merci de me répondre.

[bruce lee]

Re,

 

EDIT : je te prépare une procédure.

Modifié le 20 avril 2007 par bruce lee

[bruce lee]

re,

 

La procédure est longue, prend bien ton temps pour l'appliquer

 

 

Si durant la procédure ci-dessous, il y a des étapes que tu n'as pas reussi a faire, merci de continuer la procédure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

Je te conseille d'enregistrer la page web compléte sous Internet Explorer comme ceci :

 

* Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht) / Enregistre la sur le bureau,comme cela tu retrouvera la mise en forme ou imprime cette réponse. Une partie de la désinfection se déroulera en mode sans échec.

 

1/Ouvre le bloc-notes (demarrer/tous les programmes/accessoires/bloc-notes) et copie ce qui est en citation sans le mot citation:

 

Drivers to unload:

DMSKSSRh

 

Files to delete:

C:\WINDOWS\system32\winprox.dll

C:\WINDOWS\SrchPlug.dll

C:\WINDOWS\system32\hlbxfugu.dll

C:\WINDOWS\system32\uhrcakql.dll

C:\WINDOWS\system32\trqlojxl.dll

C:\WINDOWS\system32\fdgtlhkd.dll

C:\WINDOWS\system32\sobkykfw.dll

C:\WINDOWS\system32\dilsuija.dll

C:\WINDOWS\system32\lcbiejnt.dll

C:\WINDOWS\system32\tuvibcgs.dll

C:\WINDOWS\system32\rshhoplo.dll

C:\WINDOWS\system32\moqfqisc.dll

C:\WINDOWS\system32\d3d9caps.dat

C:\WINDOWS\system32\AVASTSS.scr

C:\WINDOWS\system32\aswBoot.exe

C:\WINDOWS\system32\lotequnm.dll

C:\WINDOWS\system32\kvugkhwp.dll

C:\WINDOWS\system32\wfldvbgi.dll

C:\WINDOWS\system32\jqhhwkak.dll

C:\WINDOWS\system32\vybxwlnf.dll

C:\WINDOWS\system32\kkymlmfx.dll

C:\WINDOWS\system32\wlbxpior.dll

c:\documents and settings\yohan\local settings\temp\dmskssrh.sys

 

Folders to delete:

C:\Program Files\Macrogaming

C:\Program Files\mywebsearch

 

 

 

2/ - Enregistre le fichier sur ton bureau avec comme nom: remove.txt

 

 

3/ Lanc AVG Anti Spyware puis clique sur Mise à jour

Ferme le programme. Ne l'utilise pas tout de suite.

 

 

4/Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.

 

 

5/

- Télécharge The Avenger http://swandog46.geekstogo.com/avenger.zip de Swandog46

Dézip le contenu de l'archive sur ton bureau et double-clic sur avenger.exe

- Clique sur "Ok"

- Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.

- Sélectionne le fichier remove.txt qui est sur ton bureau

- Clique sur le feu vert pour lancer le script

- Clique sur "Oui"

- Accepte de redémarrer ton pc.

 

 

Une fois le PC redémarrer :

 

 

6/ Supprime le fichier remove.txt

 

 

7/ouvre le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes)

 

 

8/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SoundService"=-

"PrintDrive"=-

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{0F01FF26-18F5-4613-BFD6-14DE2FBA24C3}"=-

 

-Enregistrez ce fichier reg dans : Bureau

-Nom du fichier : fixme.reg

-Type du fichier : tous les fichiers

-cliquez sur Enregistrer

-quittez le Bloc Notes

 

 

9/Démarre en mode sans échec http://www.sosordi.net/Faq/Faq.2.html

 

10/

Démarrer/panneau de configuration/ajout et suppression de programmes et vérifie la présence de:

 

mywebsearch

Macrogaming

 

Si ces programmes sont présents désinstalle-les.

 

 

11/Lance hijackthis en cliquant sur do a scan system only et coche ces lignes si présentes:

 

O2 - BHO: (no name) - {39F64A9C-963E-41A8-A7A6-0F785F2EAA78} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\ssneydkh.dll (file missing)

O2 - BHO: (no name) - {7B278C59-AB49-4F36-8C33-4DC040DB1034} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {7BF9F18C-E294-45E7-BCCB-9FDC9E9AC3EB} - C:\WINDOWS\system32\pmkhf.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

O2 - BHO: (no name) - {E861E125-5ECA-40C8-A503-0CED98ABF7E5} - C:\WINDOWS\system32\kvugkhwp.dll

O2 - BHO: (no name) - {F278BBB7-EF6E-4018-AC6F-CF66CA4F25F9} - C:\WINDOWS\system32\kvugkhwp.dll

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O20 - Winlogon Notify: vtustsr - vtustsr.dll (file missing)

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

12/Utilisation du fichier: fixme.reg précedemment créé

- double cliquez sur le fichier (Bureau) / Acceptez l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / validez le message disant que la fusion est terminée.

 

 

13/ Relance AVG AS puis choisis l'onglet Analyse

Puis l'onglet Paramètres

Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine

Reclique sur l'onglet Analyse puis réalise une Analyse complète du système

 

Si un fichier infecté est détecté en fin d'analyse

Clique sur Appliquer toutes les actions

 

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous

Enregistre ce fichier texte sur ton bureau.

 

 

14/ Déroule la liste des instructions ci-dessous :

• Toujours en mode sans échec, fais un clic droit sur le fichier SDFix.zip et choisis extraire tout,
  
• Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  
• Appuie sur Y pour commencer le script.
  
• Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
  

 

15/ouvre le fichier C:\avenger.txt et copie/colle le contenu ici. Poste le rapport d'AVG Anti spyware 7.5 qui se trouve sur ton bureau.

 

Bon courage, et si tu as la moindre question n'hésite surtout pas

 

@+