problème de boot et winlogon.exe

[abidou]

Bonjour,

 

Depuis quelques jours, j'ai des difficultés à démarrer mon ordinateur. Cela se passe toujours en trois étapes minimum. 1/ au démarrage mon ordinateur plante. 2/ je désactive l'antivirus et me déconnecte du réseau pour démarrer mais il reboot tout seul après quelques secondes. 3/ il démarre normalement et au bout d'une heure, il reboot tout seul. De plus, je reçois assez fréquemment des messages de bit defender qui m'informe que winlogon.exe tente de se connecter à internet, ce que je refuse.

 

pouvez-vous me dire quel est mon problème et ce que je peux faire pour le résoudre. Merci.

[abidou]

toujours pas de réponse ni de lecture................ suis-je dans le mauvais forum ?

[pear]

Bonjour,

 

 

Vu d'ici, on dirait qu'il ya 2 sortes de problèmes:

les reboot dans message(Ecran bleu) cela peut signifier:

les barrettes mémoire->memtest

La carte graphique ->Drivers à mettre à jour ou carte à tester

le disque ->chkdsk /f/r

la température->dépoussièrrer.

 

Le winlogon ->poster un hijackthis

 

Téléchargez Hijackthis de TrendMicro.

* Décompressez le dans un dossier à la racine du disque dur

Mais jamais dans un dossier temporaire

renommer ce dossier par exemple Karcher

Sous Vista,,il faut faire clic-droit >> "Exécuter en tant qu'Administrateur" sur Hijackthis.exe sinon HJT tourne mais ne fixe rien.

* Lancer le fichier Hijackthis.exe

* Cliquer sur Do a system scan and save a log file

* Poster le rapport dans un nouveau message

[abidou]

bonjour pear, et merci pour ta réponse

 

j'ai tenté la fonction chkdsk mais à chaque fois, l'application se ferme toute seule avant de finir l'étape 2 sur 5. j'ai essayé aussi la fonction fsutil dirty query sur mes deux partitions mais a chaque fois l'application s'arrête aussi. je suis entrain de télécharger memtest pour effectuer un test mémoire et j'ai également vérifié ma carte graphique et son pilote, c'est ok de ce côté là.

 

en attendant le test mémoire pour lequel je dois rebooter, voici le rapport hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:33, on 2008-11-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179924545062

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = awb.editions

O17 - HKLM\Software\..\Telephony: DomainName = awb.editions

O17 - HKLM\System\CCS\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{637022E5-9147-4173-8EBD-396F77D4EB2D}: NameServer = 192.168.1.100,212.217.0.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = awb.editions

O17 - HKLM\System\CS1\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = awb.editions

O17 - HKLM\System\CS2\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8770 bytes

[pear]

Bonsoir,

 

Je crois qu'il serait sage de vérifier votre disque en utilisant les outils des fabricants sur UBCD.

http://forum.tt-hardware.com/topic-81564--...ate-Boot-CD.htm.

 

 

Le service de mise à jour de Bitdefender semble absent(File missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)

Votre rapport ne montre pas d'infection.

On va fouiller un peu:

 

Téléchargezrandom's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

 

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

[abidou]

> bonsoir, désolé pour l'attente, j'étais entrain de vérifier la mémoire avec memtest. A ce propos tout est ok de ce côté là.

 

> pour bit defender, dois-je le réinstaller ? puis-je en réinstaller un autre à la place : Mc Afee ? que me conseillez-vous ?

 

> je n'ai pas très bien compris pour le truc ubcd. dois-je installer un utilitaire et l'exécuter ?

 

> voici les deux rapports demandés.... pendant le scan, une fenêtre est apparue me demandant d'autoriser l'exécution d'un fichier nommé avec mon prénom et suivi de l'extension .exe. j'ai refusé. aurais-je du accepter ?

 

log.txt :

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by abdelwouhab at 2008-11-20 16:41:20

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 697 MB (2%) free of 41 GB

Total RAM: 2047 MB (72% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:33, on 2008-11-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179924545062

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = awb.editions

O17 - HKLM\Software\..\Telephony: DomainName = awb.editions

O17 - HKLM\System\CCS\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{637022E5-9147-4173-8EBD-396F77D4EB2D}: NameServer = 192.168.1.100,212.217.0.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = awb.editions

O17 - HKLM\System\CS1\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = awb.editions

O17 - HKLM\System\CS2\Services\Tcpip\..\{299BE4D7-CB42-4306-9DF3-EDABD8425578}: NameServer = 212.217.0.1,212.217.0.12

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8770 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-07 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-07 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-07 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

"BDMCon"=C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [2007-05-25 290816]

"atwtusb"=atwtusb.exe beta []

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-07 144792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

"Google Update"=C:\Documents and Settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 133104]

"kamsoft"=C:\WINDOWS\system32\kamsoft.exe [2008-11-20 106626]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWQTOOLBOX]

C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [2005-06-03 335872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2007-04-27 257088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2007-05-26 185896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2006-03-31 184320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Abdelwouhab^Menu Démarrer^Programmes^Démarrage^CCC.lnk]

C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]

C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-12 25214]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe [2006-02-15 581693]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]

C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2006-08-27 1114217]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]

C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2006-03-31 184320]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="sockspy.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe"="C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe:*:Enabled:Handheld Tools Desktop Manager"

"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"

"C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe"="C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"D:\Football Manager 2005\fm2005.exe"="D:\Football Manager 2005\fm2005.exe:*:Enabled:Football Manager 2005"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad8-af0f-11dd-ba2f-0016d4c31e3a}]

shell\AutoRun\command - G:\lky.exe

shell\explore\command - G:\lky.exe

shell\open\command - G:\lky.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad9-af0f-11dd-ba2f-0016d4c31e3a}]

shell\AutoRun\command - G:\lky.exe

shell\explore\command - G:\lky.exe

shell\open\command - G:\lky.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee07ec1-a7f1-11dc-b952-0016d4c31e3a}]

shell\AutoRun\command - G:\lky.exe

shell\explore\command - G:\lky.exe

shell\open\command - G:\lky.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859a03a3-86fc-11dc-b93b-001a6b2a1035}]

shell\AutoRun\command - F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7a7b4a1-aabb-11dd-ba2c-0016d4c31e3a}]

shell\AutoRun\command - G:\nq0cq.cmd

shell\explore\command - G:\nq0cq.cmd

shell\open\command - G:\nq0cq.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e510d1-9442-11dc-b948-0016d4c31e3a}]

shell\AutoRun\command - G:\lky.exe

shell\explore\command - G:\lky.exe

shell\open\command - G:\lky.exe

 

 

======File associations======

 

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2008-11-20 16:41:22 ----A---- C:\abdelwouhab.exe

2008-11-20 16:41:20 ----D---- C:\rsit

2008-11-19 22:11:24 ----RSH---- C:\abk.bat

2008-11-19 22:10:11 ----RSH---- C:\WINDOWS\system32\kamsoft.exe

2008-11-13 21:28:09 ----RSH---- C:\lky.exe

2008-11-13 21:27:41 ----RSH---- C:\WINDOWS\system32\gasretyw1.dll

2008-11-10 08:46:59 ----RSH---- C:\whi.com

2008-11-10 08:46:32 ----RSH---- C:\WINDOWS\system32\gasretyw0.dll

2008-11-06 12:28:43 ----SHD---- C:\RECYCLER

2008-11-04 19:07:16 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Malwarebytes

2008-11-04 19:07:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-04 19:07:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-04 17:05:00 ----A---- C:\ComboFix.txt

2008-11-04 16:50:22 ----D---- C:\WINDOWS\temp

2008-11-04 13:56:17 ----A---- C:\HiJackThis.exe

2008-11-03 18:08:59 ----A---- C:\Boot.bak

2008-11-03 18:08:48 ----RASHD---- C:\cmdcons

2008-11-03 18:05:39 ----A---- C:\WINDOWS\zip.exe

2008-11-03 18:05:39 ----A---- C:\WINDOWS\SWREG.exe

2008-11-03 18:05:39 ----A---- C:\WINDOWS\NIRCMD.exe

2008-11-03 18:05:39 ----A---- C:\WINDOWS\grep.exe

2008-11-03 18:05:38 ----A---- C:\WINDOWS\VFIND.exe

2008-11-03 18:05:38 ----A---- C:\WINDOWS\SWSC.exe

2008-11-03 18:05:38 ----A---- C:\WINDOWS\sed.exe

2008-11-03 18:05:38 ----A---- C:\WINDOWS\fdsv.exe

2008-11-03 18:05:37 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-03 18:05:26 ----D---- C:\WINDOWS\ERDNT

2008-11-03 18:05:26 ----AD---- C:\Qoobox

2008-11-03 15:27:57 ----A---- C:\TB.txt

2008-11-03 15:27:36 ----D---- C:\ToolBar SD

2008-11-03 14:54:31 ----A---- C:\WINDOWS\OEWABLog.txt

2008-11-03 14:42:14 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-03 14:18:17 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\MSNInstaller

2008-11-03 14:10:54 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Talkback

2008-11-03 12:28:24 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\vlc

2008-11-03 11:53:21 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Thunderbird

2008-11-03 11:53:04 ----D---- C:\Program Files\Mozilla Thunderbird

2008-10-29 10:55:36 ----D---- C:\Program Files\McDonaldsFairies

2008-10-29 10:47:35 ----D---- C:\Program Files\McDonaldsDragons

 

======List of files/folders modified in the last 1 months======

 

2008-11-20 16:42:14 ----D---- C:\WINDOWS\system32\inetsrv

2008-11-20 16:41:26 ----D---- C:\WINDOWS\Prefetch

2008-11-20 16:38:21 ----D---- C:\WINDOWS\system32

2008-11-20 16:38:15 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 14:59:57 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-20 14:59:43 ----D---- C:\Outlook

2008-11-20 14:29:52 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-20 10:10:20 ----SD---- C:\WINDOWS\Tasks

2008-11-20 10:04:38 ----D---- C:\WINDOWS

2008-11-19 21:58:49 ----D---- C:\WINDOWS\security

2008-11-19 21:51:50 ----RD---- C:\Program Files

2008-11-19 19:35:55 ----RSD---- C:\WINDOWS\Fonts

2008-11-18 18:57:48 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Adobe

2008-11-18 18:43:35 ----D---- C:\Program Files\Mozilla Firefox

2008-11-18 13:58:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-11 05:25:55 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\LimeWire

2008-11-11 03:29:35 ----D---- C:\WINDOWS\system32\Restore

2008-11-06 15:16:25 ----A---- C:\WINDOWS\win.ini

2008-11-04 16:58:15 ----A---- C:\WINDOWS\system.ini

2008-11-04 16:50:09 ----D---- C:\WINDOWS\AppPatch

2008-11-04 16:50:09 ----D---- C:\Program Files\Fichiers communs

2008-11-03 18:08:59 ----RASH---- C:\boot.ini

2008-11-03 18:05:34 ----SHD---- C:\System Volume Information

2008-11-03 14:54:44 ----SHD---- C:\WINDOWS\Installer

2008-11-03 14:54:44 ----SHD---- C:\Config.Msi

2008-11-03 14:26:16 ----D---- C:\Inetpub

2008-11-03 14:21:44 ----D---- C:\Program Files\Planning Manager

2008-11-03 14:19:35 ----D---- C:\Program Files\ZC2.10

2008-11-03 14:19:20 ----D---- C:\Program Files\Zelda Return of the Hylian

2008-11-03 14:19:05 ----D---- C:\Program Files\solarus

2008-11-03 14:18:43 ----D---- C:\Program Files\AEBBadge

2008-11-03 14:18:22 ----D---- C:\Program Files\MSN

2008-11-03 14:15:01 ----D---- C:\Program Files\Sony

2008-11-03 14:07:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-11-03 14:04:05 ----A---- C:\WINDOWS\ODBC.INI

2008-11-03 14:01:51 ----D---- C:\Program Files\eMule

2008-11-03 14:01:08 ----D---- C:\Program Files\Awbgest2007

2008-11-03 13:02:03 ----D---- C:\Program Files\Fichiers communs\Adobe

2008-11-03 11:53:26 ----D---- C:\Documents and Settings\abdelwouhab.AWB.000\Application Data\Mozilla

2008-10-26 19:11:17 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]

R2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-09 22016]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]

R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-02 1972224]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-12 142720]

R3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []

R3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []

R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-02-15 1342570]

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]

R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]

R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]

S1 aiptektp;HyperPen; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]

S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]

S3 aq1azmbd;aq1azmbd; C:\WINDOWS\system32\drivers\aq1azmbd.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]

S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]

S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-02-15 401664]

S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-02-15 30363]

S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-02-15 148168]

S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-15 57096]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-01 2203520]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]

S3 RimUsb;Appareil BlackBerry; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528]

S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-05 11136]

S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-05 10240]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-04 611664]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-02 446464]

R2 bdss;BitDefender Scan Server; C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe [2007-05-25 81920]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-02-15 258103]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-07 147456]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-10-26 462848]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016]

S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe /service []

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-05-23 72704]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-04-27 500800]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

 

-----------------EOF-----------------

 

 

 

info.txt :

 

info.txt logfile of random's system information tool 1.04 2008-11-20 16:42:40

 

======Uninstall list======

 

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

A9Converter-->MsiExec.exe /I{0D71EC64-26F3-4622-B01C-8311DB5303A8}

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}

Adobe Common File Installer-->MsiExec.exe /I{0CDCBF14-0BAE-45D6-8985-E48F66F22C81}

Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}

Adobe Illustrator CS2 ME Crack 1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Adobe\Adobe Illustrator CS2 Tryout\Support Files\Contents\Windows\irunin.ini"

Adobe Illustrator CS2-->msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB}

Adobe InDesign CS2 Trial-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}

Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}

Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe

BitDefender Antivirus Plus v10-->MsiExec.exe /I{66307F14-2FD2-4BCD-AA0B-F0E0BC60B044}

BlackBerry Desktop Software 4.2-->MsiExec.exe /I{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}

BlackBerry Desktop Software 4.2-->MsiExec.exe /i{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}

ccc-Branding-->MsiExec.exe /I{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}

Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}

Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe

Dia (supprimer uniquement)-->C:\Program Files\Dia\dia-0.96.1-7-uninstall.exe

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Easy Clean 2007 v3.00-->"C:\Program Files\Emjysoft\EasyClean\unins000.exe"

EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe"

FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\UIU32m.exe -U -Ihpq0033m.inf

HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB890927)-->"C:\WINDOWS\$NtUninstallKB890927$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

HP BatteryCheck 1.00 A7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst

HP Deskjet 9800 Series-->C:\Program Files\Hewlett-Packard\hp deskjet 9800 series\Installer\setup.exe /x

HP Deskjet 9800-->msiexec /x{CE33EC58-5DFB-4560-9D33-1E7942E0554F}

HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}

InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

iTunes-->MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"

Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}

Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MaxiCompte-->"C:\Program Files\MaxiCompte\unins000.exe"

McDonald's Dragons-->C:\Program Files\McDonaldsDragons\uninstall.exe

McDonald's Fairies-->C:\Program Files\McDonaldsFairies\uninstall.exe

Microplus Manager 2007-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Manager\ST6UNST.LOG"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}

Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}

Microsoft Office Visio Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL

Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual Basic 6.0 Édition Entreprise (Français)-->"C:\Program Files\Microsoft Visual Studio\VB98\Setup\1036\Setup.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe

Montpellier Business Plan Classic-->MsiExec.exe /I{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MP3 WAV Converter 3.26-->C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG

MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

PixiePack Codec Pack-->MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}

QALITEL logigramme-->C:\SCOQI\QLOGIG~1\UNWISE.EXE C:\SCOQI\QLOGIG~1\INSTALL.LOG

QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}

SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}\setup.exe -runfromtemp -l0x040c

VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Wireless Tablet Series-->Rmtablet KNL

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

X'nBeep 1.1-->"C:\Program Files\X'nBeep 1.1\unins000.exe"

 

======Security center information======

 

AV: Bitdefender Antivirus (outdated)

FW: Bitdefender Firewall

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Adobe\AGL

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

 

-----------------EOF-----------------

[pear]

Bonsoir,

 

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

:Services

 

:Files

G:\lky.exe

G:\nq0cq.cmd

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad8-af0f-11dd-ba2f-0016d4c31e3a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad9-af0f-11dd-ba2f-0016d4c31e3a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee07ec1-a7f1-11dc-b952-0016d4c31e3a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7a7b4a1-aabb-11dd-ba2c-0016d4c31e3a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e510d1-9442-11dc-b948-0016d4c31e3a}]

 

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

Téléchargez Toolbar-S&D sur le Bureau.

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

• Lancez l'installation du programme en exécutant le fichier téléchargé.
  
• Double-cliquez sur le raccourci de Toolbar-S&D.
  
• Sélectionnez la langue souhaitée en tapant la lettre de votre choix puis en validant avec la touche Entrée.
  
• Choisisssez l'option 1 (Recherche).
  
• Patientez jusqu'à la fin de la recherche.
  
• Postez le rapport généré. (C:\TB.txt)
  

 

Relancez Toolbar-S&D en double-cliquant sur le raccourci. Tapez sur "2" et validez par"Entrée".

Ne fermez pas la fenêtre lors de la suppression !

Un rapport sera généré,

postez son contenu ici.

 

NOTE : Si le Bureau ne réapparait pas, appuyer simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Allez à l'onglet "Processus". Cliquez en haut à gauche sur Fichier ->"Exécuter..."

Tapez explorer et validez.

 

pour bit defender, dois-je le réinstaller ? puis-je en réinstaller un autre à la place : Mc Afee ? que me conseillez-vous ?

 

Si vous envisagez d'en changer, prenez Antivir, gratuit et aussi bon que les payants

 

Télécharger Avira AntiVir Personal

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

 

Paramètres conseillés

Clic droit sur le parapluie->Configure

Cliquer Expert mode->Scan:

Cocher: All files

Additionnal Settings:tout cocher

Clic sur scan +

Action for concerning files:

Cocher

copie file to quarantine before action

Primary action...................: repair => au cas ou ce serait un fichier système corrompu

Secondary action.................: delete => s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine

 

Désactivez votre antivirus actuel

Redémarrez en mode sans échec.

Lancez le scan

Postez le rapport

Modifié le 20 novembre 2008 par pear

[abidou]

Bonsoir et ouffff !!!

 

J'ai eu beaucoup de mal à faire tous ce que vous m'avez demandé. Alors, pour résumé, il m'est impossible de redémarrer en mode sans échec. Quand je veux le faire, je me retrouve avec un écran noir et un petit curseur blanc qui clignote en haut à gauche. j'ai télécharger avira et je suis passé par msconfig pour désactiver bit defender au démarrage, j'ai redémarré en mode normal et j'ai voulu mettre à jour avira mais à chaque fois mon ordinateur a planté après m'avoir signalé la présence d'un trojan. comme j'ai vu que la définition des virus ne datait que de 3 jours, j'ai quand-même décidé de faire 1 scan en mode normal.

 

alors voilà les rapports demandés :

 

 

Rapport OTMoveIt3 :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== FILES ==========

File/Folder G:\lky.exe not found.

File/Folder G:\nq0cq.cmd not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad8-af0f-11dd-ba2f-0016d4c31e3a}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4abedad9-af0f-11dd-ba2f-0016d4c31e3a}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee07ec1-a7f1-11dc-b952-0016d4c31e3a}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7a7b4a1-aabb-11dd-ba2c-0016d4c31e3a}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e510d1-9442-11dc-b948-0016d4c31e3a}\\ deleted successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_734.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11212008_142404

 

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_734.dat not found!

 

 

Rapports Toolbar-S&D 1 :

 

 

-----------\\ ToolBar S&D 1.2.4 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz )

BIOS : KBC Version 54.3C

USER : abdelwouhab ( Administrator )

BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Activated)

Firewall : Bitdefender Firewall 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total:40 Go (Free:6 Go)

D:\ (Local Disk) - NTFS - Total:71 Go (Free:7 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )

Option : [1] ( 2008-11-21|14:39 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(Abdelwouhab.AWB) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Abdelwouhab.AWB) - {a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} => blue_ice-1.2.4-fx

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.daemon-search.com/default"'>http://www.daemon-search.com/default"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"'>http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ABDELW~1.000\Mes documents\Azureus Downloads\Top2000.2007.1801-2000\1893 Neil Diamond - Cracklin' Rosie.mp3

C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\AbuAzmy&Medo_Illustrator\Uninstall Adobe Illustrator CS2 ME Crack.lnk

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|15:33 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 03/11/2008|15:40 - Option : [2]

3 - "C:\ToolBar SD\TB_3.txt" - 2008-11-21|14:33 - Option : [1]

4 - "C:\ToolBar SD\TB_4.txt" - 2008-11-21|14:36 - Option : [2]

5 - "C:\ToolBar SD\TB_5.txt" - 2008-11-21|14:40 - Option : [1]

 

-----------\\ Fin du rapport a 14:40:56.53

 

 

 

Rapports Toolbar-S&D 2 :

 

 

-----------\\ ToolBar S&D 1.2.4 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz )

BIOS : KBC Version 54.3C

USER : abdelwouhab ( Administrator )

BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Activated)

Firewall : Bitdefender Firewall 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total:40 Go (Free:6 Go)

D:\ (Local Disk) - NTFS - Total:71 Go (Free:7 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )

Option : [2] ( 2008-11-21|14:33 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(Abdelwouhab.AWB) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Abdelwouhab.AWB) - {a8dd47cf-239f-48c4-8379-e6b4cbafdcfa} => blue_ice-1.2.4-fx

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.daemon-search.com/default"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ABDELW~1.000\Mes documents\Azureus Downloads\Top2000.2007.1801-2000\1893 Neil Diamond - Cracklin' Rosie.mp3

C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\AbuAzmy&Medo_Illustrator\Uninstall Adobe Illustrator CS2 ME Crack.lnk

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|15:33 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 03/11/2008|15:40 - Option : [2]

3 - "C:\ToolBar SD\TB_3.txt" - 2008-11-21|14:33 - Option : [1]

4 - "C:\ToolBar SD\TB_4.txt" - 2008-11-21|14:36 - Option : [2]

 

-----------\\ Fin du rapport a 14:36:26.06

 

 

Rapport Avira :

 

 

 

Avira AntiVir Personal

Report file date: vendredi 21 novembre 2008 15:40

 

Scanning for 1369550 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: DIRECTEUR

 

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 10:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 09:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 14:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 09:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:54:15

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 07:20:53

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 11:24:47

Engineversion : 8.2.0.4

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 12:05:56

AESCRIPT.DLL : 8.1.1.8 319866 Bytes 16/10/2008 13:43:34

AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 12:05:56

AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 08:06:02

AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 12:05:56

AEOFFICE.DLL : 8.1.0.28 196987 Bytes 14/10/2008 12:05:56

AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 11:07:50

AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 12:05:56

AEGEN.DLL : 8.1.0.41 319861 Bytes 14/10/2008 12:05:56

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 12:05:56

AECORE.DLL : 8.1.2.6 172406 Bytes 14/10/2008 12:05:56

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 12:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 10:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 11:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 16:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 13:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 10:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 14:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 19:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 14:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 14:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 15:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 15:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 21 novembre 2008 15:40

 

Starting search for hidden objects.

'54172' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'vsserv.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'ATWTUSB.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'bdss.exe' - '1' Module(s) have been scanned

Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'inetinfo.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'scardsvr.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

33 processes with 33 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '47' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP10\A0007201.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e4d6.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956e4d7.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0007242.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e4db.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd40874.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0008242.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e4e1.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd4084a.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0008243.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4e4.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd4084d.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0009244.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4e6.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd4084f.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0009246.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4ea.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd30843.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010243.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4ed.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd30846.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010246.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4f0.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd30859.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010250.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4f2.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd3085b.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010251.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4f8.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd30851.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP12\A0010272.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e4ff.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd309a8.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP13\A0010276.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e507.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd309a0.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0010280.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e50d.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd309a6.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0012358.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e514.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd309bd.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0012360.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e519.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4bd309b2.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP15\A0012512.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e524.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b29098d.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012675.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e52b.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290984.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012679.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4956e530.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290999.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012680.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4956e535.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b29099e.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012681.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4956e53b.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290994.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012682.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4956e540.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909e9.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012683.cmd

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4956e545.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909ee.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012692.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e54b.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909e4.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012693.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e550.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909f9.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012699.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e556.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909ff.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013706.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e574.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909dd.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013708.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4876e55d.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956e576.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013712.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e575.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909de.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013713.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4876e55f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909df.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015709.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e577.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909d0.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015714.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e57c.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909d5.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015715.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e57d.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2909d6.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015805.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e583.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b29092c.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015806.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e585.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b29092e.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015916.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e596.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956e597.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015933.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e599.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290932.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015935.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e59c.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290935.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015939.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e59e.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290937.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015940.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4956e5a0.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b290909.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP18\A0015956.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e5a4.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b29090d.qua' ( QUARANTINE )

C:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP18\A0015960.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956e5a6.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b29090f.qua' ( QUARANTINE )

C:\WINDOWS\system32\gasretyw0.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4999e810.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4be70d19.qua' ( QUARANTINE )

C:\WINDOWS\system32\gasretyw1.dll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] A backup was created as '4999e816.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4be70d1f.qua' ( QUARANTINE )

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <AWB-DOCS>

D:\nq0cq.cmd

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

[NOTE] A backup was created as '4956e91f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956e920.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0008245.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f01e.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956f01f.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0009248.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f024.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291c8d.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP11\A0010248.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f02a.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291c83.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP12\A0010274.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f02f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291c98.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP13\A0010278.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f035.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291c9e.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0010282.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f038.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291c91.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP14\A0012362.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f03f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956f040.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP15\A0012514.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f047.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291ce0.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012677.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f05a.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291cf3.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0012695.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f05c.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291cf5.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0013710.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f05e.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291cf7.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015717.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f060.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291cc9.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP16\A0015808.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f064.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291ccd.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015918.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f068.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291cc1.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP17\A0015937.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f06a.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4956f06b.qua' ( QUARANTINE )

D:\System Volume Information\_restore{DD1BD1B6-21B1-45F4-B5B5-94A760BC26C1}\RP18\A0015958.bat

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '4956f06d.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b291cc6.qua' ( QUARANTINE )

 

 

End of the scan: vendredi 21 novembre 2008 17:33

Used time: 1:52:43 Hour(s)

 

The scan has been done completely.

 

14528 Scanning directories

444257 Files were scanned

60 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

120 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

444195 Files not concerned

9296 Archives were scanned

2 Warnings

60 Notes

54172 Objects were scanned with rootkit scan

0 Hidden objects were found

[pear]

Bonsoir,

 

Désinstallez la Restauration Système.

 

Poste de Travail->Propriétés->Restauration Système.

Cocher la case "Désactiver la Restauration sur tous les lecteurs".

Vous la décocherez par la suite, après désinfection.

Un nouveau point de restauration sera créé au redémarrage.

 

Vous allez télécharger Combofix.

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

Avant de l'installer,lisez ce Mode opératoire:

Ensuite

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

 

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage.

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mise.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed.

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs car ils pourraient perturber le fonctionnement de ComboFix.

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

 

Si vous utilez Combofix pour détruire Bagle, voyez le $ 3 Renommer Combofix

 

*Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

1)La console de Récupération

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoiil vous est instament conseillé d' installer d'abord la Console de Récupération sur le pc .

Les utilisateurs de Windows Vista peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Environnement de réparation Vista)

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

Si c'est déjà fait, passez au point 2).

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture >

 

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

* Lorsque ce sera terminé, un message disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher:

postez en le contenu .

 

 

2)Lancer le scan

Connecter tous les disques amovibles (disque dur externe, clé USB…).

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:Soyez patient!

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

 

3) Renommer ComboFix

Dans certains cas, Ver Bagle par exemple,il est nécessaire de renommer ComboFix.exe en Combo-Fix.exe avant le téléchargement pour traiter l' infection.

Bagle cible tout fichier nommé ComboFix et génère un message d'erreur.

Désinstallez Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

.

Attention, par défaut, Firefox ne permet pas le renommage avant sauvegarde, utiliser plutôt IE

Pour le renommer:

Clic droit sur http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisir "Enregistrer la cible du lien..sous...."

Choisir le bureau

En bas, à Nom du Fichier:

Insérez un trait d'union (-) entre Combo et Fix.

Vous devez obtenir -> Combo-Fix.exe

Cliquez enfin sur -> Enregistrer

Lancez Combo-fix.exe

En cas de problème, :

méthode illustrée

[abidou]

voilà le rapport :

 

ComboFix 08-11-21.02 - abdelwouhab 2008-11-21 19:02:23.9 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1484 [GMT 0:00]

Lancé depuis: c:\documents and settings\abdelwouhab.AWB.000\Bureau\Combo-Fix.exe

* Un nouveau point de restauration a été créé

* Resident AV is active

 

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\windows\system32\gasretyw0.dll

D:\Autorun.inf

D:\nq0cq.cmd

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-21 15:09 . 2008-11-21 15:09 <REP> d-------- c:\program files\Avira

2008-11-21 14:23 . 2008-11-21 14:23 <REP> d-------- C:\_OTMoveIt

2008-11-20 16:41 . 2008-11-20 16:42 <REP> d-------- C:\rsit

2008-11-20 16:41 . 2008-11-04 13:56 401,720 --a------ C:\abdelwouhab.exe

2008-11-13 21:28 . 2008-11-11 17:58 109,736 -r-hs---- C:\lky.exe

2008-11-13 21:27 . 2008-11-21 14:28 85,504 --------- c:\windows\system32\gasretyw1.dll

2008-11-10 08:46 . 2008-11-10 08:46 110,031 -r-hs---- C:\whi.com

2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-04 19:07 . 2008-11-04 19:07 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Malwarebytes

2008-11-04 19:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-04 19:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-04 13:56 . 2008-11-04 13:56 401,720 --a------ C:\HiJackThis.exe

2008-11-03 15:27 . 2008-11-21 14:44 <REP> d-------- C:\ToolBar SD

2008-11-03 15:19 . 2008-11-03 15:19 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Thunderbird

2008-11-03 15:19 . 2008-11-03 15:19 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Talkback

2008-11-03 14:55 . 2008-11-03 14:55 <REP> d-------- c:\documents and settings\Administrateur.AWB\Application Data\Bitdefender

2008-11-03 14:18 . 2008-11-03 14:18 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\MSNInstaller

2008-11-03 14:10 . 2008-11-03 14:10 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Talkback

2008-11-03 12:28 . 2008-11-03 12:28 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\vlc

2008-11-03 11:53 . 2008-11-03 15:22 <REP> d-------- c:\program files\Mozilla Thunderbird

2008-11-03 11:53 . 2008-11-03 11:53 <REP> d-------- c:\documents and settings\abdelwouhab.AWB.000\Application Data\Thunderbird

2008-10-29 10:55 . 2008-10-29 10:56 <REP> d-------- c:\program files\McDonaldsFairies

2008-10-29 10:47 . 2008-10-29 10:48 <REP> d-------- c:\program files\McDonaldsDragons

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-21 19:07 81,984 ----a-w c:\windows\system32\bdod.bin

2008-11-21 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\Avira

2008-11-11 05:25 --------- d-----w c:\documents and settings\abdelwouhab.AWB.000\Application Data\LimeWire

2008-11-03 14:21 --------- d-----w c:\program files\Planning Manager

2008-11-03 14:19 --------- d-----w c:\program files\Zelda Return of the Hylian

2008-11-03 14:19 --------- d-----w c:\program files\ZC2.10

2008-11-03 14:19 --------- d-----w c:\program files\solarus

2008-11-03 14:18 --------- d-----w c:\program files\AEBBadge

2008-11-03 14:15 --------- d-----w c:\program files\Sony

2008-11-03 14:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-03 14:01 --------- d-----w c:\program files\Awbgest2007

2008-11-03 13:02 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-10-07 16:01 --------- d-----w c:\program files\Sun

2008-10-07 16:00 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-10-07 16:00 --------- d-----w c:\program files\Java

2008-09-29 01:21 --------- d-----w c:\documents and settings\abdelwouhab.AWB.000\Application Data\Azureus

2007-12-06 01:32 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2007-02-12 19:10 2,682,880 ------w c:\documents and settings\All Users\VCREDI~3.EXE

2007-05-22 19:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2007-05-22 19:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-03_18.31.39.71 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-05-09 13:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 18:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-06-27 15:03:55 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 10:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

- 2008-10-21 14:12:16 3,297,576 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-11-21 15:27:56 3,315,008 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-11-03 18:20:29 215,230 ----a-w c:\windows\system32\inetsrv\MetaBase.bin

+ 2008-11-21 19:09:17 215,241 ----a-w c:\windows\system32\inetsrv\MetaBase.bin

- 2008-11-03 14:57:56 90,496 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-18 13:58:29 90,496 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-03 14:57:56 106,198 ----a-w c:\windows\system32\perfc00C.dat

+ 2008-11-18 13:58:29 106,198 ----a-w c:\windows\system32\perfc00C.dat

- 2008-11-03 14:57:56 490,688 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-18 13:58:29 490,688 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-03 14:57:56 564,264 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-11-18 13:58:29 564,264 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-11-21 19:09:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6f8.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-07 144792]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-05 160768]

"atwtusb"="atwtusb.exe" [2005-09-21 c:\windows\system32\ATWTUSB.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-23 25214]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^Abdelwouhab^Menu Démarrer^Programmes^Démarrage^CCC.lnk]

path=c:\documents and settings\Abdelwouhab\Menu Démarrer\Programmes\Démarrage\CCC.lnk

backup=c:\windows\pss\CCC.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2008-04-23 02:08 483328 c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]

--a------ 2007-05-25 19:55 290816 c:\progra~1\Softwin\BITDEF~1\bdmcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 12:00 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-08-08 12:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2008-09-25 08:42 133104 c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWQTOOLBOX]

--a------ 2005-06-03 05:18 335872 c:\program files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-04-27 09:25 257088 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 16:24 1694208 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-04-27 07:41 282624 c:\program files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2005-05-20 07:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 01:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2007-01-12 12:36 827392 c:\program files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2004-11-04 16:40 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-05-26 10:29 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

--a------ 2006-03-31 11:58 184320 c:\program files\InterVideo\DVD Check\DVDCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"LIVESRV"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry\\DesktopMgr.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Deskjet 9800 Series\\Toolbox\\HPWQTBX.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"d:\\Football Manager 2005\\fm2005.exe"=

 

R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2007-05-23 88192]

S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2008-02-26 22272]

S3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2006-06-12 9344]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859a03a3-86fc-11dc-b93b-001a6b2a1035}]

\Shell\AutoRun\command - F:\LaunchU3.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-11-21 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-25 08:42]

.

.

------- Examen supplémentaire -------

.

FireFox -: Profile - c:\documents and settings\abdelwouhab.AWB.000\Application Data\Mozilla\Firefox\Profiles\ow11qawf.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/default

FF -: plugin - c:\documents and settings\abdelwouhab.AWB.000\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\np32dsw.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npdeploytk.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npdivx32.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npDivxPlayerPlugin.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npnul32.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\NPOFF12.DLL

FF -: plugin - c:\progra~1\MOZILL~1\plugins\nppdf32.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\nppl3260.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\npRACtrl.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\nprjplug.dll

FF -: plugin - c:\progra~1\MOZILL~1\plugins\nprpjplug.dll

FF -: plugin - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll

FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-21 19:09:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\scardsvr.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

c:\program files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

c:\program files\Softwin\BitDefender10\vsserv.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe

.

**************************************************************************

.

Heure de fin: 2008-11-21 19:15:17 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-11-21 19:15:09

ComboFix2.txt 2008-11-04 17:05:00

ComboFix3.txt 2008-11-04 16:46:13

ComboFix4.txt 2008-11-04 15:26:15

ComboFix5.txt 2008-11-21 19:00:27

 

Avant-CF: 7,832,936,448 octets libres

Après-CF: 7,822,278,656 octets libres

 

241