|
|
Auteur
|
Message
|
1
2
|
|
|
|
Bonjour,
je suis novice en informatique et tout le monde touche au PC de la maison, mais me voila avec une barre SECURITY TOOLBAR 7.1 impossble d'enlever avec un nouvel icon a coté de l'horloge, pour couroner le tout j'ai des problemes avec windows XP qui ce sont greffés depuis, plus de recherche possible avec F3 dans l'explorateur windows et mon antivirus à été desactivé : problème win32 ou quelque chose comme ça et enfin impossible de faire une restauration system, car cela ne fonctione pas???
Alors HELP MEEEE s'il vous plait.
-->Message édité par franckyboss le 13/05/2008 21:35:05<--
|
|
Blablabla !
|
|
|
Bonjour
On va jeter un oeil à tout ça
Télécharge HijackThis sur le bureau
>>> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
=> Ferme tous tes programmes en cours d'exécution.
=> Installe Hijackthis.
=> Clique sur Do a system scan and save a logfile.
=> Un rapport apparaît dans un bloc-note.
=> Copie l’intégralité du rapport et poste le ici dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Une aide à l'utilisation
>>> http://bibou0007.com/outils-specifiques-f78/tutorial-de-hijackthis-v202-t108.(...)
|
|
|
|
|
|
j'ai telechargé sur mon bureau hjack this , puis installé, mais au lancement une fenetre apparais m'indiquant que ce n'est une application WIN32 valide, comme lorsque j'ai voulue lancer mon acien anti virus avast qui ne fonctionne plus depuis.
|
|
Blablabla !
|
|
|
Ah ok, il fallait commencer par là.
Est ce que tu peux démarrer en mode sans échec ? méthode F8 OBLIGATOIRE et pas de MSCONFIG
http://bibou0007.com/astuces-windows-f80/demarrer-en-mode-sans-echec-avec-xp-(...)
|
|
|
|
|
non cela ne marche pas, j'ai un ecran bleu qui m'indique
information technique:
STOP 0x0000007B (0XF7BF7524,0XC0000034,0X00000000,0x00000000)
|
|
Blablabla !
|
|
|
Bon ben c'est parti
Si tu as des cracks (keygen et cie), des trucs téléchargés, piratés, c'est poubelle !!
Télécharge ELIBAGLA en bas de cette page
>>>http://www.zonavirus.com/datos/descargas/95/elibagla.asp
- Double-clique sur le fichier Elibagla.exe
- Assure-toi que le bouton "Eliminar Ficheros Automaticamente" soit coché.
- Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
- Clique sur le bouton Explorar.
Une aide à regarder
>>> http://www.malekal.com/W32.Beagle.KF_Trojan.Tooso.R.php
Poste moi le rapport d'ELIBAGLA (C:\infoSat.txt) accompagné d'un rapport hijackthis.
-->Message édité par Accass le 08/05/2008 23:56:52<--
|
|
|
|
|
voila le premier, difficile, car j'ai due utiliser un pc portable pour techarger le logiciel, car cela ne marchait pas avec ce PC.
au fait, apres le redemarage de le tentative du mode sans echec, je n'ai plus la security toolbar et l'icon jaune????, mais hijack this ne fonctionne toujours pas.
Fri May 09 00:12:46 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Fri May 09 00:14:25 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 9809
Nº Total de Ficheros: 116675
Nº de Ficheros Analizados: 15487
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
|
|
Blablabla !
|
|
|
Infection Bagle 
Accass a écrit :
Si tu as des cracks (keygen et cie), des trucs téléchargés, piratés, c'est poubelle !!
Ok, est ce que tu l'as fait ?
|
|
Blablabla !
|
|
|
Je te mets la suite :
Désormais, le mode sans échec devrait marcher.
Supprime Elibagla. Puis retélécharge le.
Attention : cette fois ci, tu dois le renommer avant qu'il ne soit téléchargé sur le bureau (renomme le salut.exe)
Télécharge Antivir, ne l'installe pas
>>> http://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches(...)
Attention : tu dois le renommer avant qu'il ne soit téléchargé sur le bureau (renomme le Anti_vir.exe)
-------------------------
Un petit fichier à créer
menu démarrer => exécuter... => tape notepad et valide.
Le bloc note s'ouvre.
Copie/colle ce qui est dans le cadre ci dessous
del c:\windows\system32\mdelk.exe
del c:\windows\system32\drivers\srosa.sys
del c:\windows\system32\drivers\hldrrr.exe
del c:\windows\system32\wintems.exe
Enregistre ce fichier sur le bureau, sous le nom Fix.bat
Attention à l'extension .bat, l'icône du fichier doit prendre la forme d'un mécanisme.
-------------------------
=> Démarre en mode sans echec (Méthode F8 obligatoire)
>>> http://bibou0007.com/astuces-windows-f80/demarrer-en-mode-sans-echec-avec-xp-(...)
-------------------------
Lance salut.exe et enregistre le rapport sur le bureau.
Double clique sur Fix.bat pour le lancer.
Une fenêtre apparaitra rapidement, ne pas s'inquiéter.
Désinstalle Avast
Installe Anti_vir
Lance Antivir
=> Clique sur l'onglet Local Protection.
=> Sélectionne Manual Sélection sur le disque local C:.
=> Lance le scan et mettre en quarantaine tous les éléments détectés
=> Une fois le scan terminé, enregistre le rapport sur le bureau.
-------------------------
Redémarre normalement le pc et poste le contenu du rapport Antivir + Elibagla dans ta prochaine réponse.
|
|
|
|
|
me revoila avec les 2 rapports, j'ai pu en effet redammarer en mode sans echec, mais je ne peux pas telecharger ces logiciels, il à falus que j'utilise mon PC portable du boulot et que je passe par une cle USB.
********************
******antivir*******
********************
J'ai fais le ménage tant que j'ai pu, mais plusieurs personne utilise ce PC, il va falloire que je mette des droit d'accès limité ....
Avira AntiVir Personal
Report file date: samedi 10 mai 2008 21:19
Scanning for 1165085 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: 128073900307
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 10 mai 2008 21:19
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '44' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\052160E1.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\052160E1.tmp
[DETECTION] Is the Trojan horse TR/Agent.QT.77
[NOTE] The file was moved to '4857f705.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F4E5C30.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F4E5C30.tmp
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4859f716.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27A07190.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27A07190.exe
[DETECTION] Contains detection pattern of the worm WORM/Kapucen.b.183
[NOTE] The file was moved to '4866f708.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F780611.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F780611.tmp
[DETECTION] Contains detection pattern of the worm WORM/Kapucen.b.183
[NOTE] The file was moved to '485cf717.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44BD2B30.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44BD2B30.tmp
[DETECTION] Is the Trojan horse TR/Bagle.DP
[NOTE] The file was moved to '4867f705.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522870A5.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\522870A5.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4857f704.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B831E2B.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B831E2B.exe
[DETECTION] Contains detection pattern of the worm WORM/Kapucen.b.183
[NOTE] The file was moved to '485df714.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74013194.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74013194.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[NOTE] The file was moved to '4855f706.qua'!
C:\Documents and Settings\franck\Mes documents\dossier temp program\s300+\Games\Tomb Raider\tomb.raider.original.v1.00.arm.ppc.cracked-corepda.rar
[0] Archive type: RAR
--> Tomb.Raider.Original.v1.00.ARM.PPC.Cracked-COREPDA\setup.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '4892fb4c.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027302.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '4856227f.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027304.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48562280.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027305.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49fc4341.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027306.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48562282.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027307.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48562281.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027308.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49fc4342.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027309.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48562283.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027310.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49fc4343.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027311.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '48562284.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027312.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49fc4344.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027316.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027316.exe
[DETECTION] Contains detection pattern of the worm WORM/Kapucen.b.183
[NOTE] The file was moved to '48562285.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027317.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027317.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '49fc4345.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027318.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027318.exe
[DETECTION] Contains detection pattern of the worm WORM/Kapucen.b.183
[NOTE] The file was moved to '48562286.qua'!
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027319.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027319.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[NOTE] The file was moved to '49fc4346.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7197.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\downld\103499015.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48592685.qua'!
C:\WINDOWS\system32\drivers\downld\118205781.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485e2687.qua'!
C:\WINDOWS\system32\drivers\downld\132933796.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '4858268a.qua'!
C:\WINDOWS\system32\drivers\downld\147722265.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485d268d.qua'!
C:\WINDOWS\system32\drivers\downld\162627484.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48582691.qua'!
C:\WINDOWS\system32\drivers\downld\174265.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485a2693.qua'!
C:\WINDOWS\system32\drivers\downld\177125.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '485d2693.qua'!
C:\WINDOWS\system32\drivers\downld\221889343.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '48572691.qua'!
C:\WINDOWS\system32\drivers\downld\236624656.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485c2694.qua'!
C:\WINDOWS\system32\drivers\downld\295794640.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485b269d.qua'!
C:\WINDOWS\system32\drivers\downld\29696484.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485c269f.qua'!
C:\WINDOWS\system32\drivers\downld\44412828.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485a269b.qua'!
C:\WINDOWS\system32\drivers\downld\73886437.exe
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[NOTE] The file was moved to '485e269d.qua'!
End of the scan: dimanche 11 mai 2008 00:49
Used time: 3:30:37 min
The scan has been done completely.
9876 Scanning directories
415396 Files were scanned
36 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
36 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
415360 Files not concerned
7989 Archives were scanned
8 Warnings
36 Notes
********************
*******Elibagla*****
********************
Fri May 09 00:12:46 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Fri May 09 00:14:25 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 9809
Nº Total de Ficheros: 116675
Nº de Ficheros Analizados: 15487
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sat May 10 19:43:12 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sat May 10 19:43:27 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 9809
Nº Total de Ficheros: 116686
Nº de Ficheros Analizados: 15488
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sat May 10 20:46:04 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
Sat May 10 20:46:12 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027299.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027300.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP406\A0027301.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\132941718.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\162650375.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\177397687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\192235546.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\206983781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\221892265.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\251366875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\266205109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\281059921.EXE --> Eliminado Bagle
Nº Total de Directorios: 9857
Nº Total de Ficheros: 117774
Nº de Ficheros Analizados: 15539
Nº de Ficheros Infectados: 14
Nº de Ficheros Limpiados: 14
|
|
Blablabla !
|
|
|
Salut Franckyboss
Supprime ce dossier
C:\WINDOWS\system32\drivers\downld
Si tu ne le trouves pas
Affiche les fichiers et dossiers cachés
=> Ouvre le poste de travail => menu outils => options des dossiers...
=> Dans la fenêtre qui s'ouvre, onglet affichage :
=> coche Afficher les fichiers et dossiers cachés
=> décoche Masquer les extensions des fichiers dont le type est connu
=> décoche Masquer les fichiers protégés du système d' exploitation (recommandé)
=> Réponds oui à l'alerte.
=> Valide
Une aide à l'utilisation
>>> http://bibou0007.com/astuces-windows-f80/afficher-les-fichiers-caches-et-syst(...)
N'oublie pas de recacher tes fichiers.
-----------------------------------
Si tu as des cracks, tu dois absolument t'en débarasser. crack = keygen, jeux crackés, etc.
Je le redis parce qu'il en restait encore.
Comment ça se fait que tu ne puisses pas les télécharger ?
Tu n'as pas internet ? ou ça ne veut pas télécharger ?
-----------------------------------
Télécharge Deckard's System Scanner (DSS) sur le bureau
>>> http://www.techsupportforum.com/sectools/Deckard/dss.exe
ou
>>> http://deckard.geekstogo.com/dss.exe
Ferme toutes les fenêtres et toutes les applications en cours.
=> Double clique sur dss.exe pour lancer l'outil.
=> Clique sur OK à chaque fois que cela sera demandé.
=> L'analyse finie, un fichier texte s'affichera (main.txt).
Enregistre ce rapport sur le bureau.
=> Ferme cette fenêtre.
Il y a 2 rapports, poste moi seulement le rapport main.txt de DSS dans ta prochaine réponse.
Note : le rapport se trouve aussi à cet emplacement C:\Deckard\System Scanner\main.txt
-->Message édité par Accass le 11/05/2008 01:19:51<--
|
|
|
|
|
Il me semble que j'ai dejà fais un bon menage, mais le repertoir DRIVERS n'était pas visible dans Explorateur, j'ai donc du passé par l'invite de commande pour suprimer downld
voici le rapport main:
Deckard's System Scanner v20071014.68
Run by franck on 2008-05-11 01:39:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
80: 2008-05-10 23:39:41 UTC - RP407 - Deckard's System Scanner Restore Point
79: 2008-05-10 18:29:53 UTC - RP406 - Configuré Réseau France BdNyme
78: 2008-05-10 18:29:22 UTC - RP405 - Configuré Réseau France BdAlti
77: 2008-05-10 18:28:43 UTC - RP404 - Configuré Réseau France Bayo
76: 2008-05-10 18:28:12 UTC - RP403 - Configuré Réseau France Bayo
-- First Restore Point --
1: 2008-02-09 21:00:52 UTC - RP328 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as franck.exe) ----------------------------------------------
Unable to run HijackThis; Opération réussie.
Path: C:\PROGRA~1\TRENDM~1\HIJACK~1\franck.exe
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-11 01:41:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Documents and Settings\franck\Bureau\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://www.baxisa.eu/Cabs/RteDocTiffXStatic.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BF83D287-BCC6-4CB2-804B-E8B8A09A5E41}: NameServer = 86.64.145.140,84.103.237.140
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\franck\LOCALS~1\Temp\DX9\SessionLauncher.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 15481 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 hwpsgt - c:\windows\system32\drivers\hwpsgt.sys
R2 lemsgt - c:\windows\system32\drivers\lemsgt.sys
R2 musm3gld - c:\windows\system32\drivers\musm3gld.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
S0 viamraid - c:\windows\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
S3 ddxgb - c:\docume~1\franck\locals~1\temp\ddxgb.sys (file missing)
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>
R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>
S2 Planificateur LiveUpdate automatique - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S2 SessionLauncher - c:\docume~1\franck\locals~1\temp\dx9\sessionlauncher.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-11 and 2008-05-11 -----------------------------
2008-05-10 21:16:40 0 d-------- C:\Program Files\Avira
2008-05-10 21:16:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-09 00:12:44 0 d-------- C:\Muestras
2008-05-08 23:10:34 0 d-------- C:\Program Files\Trend Micro
2008-05-08 04:29:35 0 dr-h----- C:\Documents and Settings\franck\Recent
2008-05-08 01:29:25 0 d--h----- C:\$AVG8.VAULT$
2008-05-08 01:21:23 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-08 01:21:17 0 d-------- C:\Program Files\AVG
2008-05-08 01:21:17 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-08 00:50:02 0 d-------- C:\Program Files\CCleaner
2008-05-07 22:35:31 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-07 22:30:24 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-07 22:21:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 22:21:47 0 d-------- C:\WINDOWS\system32\527631
2008-05-07 22:21:40 0 d-------- C:\Program Files\NetProject
2008-05-03 23:34:10 0 d-------- C:\WINDOWS\system32\drivers\downld
2008-04-25 03:00:21 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-23 20:47:55 0 d-------- C:\Documents and Settings\franck\Contacts
2008-04-23 20:42:02 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-23 20:39:57 0 d-------- C:\Documents and Settings\franck\Application Data\MSNInstaller
2008-04-23 20:35:44 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-23 20:35:31 0 d-------- C:\Program Files\Windows Live
2008-04-23 20:35:16 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-12 12:59:54 0 d-------- C:\WINDOWS\pss
-- Find3M Report ---------------------------------------------------------------
2008-05-11 01:30:06 0 d-------- C:\Program Files\Fichiers communs
2008-05-11 00:55:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-10 20:30:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 20:14:05 0 d-------- C:\Documents and Settings\franck\Application Data\Azureus
2008-05-07 23:30:22 0 d-------- C:\Program Files\MagicISO
2008-04-23 13:36:08 0 d-------- C:\Documents and Settings\franck\Application Data\Roxio
2008-04-15 16:57:39 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-11 03:02:21 492564 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-04-11 03:02:21 84894 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-28 18:54:36 0 d-------- C:\Documents and Settings\franck\Application Data\HP
2008-03-28 18:50:32 128551 --a------ C:\WINDOWS\hpoins11.dat
2008-03-28 18:49:36 0 d-------- C:\Program Files\HP
2008-03-28 18:47:13 0 d-------- C:\Program Files\Fichiers communs\HP
2008-03-28 18:44:48 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-28 18:43:57 0 d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-16 19:57:16 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-03-14 23:20:21 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54160F28-994B-48DD-8D83-1B2F6B9EB054}]
C:\WINDOWS\system32\527631\527631.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
C:\Program Files\NetProject\sbmdl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 15:01]
"RTHDCPL"="RTHDCPL.EXE" [18/05/2006 14:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]
"ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 07:15]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [11/09/2006 05:40]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [09/11/2006 16:12]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 15:00]
"EULA"="C:\APPS\PB_TB\EULALauncher.exe" [29/09/2006 14:14]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [11/03/2004 01:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/11/2006 16:11]
"@"="" []
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [24/08/2007 16:52]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [14/08/2007 04:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/05/2008 22:49]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/05/2008 01:21]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 15:00]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [21/06/2006 01:20]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [11/09/2006 05:40]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"drvsyskit"="C:\WINDOWS\system32\drivers\hldrrr.exe" []
"german.exe"="C:\WINDOWS\system32\wintems.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"= C:\WINDOWS\system32\rtmipr.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - SSMDRV
-- End of Deckard's System Scanner: finished at 2008-05-11 01:42:00 ------------
|
|
Blablabla !
|
|
Blablabla !
|
|
|
J'oubliais, quand tu désinstalleras les logiciels, vire aussi Norton.
|
|
|
|
|
je n'arrive pas a supprimer avast 
|
|
Blablabla !
|
|
|
|
|
ComboFix 08-05-09.1 - Administrateur 2008-05-11 3:28:40.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\franck\Bureau\ComboFiix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url
C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\Thumbs.db
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\waun.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\downld
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.
2008-05-11 03:04 . 2008-05-11 03:04 268 --ah----- C:\sqmdata07.sqm
2008-05-11 03:04 . 2008-05-11 03:04 244 --ah----- C:\sqmnoopt07.sqm
2008-05-11 02:40 . 2008-05-11 02:40 268 --ah----- C:\sqmdata06.sqm
2008-05-11 02:40 . 2008-05-11 02:40 244 --ah----- C:\sqmnoopt06.sqm
2008-05-11 01:39 . 2008-05-11 01:39 <REP> d-------- C:\Deckard
2008-05-10 21:16 . 2008-05-10 21:16 <REP> d-------- C:\Program Files\Avira
2008-05-10 21:16 . 2008-05-10 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-10 20:41 . 2008-05-10 20:41 268 --ah----- C:\sqmdata05.sqm
2008-05-10 20:41 . 2008-05-10 20:41 244 --ah----- C:\sqmnoopt05.sqm
2008-05-09 00:50 . 2008-05-09 00:50 268 --ah----- C:\sqmdata04.sqm
2008-05-09 00:50 . 2008-05-09 00:50 244 --ah----- C:\sqmnoopt04.sqm
2008-05-09 00:12 . 2008-05-09 00:12 <REP> d-------- C:\Muestras
2008-05-08 23:18 . 2008-05-08 23:18 268 --ah----- C:\sqmdata03.sqm
2008-05-08 23:18 . 2008-05-08 23:18 244 --ah----- C:\sqmnoopt03.sqm
2008-05-08 23:10 . 2008-05-08 23:10 <REP> d-------- C:\Program Files\Trend Micro
2008-05-08 01:29 . 2008-05-11 02:09 <REP> d--h----- C:\$AVG8.VAULT$
2008-05-08 01:21 . 2008-05-08 01:21 <REP> d-------- C:\Program Files\AVG
2008-05-08 00:50 . 2008-05-08 00:50 <REP> d-------- C:\Program Files\CCleaner
2008-05-07 22:35 . 2008-05-07 22:37 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-05-07 22:21 . 2008-05-08 01:41 <REP> d-------- C:\WINDOWS\system32\527631
2008-05-07 22:21 . 2008-05-07 22:28 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-25 03:00 . 2008-04-25 03:00 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-24 20:10 . 2008-04-24 20:10 268 --ah----- C:\sqmdata02.sqm
2008-04-24 20:10 . 2008-04-24 20:10 244 --ah----- C:\sqmnoopt02.sqm
2008-04-24 05:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-24 05:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-24 05:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-23 21:06 . 2008-04-23 21:06 244 --ah----- C:\sqmnoopt01.sqm
2008-04-23 21:06 . 2008-04-23 21:06 232 --ah----- C:\sqmdata01.sqm
2008-04-23 20:56 . 2008-04-23 20:56 268 --ah----- C:\sqmdata00.sqm
2008-04-23 20:56 . 2008-04-23 20:56 244 --ah----- C:\sqmnoopt00.sqm
2008-04-23 20:47 . 2008-04-23 21:12 <REP> d-------- C:\Documents and Settings\franck\Contacts
2008-04-23 20:42 . 2008-04-23 20:42 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-23 20:39 . 2008-04-23 20:40 <REP> d-------- C:\Documents and Settings\franck\Application Data\MSNInstaller
2008-04-23 20:35 . 2008-04-23 20:42 <REP> d-------- C:\Program Files\Windows Live
2008-04-23 20:35 . 2008-04-23 20:41 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-23 20:35 . 2008-04-23 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 01:11 --------- d-----w C:\Program Files\Alwil Software
2008-05-10 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 18:14 --------- d-----w C:\Documents and Settings\franck\Application Data\Azureus
2008-05-07 21:30 --------- d-----w C:\Program Files\MagicISO
2008-04-23 11:36 --------- d-----w C:\Documents and Settings\franck\Application Data\Roxio
2008-03-28 16:54 --------- d-----w C:\Documents and Settings\franck\Application Data\HP
2008-03-28 16:49 --------- d-----w C:\Program Files\HP
2008-03-28 16:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\HP
2008-03-28 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-28 16:47 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-03-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-28 16:44 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-28 16:43 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-16 17:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-14 21:20 --------- d-----w C:\Program Files\Java
2008-01-02 18:17 15,397 ----a-w C:\Program Files\settings.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54160F28-994B-48DD-8D83-1B2F6B9EB054}]
C:\WINDOWS\system32\527631\527631.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-21 01:20 1211176]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"ATICCC"="c:\ | | |
