virtumonde/Look2me : Petit probleme de Virus

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

Docky

virtumonde/Look2me : Petit probleme de Virus

Message par Docky » 10 sept. 2006 13:48

Logfile of HijackThis v1.99.1
Scan saved at 13:41:56, on 03/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Visualware Security Suite\tscore.exe
C:\Program Files\Visualware Security Suite\desktopicon.exe
C:\Program Files\Fichiers communs\{2CA91316-0639-1036-0508-031207010021}\Update.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\David\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [DesktopIcon] C:\Program Files\Visualware Security Suite\desktopicon.exe
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/stat ... nerADP.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Merci à tous




Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 10 sept. 2006 13:54

Yop Docky,

C:\David\HijackThis.exe <-- renomme le en scanner.exe
double-clic sur scanner.exe
relance un scan et colle le rapport ici.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Docky

Message par Docky » 10 sept. 2006 13:59

Voilà :

Logfile of HijackThis v1.99.1
Scan saved at 13:53:49, on 03/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Visualware Security Suite\desktopicon.exe
C:\Program Files\Fichiers communs\{2CA91316-0639-1036-0508-031207010021}\Update.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\David\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {060D2E2B-6DB8-442D-BF4A-33A9227BE6E2} - C:\WINDOWS\System32\vtstq.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [DesktopIcon] C:\Program Files\Visualware Security Suite\desktopicon.exe
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/stat ... nerADP.cab
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\m064lajq1doe.dll
O20 - Winlogon Notify: mljhe - C:\WINDOWS\
O20 - Winlogon Notify: vtstq - C:\WINDOWS\System32\vtstq.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 10 sept. 2006 14:00

Télécharge Look2Me-Destroyer.exe de Atribune sur ton Bureau.
---> Télécharger Look2Me-Destroyer.exe

- Ferme toutes les fenêtres et programmes actifs avant de passer à l'étape suivante.
- Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
- Coche Run this program as a task
- Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
- Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
- Lorsque le scan termine, clique sur le bouton Remove L2M
- Un message Done Scanning apparaîtra, clique OK.
- Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
- Ton PC va maintenant s'éteindre.
- Démarre ton PC normalement.
- Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

** Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

** Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : Accepte.

** Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX, et place-le dans le dossier C:\Windows\System32.

_____


- Télécharge Vundoxfix de Atribune - mirror si le lien ne fonctionne pas : http://www.softpedia.com/get/Antivirus/VundoFix.shtml
- Double-clique VundoFix.exe afin de le lancer.
- Coche Run VundoFix as a task.
- Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
- Clique sur le bouton Scan for Vundo.
- Lorsque le scan est complété, clique sur le bouton Remove Vundo.
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
- Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
- Démarre ton PC à nouveau.
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Docky

Message par Docky » 10 sept. 2006 14:48

Voici le nouveau log de HiJackThis :

Logfile of HijackThis v1.99.1
Scan saved at 14:36:18, on 03/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Visualware Security Suite\tscore.exe
C:\Program Files\Visualware Security Suite\desktopicon.exe
C:\Program Files\Fichiers communs\{2CA91316-0639-1036-0508-031207010021}\Update.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\David\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O2 - BHO: (no name) - {BF7953DF-865F-4D0F-BAA2-80D2D0B5DF7A} - C:\WINDOWS\System32\vtstq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [DesktopIcon] C:\Program Files\Visualware Security Suite\desktopicon.exe
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/stat ... nerADP.cab
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\m064lajq1doe.dll
O20 - Winlogon Notify: mljhe - C:\WINDOWS\
O20 - Winlogon Notify: vtstq - C:\WINDOWS\System32\vtstq.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

et le log de Look2Me


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 03/10/2006 14:06:12

Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FF16CBA9-88E7-4283-9C8A-66B3FE077493}"
HKCR\Clsid\{FF16CBA9-88E7-4283-9C8A-66B3FE077493}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1DC4C3D7-D49C-49C9-B244-61ED46761F8E}"
HKCR\Clsid\{1DC4C3D7-D49C-49C9-B244-61ED46761F8E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{07CADD63-E600-4F44-90FA-884AF3C4A989}"
HKCR\Clsid\{07CADD63-E600-4F44-90FA-884AF3C4A989}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CDAA0F0E-156F-43AF-8E86-62A4A2FB4BC5}"
HKCR\Clsid\{CDAA0F0E-156F-43AF-8E86-62A4A2FB4BC5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9EB83678-19C7-46EF-AA0D-5B76CEA53FBD}"
HKCR\Clsid\{9EB83678-19C7-46EF-AA0D-5B76CEA53FBD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E62B790B-B532-4BB6-8935-C6A79E697216}"
HKCR\Clsid\{E62B790B-B532-4BB6-8935-C6A79E697216}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{067CA349-6667-42B0-8FA9-2810A0CFC62A}"
HKCR\Clsid\{067CA349-6667-42B0-8FA9-2810A0CFC62A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9D528C43-921B-4140-8FEB-416996FC7459}"
HKCR\Clsid\{9D528C43-921B-4140-8FEB-416996FC7459}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D000CB87-B24E-4D1F-B25B-66B291AFCCE3}"
HKCR\Clsid\{D000CB87-B24E-4D1F-B25B-66B291AFCCE3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5DE506FB-36A2-4B0A-9E53-403F56F6ACE3}"
HKCR\Clsid\{5DE506FB-36A2-4B0A-9E53-403F56F6ACE3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9DA72BA3-BA62-471A-B9DF-3E20098C6010}"
HKCR\Clsid\{9DA72BA3-BA62-471A-B9DF-3E20098C6010}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{13B8B7F4-59D9-42A7-A3B5-4855900868F8}"
HKCR\Clsid\{13B8B7F4-59D9-42A7-A3B5-4855900868F8}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FAEA599C-C8CA-4897-8FB4-BB436D6C10F4}"
HKCR\Clsid\{FAEA599C-C8CA-4897-8FB4-BB436D6C10F4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{42466BCD-7AA9-4D4A-9F21-7C5EB7D06545}"
HKCR\Clsid\{42466BCD-7AA9-4D4A-9F21-7C5EB7D06545}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D3E65598-1439-4F13-BD50-80EAB31C5FB3}"
HKCR\Clsid\{D3E65598-1439-4F13-BD50-80EAB31C5FB3}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5C4EB054-A90C-45C5-8D1E-1461C2042C96}"
HKCR\Clsid\{5C4EB054-A90C-45C5-8D1E-1461C2042C96}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FCE91817-1E5D-4122-8E95-F0D4D09D648E}"
HKCR\Clsid\{FCE91817-1E5D-4122-8E95-F0D4D09D648E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{60598F9A-E823-4541-AB85-16D6F510D06C}"
HKCR\Clsid\{60598F9A-E823-4541-AB85-16D6F510D06C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{85F15833-C62D-42EB-A655-4A73FCB8564B}"
HKCR\Clsid\{85F15833-C62D-42EB-A655-4A73FCB8564B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{016171F1-7EE6-4C1D-8206-125461DD2CFD}"
HKCR\Clsid\{016171F1-7EE6-4C1D-8206-125461DD2CFD}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ADD6A582-E459-40CE-AD69-AF12F8D96F64}"
HKCR\Clsid\{ADD6A582-E459-40CE-AD69-AF12F8D96F64}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3EF1C98A-E635-4B82-B19A-87CB47EEF101}"
HKCR\Clsid\{3EF1C98A-E635-4B82-B19A-87CB47EEF101}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrateurs - Succeeded


Docky

Message par Docky » 10 sept. 2006 14:49

PS Malekal_Morte : je ne peux plus me connecter sur Irc :/ Open Proxy

Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 10 sept. 2006 14:50

Attends pour IRC.
Tu te connectes avec quoi modem ou routeur?

As-tu executé Vundofix ?



- Télécharge l2mfix de Shadowwar
- Double clic sur l2mfix.exe pour lancer l'extraction
- Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
- Le bloc note va s'ouvrir avec le résultat du scan.
- Fais un copier coller du résultat ici.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Docky

Message par Docky » 10 sept. 2006 14:57

Voilà le log

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DIFx]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m064lajq1doe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljhe]
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtstq]
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"
"DllName"="C:\\WINDOWS\\System32\\vtstq.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage

Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 10 sept. 2006 15:01

ça c'est L2MFIX :/

Tu peux lancer l'option 2 de L2MFIX en mode normal.
Par contre lance derrnière Vundofix comme demandé.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Docky

Message par Docky » 11 sept. 2006 15:12

VundoFix V6.1.4

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.6

Scan started at 14:35:02 04/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\awtrs.dll
C:\WINDOWS\system32\awvsr.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\byvtu.dll
C:\WINDOWS\system32\ddcyw.dll

Beginning removal...


Logfile of HijackThis v1.99.1
Scan saved at 15:06:54, on 11/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Visualware Security Suite\tscore.exe
C:\Program Files\Visualware Security Suite\desktopicon.exe
C:\Program Files\Fichiers communs\{2CA91316-0639-1036-0508-031207010021}\Update.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MICHAUD C\Bureau\VundoFix.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\David\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O2 - BHO: (no name) - {E082FBE2-5CBF-449F-9E05-4666A8308A21} - C:\WINDOWS\System32\vtstq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [DesktopIcon] C:\Program Files\Visualware Security Suite\desktopicon.exe
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/stat ... nerADP.cab
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\m064lajq1doe.dll
O20 - Winlogon Notify: mljhe - C:\WINDOWS\
O20 - Winlogon Notify: vtstq - C:\WINDOWS\System32\vtstq.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 11 sept. 2006 15:39

Désinstalle Prevx1 stp.


Télécharge ce fichier - combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!


Clic sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v vtstq
puis clic sur OK.

Il va te poser une question, réponds yes (touche y) puis attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HijackThis avec.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Docky

Message par Docky » 11 sept. 2006 16:19

MICHAUD C - 06-09-11 16:05:10,56
ComboFix 06.09.11B - Running from: C:\Documents and Settings\MICHAUD C\Bureau

Microsoft Windows XP [version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


Granting sedebugprivilege to Administrateurs ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qtstv.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\nwnmff_15.exe
C:\WINDOWS\system32\rpcc.exe
C:\Program Files\Fichiers communs\{2CA91316-0639-1036-0508-031207010021}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\MICHAUD C\Application Data\SSTEM~1
C:\QooBox\Purity\Documents and Settings\MICHAUD C\Application Data\SSTEM~1\s?stem
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\STEM32~1\??plorer.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 ))))))))))))))))))))))))))))))))))


2006-09-04 17:44 235,157 -r--s---- C:\WINDOWS\system32\m064lajq1doe.dll
2006-09-04 16:07 16,384 --a------ C:\WINDOWS\system32\restart.exe
2006-09-04 16:07 11,254 --a------ C:\WINDOWS\system32\locate.com
2006-09-04 14:32 82,188 --a------ C:\WINDOWS\system32\zip.exe
2006-09-04 13:19 40,973 --a------ C:\WINDOWS\system32\ddcyw.dll
2006-09-04 12:27 40,973 --a------ C:\WINDOWS\system32\nnnop.dll
2006-09-04 11:19 40,973 --a------ C:\WINDOWS\system32\xxwxw.dll
2006-09-04 11:19 138,862 --a------ C:\WINDOWS\system32\install.exe
2006-09-04 07:23 40,973 --a------ C:\WINDOWS\system32\hggge.dll
2006-09-04 06:57 40,973 --a------ C:\WINDOWS\system32\gebxx.dll
2006-09-04 06:52 40,973 --a------ C:\WINDOWS\system32\fcyxu.dll
2006-09-04 06:50 40,973 --a------ C:\WINDOWS\system32\efeec.dll
2006-09-03 21:34 40,973 --a------ C:\WINDOWS\system32\awvsr.dll
2006-09-03 16:53 34,304 --a------ C:\cqrkkvp.exe
2006-09-03 16:51 40,973 --a------ C:\WINDOWS\system32\gebbb.dll
2006-09-03 14:36 40,973 --a------ C:\WINDOWS\system32\geeef.dll
2006-09-03 14:29 40,973 --a------ C:\WINDOWS\system32\ljjkh.dll
2006-09-03 14:25 40,973 --a------ C:\WINDOWS\system32\ursrr.dll
2006-09-03 14:20 40,973 --a------ C:\WINDOWS\system32\rqono.dll
2006-09-03 12:30 40,973 --a------ C:\WINDOWS\system32\jkkkh.dll
2006-09-03 12:24 40,973 --a------ C:\WINDOWS\system32\wvusp.dll
2006-09-03 11:52 40,973 --a------ C:\WINDOWS\system32\ssqop.dll
2006-09-03 11:48 40,973 --a------ C:\WINDOWS\system32\pmnoo.dll
2006-09-03 11:44 40,973 --a------ C:\WINDOWS\system32\rqopn.dll
2006-09-03 11:38 40,973 --a------ C:\WINDOWS\system32\byvtu.dll
2006-09-03 11:33 40,973 --a------ C:\WINDOWS\system32\mljgg.dll
2006-09-03 11:29 40,973 --a------ C:\WINDOWS\system32\qomll.dll
2006-09-03 10:59 40,973 --a------ C:\WINDOWS\system32\efccy.dll
2006-09-03 10:57 40,973 --a------ C:\WINDOWS\system32\ljhfc.dll
2006-09-03 10:56 40,973 --a------ C:\WINDOWS\system32\fcyxx.dll
2006-09-03 10:52 40,973 --a------ C:\WINDOWS\system32\wvutt.dll
2006-09-03 10:28 40,973 --a------ C:\WINDOWS\system32\pmnkk.dll
2006-09-03 10:24 40,973 --a------ C:\WINDOWS\system32\pmnlj.dll
2006-09-03 10:20 40,973 --a------ C:\WINDOWS\system32\rqomn.dll
2006-09-02 23:59 692,276 ---hs---- C:\WINDOWS\system32\mllkh.dll
2006-09-02 23:59 448,220 ---hs---- C:\WINDOWS\system32\hkllm.bak1
2006-09-02 23:55 40,973 --a------ C:\WINDOWS\system32\yabyv.dll
2006-09-02 23:52 40,973 --a------ C:\WINDOWS\system32\vtutt.dll
2006-09-02 23:49 40,973 --a------ C:\WINDOWS\system32\awvvu.dll
2006-09-02 23:46 40,973 --a------ C:\WINDOWS\system32\yayxy.dll
2006-09-02 23:43 40,973 --a------ C:\WINDOWS\system32\ljjgg.dll
2006-09-02 23:40 40,973 --a------ C:\WINDOWS\system32\rqolj.dll
2006-09-02 23:37 40,973 --a------ C:\WINDOWS\system32\tussr.dll
2006-09-02 23:33 40,973 --a------ C:\WINDOWS\system32\hgdde.dll
2006-09-02 23:30 40,973 --a------ C:\WINDOWS\system32\nnnol.dll
2006-09-02 23:27 40,973 --a------ C:\WINDOWS\system32\xxyyx.dll
2006-09-02 23:24 40,973 --a------ C:\WINDOWS\system32\wvwvs.dll
2006-09-02 23:08 692,276 ---hs---- C:\WINDOWS\system32\fcyax.dll
2006-09-02 23:03 40,973 --a------ C:\WINDOWS\system32\vtsqq.dll
2006-09-02 23:03 40,973 --a------ C:\WINDOWS\system32\ljhff.dll
2006-09-02 23:01 15,104 --a------ C:\WINDOWS\system32\stonedrv.exe
2006-09-02 23:00 40,973 --a------ C:\WINDOWS\system32\mljih.dll
2006-09-02 22:58 692,276 ---hs---- C:\WINDOWS\system32\jkhgh.dll
2006-09-02 22:58 448,220 ---hs---- C:\WINDOWS\system32\hghkj.bak1
2006-09-02 21:14 40,973 --a------ C:\WINDOWS\system32\awtrs.dll
2006-09-02 21:13 273,942 --a------ C:\nades.exe
2006-09-02 19:10 106,496 --a------ C:\WINDOWS\system32\9217106.dll
2006-09-02 19:09 5,965 --a------ C:\WINDOWS\system32\loadss.exe
2006-09-02 19:08 67,360 --a------ C:\WINDOWS\system32\eltcelcius.exe
2006-09-02 19:08 40,973 --a------ C:\WINDOWS\system32\geeed.dll
2006-09-02 19:08 273,942 --a------ C:\WINDOWS\system32\nades.exe
2006-09-02 19:08 273,942 --a------ C:\nds.exe
2006-09-02 19:08 20,480 --a------ C:\WINDOWS\system32\dr3.exe
2006-09-02 19:08 124,450 --a------ C:\nergy.exe
2006-08-27 11:25 173,056 --a------ C:\WINDOWS\system32\55316_netapi.exe
2006-08-27 10:37 173,056 --a------ C:\WINDOWS\system32\06177_netapi.exe
2006-08-27 09:59 173,056 --a------ C:\WINDOWS\system32\74717_netapi.exe
2006-08-27 09:40 173,056 --a------ C:\WINDOWS\system32\06631_netapi.exe
2006-08-27 09:23 182,272 --a------ C:\WINDOWS\system32\11346_netapi.exe
2006-08-27 09:09 0 --a------ C:\WINDOWS\system32\08308_netapi.exe
2006-08-27 09:06 182,272 --a------ C:\WINDOWS\system32\85630_netapi.exe
2006-08-27 08:18 173,056 --a------ C:\WINDOWS\system32\87405_netapi.exe
2006-08-27 07:56 173,056 --a------ C:\WINDOWS\system32\56660_netapi.exe
2006-08-27 06:51 173,056 --a------ C:\WINDOWS\system32\18384_netapi.exe
2006-08-27 06:30 173,056 --a------ C:\WINDOWS\system32\50855_netapi.exe
2006-08-27 06:19 173,056 --a------ C:\WINDOWS\system32\15182_netapi.exe
2006-08-27 05:45 173,056 --a------ C:\WINDOWS\system32\03274_netapi.exe
2006-08-27 05:15 173,056 --a------ C:\WINDOWS\system32\42610_netapi.exe
2006-08-27 04:01 173,056 --a------ C:\WINDOWS\system32\80565_netapi.exe
2006-08-27 03:43 182,272 --a------ C:\WINDOWS\system32\26017_netapi.exe
2006-08-27 03:00 173,056 --a------ C:\WINDOWS\system32\02404_netapi.exe
2006-08-27 02:47 173,056 --a------ C:\WINDOWS\system32\25882_netapi.exe
2006-08-27 00:26 182,272 --a------ C:\WINDOWS\system32\40756_netapi.exe
2006-08-26 21:36 173,056 --a------ C:\WINDOWS\system32\50682_netapi.exe
2006-08-26 20:51 182,272 --a------ C:\WINDOWS\system32\04441_netapi.exe
2006-08-26 20:29 173,056 --a------ C:\WINDOWS\system32\51730_netapi.exe
2006-08-26 20:22 182,272 --a------ C:\WINDOWS\system32\00716_netapi.exe
2006-08-26 19:21 182,272 --a------ C:\WINDOWS\system32\76550_netapi.exe
2006-08-26 18:43 182,272 --a------ C:\WINDOWS\system32\75003_netapi.exe
2006-08-26 17:36 0 --a------ C:\WINDOWS\system32\72624_netapi.exe
2006-08-26 17:28 182,272 --a------ C:\WINDOWS\system32\45874_netapi.exe
2006-08-26 16:34 182,272 --a------ C:\WINDOWS\system32\84841_netapi.exe
2006-08-26 16:19 182,272 --a------ C:\WINDOWS\system32\51747_netapi.exe
2006-08-26 16:02 182,272 --a------ C:\WINDOWS\system32\32476_netapi.exe
2006-08-26 12:29 173,056 --a------ C:\WINDOWS\system32\81027_netapi.exe
2006-08-26 09:54 182,272 --a------ C:\WINDOWS\system32\26280_netapi.exe
2006-08-26 08:42 182,272 --a------ C:\WINDOWS\system32\60124_netapi.exe
2006-08-26 07:06 182,272 --a------ C:\WINDOWS\system32\80455_netapi.exe
2006-08-26 07:01 182,272 --a------ C:\WINDOWS\system32\05555_netapi.exe
2006-08-26 05:40 182,272 --a------ C:\WINDOWS\system32\51156_netapi.exe
2006-08-26 05:01 0 --a------ C:\WINDOWS\system32\81448_netapi.exe
2006-08-26 04:45 182,272 --a------ C:\WINDOWS\system32\46788_netapi.exe
2006-08-26 03:02 173,056 --a------ C:\WINDOWS\system32\28406_netapi.exe
2006-08-24 13:07 182,272 --a------ C:\WINDOWS\system32\06518_netapi.exe
2006-08-24 04:05 182,272 --a------ C:\WINDOWS\system32\84611_netapi.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-30 23:56 -------- d-------- C:\Program Files\Visualware Security Suite
2006-09-30 21:27 -------- d-------- C:\Program Files\Visual IP Trace
2006-09-11 16:08 -------- d-------- C:\Program Files\Fichiers communs
2006-09-11 16:01 -------- d-------- C:\Program Files\mIRC
2006-09-05 22:36 -------- d-------- C:\Program Files\Common
2006-09-04 18:33 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-04 15:42 -------- d-------- C:\Program Files\PrintView
2006-09-04 12:37 -------- d-------- C:\Program Files\Alwil Software
2006-09-04 09:43 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-02 19:11 -------- d-------- C:\Program Files\Outlook Express
2006-09-02 19:11 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-08-30 19:42 -------- d-------- C:\Program Files\Yahoo!
2006-08-27 03:06 -------- d-------- C:\Program Files\eMule
2006-08-26 01:20 -------- d-------- C:\Program Files\BitComet
2006-08-26 00:10 -------- d-------- C:\Documents and Settings\MICHAUD C\Application Data\Azureus
2006-08-25 20:13 -------- d-------- C:\Program Files\Azureus
2006-08-21 12:01 -------- d-------- C:\Program Files\BitTorrent
2006-08-21 11:57 -------- d-------- C:\Documents and Settings\MICHAUD C\Application Data\BitTorrent
2006-08-18 12:07 -------- d-------- C:\Program Files\Lavasoft
2006-08-18 12:07 -------- d-------- C:\Documents and Settings\MICHAUD C\Application Data\Lavasoft
2006-08-10 18:47 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-08-09 19:54 -------- d-------- C:\Documents and Settings\MICHAUD C\Application Data\Simple Sudoku
2006-08-08 09:11 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-08 09:11 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-31 19:09 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-06-15 23:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-06-15 23:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-06-15 23:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-15 23:55 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-06-14 19:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-12 21:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PVModule"="C:\\PROGRA~1\\PRINTV~1\\pvmodule.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Visualware Security Suite"="\"C:\\Program Files\\Visualware Security Suite\\tscore.exe\" -autostartup"
"DesktopIcon"="C:\\Program Files\\Visualware Security Suite\\desktopicon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Ms Java for Windows NT"="MS32.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Ms Java for Windows NT"="MS32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{79DF81E3-60C0-4043-A574-30DF1E322F9B}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:b5,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:b5,00,00,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\hp psc 1000 series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 1000 series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpohmr08.exe "
"item"="hp psc 1000 series"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\hpoddt01.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Lancement rapide d'Adobe Reader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^MICHAUD C^Menu Démarrer^Programmes^Démarrage^Aide mémoire.lnk]
"path"="C:\\Documents and Settings\\MICHAUD C\\Menu Démarrer\\Programmes\\Démarrage\\Aide mémoire.lnk"
"backup"="C:\\WINDOWS\\pss\\Aide mémoire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\AIDEMM~1\\TrayIcon.exe "
"item"="Aide mémoire"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^MICHAUD C^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
"path"="C:\\Documents and Settings\\MICHAUD C\\Menu Démarrer\\Programmes\\Démarrage\\Yahoo! Widget Engine.lnk"
"backup"="C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe "
"item"="Yahoo! Widget Engine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Points Manager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Altnet\\Points Manager\\Points Manager.exe -s "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BoontyBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BoontyBox"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Boonty\\BoontyBox\\BoontyBox.exe\" /boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\castmealdaleinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="baitcamp"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\Tons vga cast meal\\baitcamp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ChelloBackground]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ChelloMessenger"
"hkey"="HKLM"
"command"="C:\\Program Files\\chello\\ChelloMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ChelloDesktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ChelloDesktop"
"hkey"="HKLM"
"command"="C:\\Program Files\\chello\\ChelloDesktop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ClamWin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ClamTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ClamWin\\bin\\ClamTray.exe\" --logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cvvgyiwj]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dmfcua"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_15"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_15.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_15"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_15.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MoneyStartUp10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Activation"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ms Java for Windows NT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MS32"
"hkey"="HKLM"
"command"="MS32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ms Java Update For Windows NT/XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msijavaupdt32"
"hkey"="HKLM"
"command"="msijavaupdt32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\neb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="neb"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nergg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nergg"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\nergg.dll,start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_15"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_15.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RegsSect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tick seek"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\MICHAU~1\\APPLIC~1\\ADMINT~1\\tick seek.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Scenic News]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scenic News"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Scenic News.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00065"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\ibm00065.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\stonedrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="stonedrv"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\stonedrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Boonty Games"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002
"BITS"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060904-142246-847
O23 - Service: Windows Socket System Service - Unknown owner - C:\WINDOWS\System32\dllcache\wksrvs.exe
backup-20060904-142246-605
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20060904-142246-129
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060904-142246-869
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060904-142246-646
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
backup-20060904-142246-606
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060904-142246-793
O4 - HKCU\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe
backup-20060904-142246-577
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
backup-20060904-142246-909
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
backup-20060904-142246-642
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
backup-20060904-142246-961
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060904-142246-678
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
backup-20060904-142246-236
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msijavaupdt32.exe
backup-20060904-142246-863
F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
backup-20060904-142246-336
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060904-071945-946
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
backup-20060904-071945-557
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20060904-071945-451
O15 - Trusted Zone: *.elitemediagroup.net
backup-20060904-071945-497
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060904-071945-692
O15 - Trusted Zone: *.media-motor.net
backup-20060904-071945-611
O15 - Trusted Zone: *.mmohsix.com
backup-20060904-071945-662
O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00103.exe"
backup-20060904-071945-967
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
backup-20060904-071945-755
O4 - HKLM\..\Run: [rpcc] rpcc.exe
backup-20060904-071945-157
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060904-071945-600
O4 - HKLM\..\Run: [NvVideoCenter] C:\WINDOWS\System32\NvVid.exe
backup-20060904-071945-637
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
backup-20060904-071945-619
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060904-071945-224
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msijavaupdt32.exe
backup-20060904-071945-444
F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
backup-20060904-071945-842
R3 - Default URLSearchHook is missing
backup-20060903-142301-584
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
backup-20060903-142301-690
O23 - Service: Windows Socket System Service - Unknown owner - C:\WINDOWS\System32\dllcache\wksrvs.exe
backup-20060903-142301-500
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20060903-142301-556
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
backup-20060903-142301-550
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060903-142301-219
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
backup-20060903-142301-158
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
backup-20060903-142301-934
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
backup-20060903-142301-895
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060903-142301-359
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
backup-20060903-142301-954
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
backup-20060903-142301-131
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/stat ... nerADP.cab
backup-20060903-142300-403
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
backup-20060903-142300-965
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
backup-20060903-142259-235
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
backup-20060903-142258-257
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
backup-20060903-142258-518
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
backup-20060903-142258-485
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
backup-20060903-142258-710
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
backup-20060903-142258-935
O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe
backup-20060903-142258-439
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
backup-20060903-142258-375
O14 - IERESET.INF: START_PAGE_URL=http://home.fra.chello.fr/ssi/welcome/w ... ome&src=ie
backup-20060903-142258-660
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
backup-20060903-142258-418
O4 - HKCU\..\RunServices: [Sun Java Console for Windows NT & XP] jconsole.exe
backup-20060903-142258-880
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
backup-20060903-142258-357
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
backup-20060903-142258-620
O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00085.exe"
backup-20060903-142258-397
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
backup-20060903-142258-734
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060903-142258-403
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060903-142258-472
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
backup-20060903-142258-535
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20060903-142258-305
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
backup-20060903-142258-163
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
backup-20060903-142258-722
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msijavaupdt32.exe
backup-20060903-142258-473
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00085.exe"
backup-20060903-142258-697
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060903-142116-171
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msijavaupdt32.exe
backup-20060903-142116-855
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
backup-20060903-142116-378
F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
backup-20060902-214957-670
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
backup-20060902-214957-146
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe
backup-20060902-214957-871
O4 - HKLM\..\Run: [newname] C:\\nwnmff_15.exe
backup-20060902-214957-477
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
backup-20060902-214957-119
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,MS32.exe
backup-20060902-214957-690
F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
backup-20060902-214957-469
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060902-214957-684
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060902-214957-892
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/w ... ome&src=ie
backup-20060901-203452-178
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
backup-20060901-203452-720
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060901-203451-921
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\lvpo0973e.dll
backup-20060901-203451-896
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20060901-024500-489
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20060901-024500-697
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20060901-024500-149
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
backup-20060901-024500-530
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
backup-20060830-200403-325
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
backup-20060830-200403-665
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
backup-20060830-200403-334
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
backup-20060830-200403-624
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060830-200403-235
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060830-200403-229
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060830-200403-449
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20060830-200403-689
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
backup-20060508-103806-166
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20060508-103806-264
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
backup-20060508-103806-351
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
backup-20060508-103805-383
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
backup-20060508-103805-898
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
backup-20060508-103805-169
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
backup-20060508-103805-440
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20060508-103805-923
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
backup-20060508-103805-962
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20060508-103805-164
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
backup-20060508-103805-947
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par chello broadband n.v.
backup-20060508-103805-832
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
backup-20060508-103805-701
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.fr:8080
backup-20060508-103805-438
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;local;;<local>
backup-20060508-103805-954
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060508-103805-544
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.fra.chello.fr/ssi/welcome/w ... ome&src=ie
backup-20060508-103805-633
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20060508-103805-903
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
backup-20060508-103805-366
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/def ... earch.html
backup-20060508-103805-508
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
backup-20060508-103805-400
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
backup-20060425-173504-221
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060425-173504-287
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
backup-20060425-161817-359
O20 - Winlogon Notify: winxzl32 - winxzl32.dll (file missing)
backup-20060425-161817-531
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060425-161817-730
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
backup-20060425-161816-158
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
backup-20060425-161816-417
O4 - HKCU\..\Run: [Rcea] "C:\DOCUME~1\MICHAU~1\APPLIC~1\SSTEM~1\msdtc.exe" -vt yax
backup-20060425-161816-344
O4 - HKCU\..\Run: [Zbokdksw] C:\WINDOWS\??stem32\??plorer.exe
backup-20060425-161816-779
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20060425-161816-612
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20060425-083742-497
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20060425-083742-102
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
backup-20060425-083742-322
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060425-083742-973
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\System32\hp8C47.tmp
backup-20060425-082900-795
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
backup-20060425-082900-138
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
backup-20060425-082900-851
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
backup-20060425-082859-728
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleAc ... refid=1162
backup-20060425-082858-725
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
backup-20060411-112729-645
O18 - Protocol: bwz0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-958
O18 - Protocol: bwz0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-235
O18 - Protocol: offline-8876480 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-225
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
backup-20060411-112729-139
O18 - Protocol: bwy0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-854
O18 - Protocol: bwy0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-513
O18 - Protocol: bwx0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-379
O18 - Protocol: bwx0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-479
O18 - Protocol: bww0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-759
O18 - Protocol: bww0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-577
O18 - Protocol: bwv0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-487
O18 - Protocol: bwv0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-543
O18 - Protocol: bwu0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-259
O18 - Protocol: bwu0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-666
O18 - Protocol: bwt0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-516
O18 - Protocol: bws0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-137
O18 - Protocol: bws0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-442
O18 - Protocol: bwt0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-665
O18 - Protocol: bwr0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-916
O18 - Protocol: bwr0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-478
O18 - Protocol: bwq0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-536
O18 - Protocol: bwq0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-652
O18 - Protocol: bwp0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-770
O18 - Protocol: bwp0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-288
O18 - Protocol: bwo0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-782
O18 - Protocol: bwo0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-284
O18 - Protocol: bwn0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-810
O18 - Protocol: bwm0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-476
O18 - Protocol: bwm0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-205
O18 - Protocol: bwn0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-220
O18 - Protocol: bwk0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-167
O18 - Protocol: bwl0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-650
O18 - Protocol: bwk0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-626
O18 - Protocol: bwl0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-674
O18 - Protocol: bwi0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-428
O18 - Protocol: bwj0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-547
O18 - Protocol: bwh0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-165
O18 - Protocol: bwj0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-415
O18 - Protocol: bwi0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-717
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
backup-20060411-112729-192
O18 - Protocol: bwg0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-644
O18 - Protocol: bwg0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-280
O18 - Protocol: bwh0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-176
O18 - Protocol: bwe0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-326
O18 - Protocol: bwf0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-469
O18 - Protocol: bwe0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-672
O18 - Protocol: bwf0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-368
O18 - Protocol: bwd0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-859
O18 - Protocol: bwc0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-276
O18 - Protocol: bwb0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-528
O18 - Protocol: bwd0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-404
O18 - Protocol: bwc0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-606
O18 - Protocol: bwb0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-933
O18 - Protocol: bwa0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-741
O18 - Protocol: bwa0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-965
O18 - Protocol: bw90s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-689
O18 - Protocol: bw90 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-515
O18 - Protocol: bw80s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-931
O18 - Protocol: bw60 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-906
O18 - Protocol: bw80 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-219
O18 - Protocol: bw70 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-109
O18 - Protocol: bw70s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-849
O18 - Protocol: bw60s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-268
O18 - Protocol: bw50 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-570
O18 - Protocol: bw50s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-475
O18 - Protocol: bw40 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-702
O18 - Protocol: bw40s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-663
O18 - Protocol: bw20s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-113
O18 - Protocol: bw20 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-103
O18 - Protocol: bw30 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-285
O18 - Protocol: bw30s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-902
O18 - Protocol: bw10 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-895
O18 - Protocol: bw-0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-788
O18 - Protocol: bw00s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-827
O18 - Protocol: bw10s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-926
O18 - Protocol: bw-0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-316
O18 - Protocol: bw00 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-656
O18 - Protocol: bw+0s - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-303
O18 - Protocol: bw+0 - {14973F9A-CF7B-442F-B832-6D8C1151C673} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20060411-112729-846
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/se ... loader.cab
backup-20060411-112728-875
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.compani ... _1_6_0.cab
backup-20060411-112728-559
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
backup-20060411-112728-657
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
backup-20060411-112728-462
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/14400 ... 1.14.0.cab
backup-20060411-112727-779
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
backup-20060411-112727-307
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7332248347
backup-20060411-112727-468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
backup-20060411-112727-937
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
backup-20060411-112727-558
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
backup-20060411-112727-666
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/res ... nPUpld.cab
backup-20060411-112726-684
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _FR_XP.cab
backup-20060411-112726-203
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
backup-20060411-112726-740
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
backup-20060411-112726-953
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
backup-20060411-112726-453
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
backup-20060411-112725-788
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20060411-112725-139
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
backup-20060411-112725-566
O2 - BHO: (no name) - {0F13857B-2256-7BD7-451F-1286640B2CFB} - C:\DOCUME~1\MICHAU~1\APPLIC~1\SITETE~1\BOLDHEART.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF28E3A39187958B.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1106656784.job

Completion time: 11/09/2006 16:09:19.48
ComboFix.txt



Logfile of HijackThis v1.99.1
Scan saved at 16:14:33, on 11/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Visualware Security Suite\tscore.exe
C:\Program Files\Visualware Security Suite\desktopicon.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\David\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customiz

Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 11 sept. 2006 16:24

Il manque la fin du rapport HijackThis et les backups pas besoin de les mettre.

Tu te connectes avec un modem ou un routeur ?
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.

Docky

Message par Docky » 11 sept. 2006 16:24

Logfile of HijackThis v1.99.1
Scan saved at 16:14:33, on 11/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Visualware Security Suite\tscore.exe
C:\Program Files\Visualware Security Suite\desktopicon.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\David\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [DesktopIcon] C:\Program Files\Visualware Security Suite\desktopicon.exe
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/stat ... nerADP.cab
O20 - Winlogon Notify: mljhe - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

Malekal_morte
Site Admin
Site Admin
Messages : 96517
Inscription : 10 sept. 2005 13:57
Contact :

Message par Malekal_morte » 11 sept. 2006 16:36

Désinstalle Vundofix.

Sur HijackThis, coche cette ligne :

O20 - Winlogon Notify: mljhe - C:\WINDOWS\

--> clic sur fix checked

- Télécharge et installe ewido
- Mets le à jour à partir du menu update en haut, n'hésite pas à consulter l'Aide ewido pour tout problème.
- Télécharge clean.zip, décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.


Ensuite télécharges et installes :
KillBox de Option^Explicit
Aide Killbox

sélectionne entièrement la liste ci-dessous :
C:\WINDOWS\system32\m064lajq1doe.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\nnnop.dll
C:\WINDOWS\system32\xxwxw.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\hggge.dll
C:\WINDOWS\system32\gebxx.dll
C:\WINDOWS\system32\fcyxu.dll
C:\WINDOWS\system32\efeec.dll
C:\WINDOWS\system32\awvsr.dll
C:\cqrkkvp.exe
C:\WINDOWS\system32\gebbb.dll
C:\WINDOWS\system32\geeef.dll
C:\WINDOWS\system32\ljjkh.dll
C:\WINDOWS\system32\ursrr.dll
C:\WINDOWS\system32\rqono.dll
C:\WINDOWS\system32\jkkkh.dll
C:\WINDOWS\system32\wvusp.dll
C:\WINDOWS\system32\ssqop.dll
C:\WINDOWS\system32\pmnoo.dll
C:\WINDOWS\system32\rqopn.dll
C:\WINDOWS\system32\byvtu.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\qomll.dll
C:\WINDOWS\system32\efccy.dll
C:\WINDOWS\system32\ljhfc.dll
C:\WINDOWS\system32\fcyxx.dll
C:\WINDOWS\system32\wvutt.dll
C:\WINDOWS\system32\pmnkk.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\rqomn.dll
C:\WINDOWS\system32\mllkh.dll
C:\WINDOWS\system32\hkllm.bak1
C:\WINDOWS\system32\yabyv.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\yayxy.dll
C:\WINDOWS\system32\ljjgg.dll
C:\WINDOWS\system32\rqolj.dll
C:\WINDOWS\system32\tussr.dll
C:\WINDOWS\system32\hgdde.dll
C:\WINDOWS\system32\nnnol.dll
C:\WINDOWS\system32\xxyyx.dll
C:\WINDOWS\system32\wvwvs.dll
C:\WINDOWS\system32\fcyax.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\ljhff.dll
C:\WINDOWS\system32\stonedrv.exe
C:\WINDOWS\system32\mljih.dll
C:\WINDOWS\system32\jkhgh.dll
C:\WINDOWS\system32\hghkj.bak1
C:\WINDOWS\system32\awtrs.dll
C:\WINDOWS\system32\9217106.dll
C:\WINDOWS\system32\loadss.exe
C:\WINDOWS\system32\eltcelcius.exe
C:\WINDOWS\system32\geeed.dll
C:\WINDOWS\system32\nades.exe
C:\WINDOWS\system32\dr3.exe
C:\nergy.exe
C:\nds.exe
C:\nades.exe
---> et tu fais clic droit / copier

Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le menu "File" -> "Past from clip board"
- Clique sur la croix rouge et et blanche
- Répond yes et laisse redémarrer ton pc.
N'hésite pas à consulter l'Aide killbox


_____

-- Redémarre en mode en mode sans échec, si tu sais pas comment on fait lis ceci
-- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

- Ouvre ewido et clic sur l'onglet Settings, pour How to Act sélèctionne Quarantine.
Reviens a l'onglet Scan cliques Complete system Scan.
Le scan démarre.
A la fin cliquer sur Apply all actions
Puis sur Save report et pour finir Save report as enregistrer sur le Bureau.


Aide : N'hésite pas à consulter l'Aide ewido pour tout problème.


-- Redémarre en mode normal : Menu Démarrer / Arreter / Redémarre l'ordinateur
Attention : dans le cas où l'ordinateur redémarre en boucle en mode sans échec, faire la manipulation inverse en décochant l'option /SAFEBOOT à l'aide de msconfig : voir à nouveau cette page : cliquez-ici

-- Fais un scan en ligne avec Internet Explorer : Scan Kaspersky et colle le rapport ici. Si tu es perdu, tu peux suivre cette aide pour les scans en ligne




-- Copie/Colle ici les rapports :
- ewido
- le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
- ainsi qu'un nouveau log HijackThis
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Tutoriels Logiciels - Tutoriel Windows - Windows 10

Stop publicités - popups intempestives
supprimer-trojan.com : guide de suppression de malwares

Partagez malekal.com : n'hésitez pas à partager sur Facebook et GooglePlus les articles qui vous plaisent.


Verrouillé

Revenir vers « VIRUS : Supprimer/Desinfecter (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »