winupgro.exe (encore ...!)

Question

Bonjour,

je me permets de vous demander votre aide car mon pc est infecté avec winupgro.exe. A lire les messages du forum, je ne suis pas le premier mais on m'a conseillé d'ouvrir un nouveau sujet. J'ai déjà effectué un scan avec Findykill et je vous poste le rapport. Je vous remercie par avance pour l'aide que vous voudrez bien me fournir.

Johnny

----------------- FindyKill V4.710 ------------------

* User : Bertrand - LIHOREAU-EWP0CH
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 20:14:58 le 27/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\explorer.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\164343.EXE-1B3D3CDB.pf
Found ! - C:\WINDOWS\prefetch\268296.EXE-30E976EA.pf
Found ! - C:\WINDOWS\prefetch\287890.EXE-21000882.pf
Found ! - C:\WINDOWS\prefetch\365390.EXE-3ABF71C7.pf
Found ! - C:\WINDOWS\prefetch\458718.EXE-02FD746A.pf
Found ! - C:\WINDOWS\prefetch\565734.EXE-02169DC3.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-3A2B18B6.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-2DB93972.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-38F65E52.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-2DB93972.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-38F65E52.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [27/12/2008 18:35] - C:\WINDOWS\system32\mdelk.exe
Found ! [27/12/2008 18:35] - C:\WINDOWS\system32\wintems.exe
Found ! [27/12/2008 20:06] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\Bertrand\Application Data

Found ! [27/12/2008 19:23] - "C:\Documents and Settings\Bertrand\Application Data\m\flec006.exe"
Found ! [27/12/2008 19:23] - "C:\Documents and Settings\Bertrand\Application Data\m\list.oct"
Found ! [27/12/2008 19:24] - "C:\Documents and Settings\Bertrand\Application Data\m\data.oct"
Found ! [27/12/2008 19:24] - "C:\Documents and Settings\Bertrand\Application Data\m\srvlist.oct"
Found ! [27/12/2008 19:24] - "C:\Documents and Settings\Bertrand\Application Data\m\shared"
Found ! [27/12/2008 19:04] - "C:\Documents and Settings\Bertrand\Application Data\m"
Found ! [27/12/2008 18:35] - "C:\Documents and Settings\Bertrand\Application Data\drivers"
Found ! [27/12/2008 19:21] - "C:\Documents and Settings\Bertrand\Application Data\drivers\srosa.sys"
Found ! [27/12/2008 19:21] - "C:\Documents and Settings\Bertrand\Application Data\drivers\srosa2.sys"
Found ! [15/10/2006 07:05] - "C:\Documents and Settings\Bertrand\Application Data\drivers\winupgro.exe"
Found ! [27/12/2008 19:25] - "C:\Documents and Settings\Bertrand\Application Data\drivers\downld"
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\101359.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\102656.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\102671.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\133625.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\134234.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\134546.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14738953.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14738984.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14739000.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14763609.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14764031.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14764375.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14954250.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14954296.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14954562.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14967625.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14968531.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14968984.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14969968.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14971000.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14971468.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14990937.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14991359.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14991703.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14999031.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15004093.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15004531.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15006218.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15006921.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15007453.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15040921.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15041125.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15041218.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\164343.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\177359.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\199187.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\200125.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\200140.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\211921.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\213031.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\213453.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\257703.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\258234.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\258265.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\259781.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\260328.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\260625.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\268296.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\269609.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270000.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270656.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270734.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270968.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\271171.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\272265.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\272937.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\273359.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\287890.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\290828.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\291203.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\291531.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\297921.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\298062.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\298656.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\298718.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299046.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299250.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299625.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299703.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\301031.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\301703.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\302140.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\311156.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\312406.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\312812.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\313531.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\314500.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\314921.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\325609.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\336609.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\337031.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\337109.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\338656.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\339265.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\339562.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\347875.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\348515.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\348984.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\365390.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\375046.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\379609.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\379656.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\458718.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\491562.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\492218.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\503812.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\505156.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\505578.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\539828.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\540437.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\540734.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\549562.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\550187.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\550546.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\565734.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\57625.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\58687.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\598328.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\598703.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\598812.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\61921.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\63156.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\63203.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\66265.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67046.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67093.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67125.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67593.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\70343.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\72328.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\82500.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\83515.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\83812.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\86468.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\87125.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\87421.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\92562.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\93343.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\93421.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\93640.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\94031.exe
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\94328.exe

»»»» Presence des fichiers dans C:\DOCUME~1\Bertrand\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5

Found ! [27/12/2008 12:48] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\8PCR834V\b64[1].jpg
Found ! [27/12/2008 19:03] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\8PCR834V\b64[2].jpg
Found ! [27/12/2008 19:05] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\8PCR834V\b64_2[2].jpg
Found ! [27/12/2008 19:15] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\GHWDQ3CD\b64[1].jpg
Found ! [27/12/2008 12:46] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\GHWDQ3CD\b64_3[1].jpg
Found ! [27/12/2008 16:50] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\GHWDQ3CD\b64_3[2].jpg
Found ! [27/12/2008 16:53] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\MDSJ29E5\b64[1].jpg
Found ! [27/12/2008 18:37] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\MDSJ29E5\b64[2].jpg
Found ! [27/12/2008 12:50] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\MDSJ29E5\b64_2[1].jpg
Found ! [27/12/2008 19:25] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\MDSJ29E5\b64_2[2].jpg
Found ! [27/12/2008 19:00] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\MDSJ29E5\b64_5[1].jpg
Found ! [27/12/2008 12:48] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\VM033H89\b64[1].jpg
Found ! [27/12/2008 19:23] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\VM033H89\b64[2].jpg
Found ! [27/12/2008 16:55] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\VM033H89\b64_2[1].jpg
Found ! [27/12/2008 19:17] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\VM033H89\b64_2[2].jpg
Found ! [27/12/2008 18:35] - C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5\VM033H89\b64_3[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
DeltTray=DeltTray.exe
gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
H2O=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
vptray=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
WINDVDPatch=CTHELPER.EXE
WD Button Manager=WDBtnMgr.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\axcmd]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

H: - Lecteur fixe

J: - Lecteur fixe

K: - Lecteur fixe

L: - Lecteur fixe

M: - Lecteur fixe

+- Contenu de l'autorun : J:\autorun.inf

[autorun]
ICON=AUTORUN\WDLOGO.ICO

+- presence des fichiers :

Found ! [15/11/2005 12:08][--ah-----] - J:\autorun.inf

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Afficher la suite

Destrio5 · Accepted Answer

Salut,

banana ---> Si c'est pour donner des procédures débiles, mieux vaut ne pas poster merci ;)

--> Supprime tes cracks et keygens sinon l'infection se relancera.

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

banana · Answer

Bonjour Jonny,

Vous avez installé Un CD CRACK. C'est bien vilain car le problème vient probablement de là...

Pour l'instant essayé la chose suivante:

Effacez ces fichiers, qui sont des fichiers de prefetch. Assurez-vous préalablement de fermer les applications relié à votre CD crack:

Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-3A2B18B6.pf 
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-2DB93972.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-38F65E52.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-2DB93972.pf 
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-38F65E52.pf

Ensuite, cherchez le fichier nommé winupgro.exe à l'aide de la onction rechercher de votre systènme d'exploitation windows, et effacez-le.

Maintenant, allez chercher un programme nommé Ccleaner et effectuez une vérification du registre de clés à partir du programme. Cochez la case pour réparer les erreurs. Une boite apparaitra pour vous demander de faire une sauvegarde de la base de registre, acceptez. Maintenant que c'est nettoyé, redémarrez votre ordinateur et dites-nous si le problème est réglé.

Cordialement,

banane

Johnny · Answer

Merci Banane pour ton aide.
Malheureusement, mon pc ne redémarre plus ...
J'essaie de gérer la crise et je tiens au courant.

Bertrand

Johnny · Answer

Merci Destrio5 pour ton aide, voici le rapport de FindyKill




----------------- FindyKill V4.710 ------------------

* User : Bertrand - LIHOREAU-EWP0CH
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 21:51:59 the 27/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\WINDOWS 
 
 
»»»» Supression files in C:\WINDOWS\Prefetch 
 
 
»»»» Supression files in C:\WINDOWS\system32 
 
Deleted ! - C:\WINDOWS\system32\mdelk.exe  
Deleted ! - C:\WINDOWS\system32\wintems.exe  
 
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming 
 
 
»»»» Supression files in C:\WINDOWS\system32\drivers 
 
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys  
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys  
 
»»»» Supression files in C:\Documents and Settings\Bertrand\Application Data 
 
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\m\flec006.exe"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\m\list.oct"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\m\data.oct"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\m\srvlist.oct"  
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\024h Lucky Reminder 1.83.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\11Ea Mobile Fifa 2007 v1.2.47 n73.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\123Pet 6.0.5.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\3D Crash Icons Screensaver 1.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\3D Video Mixer Filter 1.0b.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\3Q DVD Audio Ripper 2.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\7.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\70-310 Downloadable Exam Simulator 2.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Aardvark Caf‚ computer font 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Abacus Geometry Draw 4.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Ad-Aware 2008 Pro 7.1.0.10.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\AdBrick 1.0 Pre-Release Build 34.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Agar 1.3.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\April Fools Screensaver 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Available Domains Professional 4.1.3 Build 2174.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\avg.antivirus.7.1.plus.firewall.+.serial.updated-fixed.07-2006.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Babya VST Studio 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\BitDefender.v8.fr.+.crack.2005.Pro.Fr.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Bloglines Browser Plug-In 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\CallWave Visual Voicemail 1.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Chilibase for Outlook 1.5.4.138.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Cookie Spook 3.0.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\cSwing 2006 2006.1.6.409.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Daily Express News 1.0.0.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Daily Star Signs 3.02.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\DAT to AVI Converter 3.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\DataLock 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Decision Helper 2 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\DesktopAuctionTracker 1.4.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Developer's Tips & Tricks 1.2.0 Build 4.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\DigDB for Excel 7.1.3.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Disk Speed 2.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Drive Backup Professional 9.0 Build 5541.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Duplicate File checker for Pro Engineer 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\DVD2AVI Ripper 3.2.0.76.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\EMuleInfo 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Extension Killer 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\EZ Converter 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\F1 Racing 3D Screensaver 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\FairyTrick Clock 1.3.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Flux Screensaver 5.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\FM 94.9 San Diego 2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Forest Clock ScreenSaver 2.3.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Gamer Card Writer Plugin 1.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Get MD5 0.9.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Gordago Forex Optimizer TT 2.6.2522.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\GroupTasks 1.20.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\HobbyDebug toolbar for Firefox 1.5.0.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\HobbyTent toolbar for IE 4.5.132.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Integrica 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Italy Map Locator 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Jaguar S Type Screensaver.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\JavaScript Vertical Gallery Slider 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Jennifer Aniston Screensaver1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Jesterware DVD to iPhone 3.51.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Juicer 3.15 Build 156 Beta.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\JWC Chord Transposer 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathÇ¸matique.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Killer Mobile Total Recall V 3.0.1 s60v3 Symbianos Incl Keygen- Binpda.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Lector 2.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Liberty Basic ToolBox 1.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Linguata Portuguese 4.6.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\LiveJournal Hook 3.2.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Lizard's Lens 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\MagicTweak 4.12.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\MB6-202 - Axapta 3.0 Programming Practice Test Questions 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\McAfee.VirusScan.Enterprise.v8.5.0i-DVT.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\MeshCAD for Rhino 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Motorola Siemens 128x128 128x160 Adapted.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\My Little Note Saver 1.7.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\NativeJ 4.8.6.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\NOD32_2.70.26_spanish.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Obama Clock 1.1.0.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Office Space Sticky 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\One EZ Loan Calculator 1.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\OODogs 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Opx Self-extractor 2.9.3.3577.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Panda.10.01.02.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Panda.Antivirus.Platinum.v7.Cracked.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Pasta Screensaver 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\PDF Conversion Series - PDF2CHM 2.0 Build 0915.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\PDF Splitter and Merger 3.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Photovault 0.5.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\phpBB Advanced Quick Reply Quote Edit 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Ping Tester - Professional 9.01.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Polar SWF MetaData 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\PractiCount and Invoice Business Edition 3.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Prev Image 1.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\QBrowser 1.8.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Quick Recovery for CD 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Rain Drops Screensaver 2.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\RecycleNOW 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Registry Purifier 1.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Remover for I-Worm.Bridex 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Scrap Icons.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SharkPoint Windows 2.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SheerVideo Reader 2.6.5.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SignGenius SASL Pro 3.1.3.718.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SilentNight IE Watcher Professional 2.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Simple FTP Client 1.0.22.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Smart Chart 1.6.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SocketWrench Secure Edition 6.0 Build 6000.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Software Gun 1.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Sony-Ericsson SendFile 1.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Sorta Music Player 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\spEye 1.0 beta.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SpiderFriend 0.19a.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\SSA to SRT Converter 0.5b.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Strange 0.5.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Strategy Chess 1.3.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Symantec.AntiVirus.Corporate.v10.0.2.2001.Server.GERMAN-TBE.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Symantec.Mail.Security.License.1165464.7.Slf.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\The Business OpsCenter 3.5.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\The Job Insider - Scout 1.5.5.6.03.25.10.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\The PC Jukebox 8.1.9.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\TrayLauncher 1.9.5.1.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Twisting Pixels 1.33.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Url Splitter 1.3.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\USS Monitor 0.0.7.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\VaffWav 1.0.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Video Mobile Converter 1.3.9.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\Windows XP Service Pack 3 Deployment Tools.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\WinTiles 1.2.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\WordScale Text Capture Engine SDK 2.1.1.54.zip 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\m\shared\ZMail 0.6.zip 
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\m\shared"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\m"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\drivers\srosa.sys"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\drivers\srosa2.sys"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\drivers\winupgro.exe"  
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\101359.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\102656.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\102671.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\133625.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\134234.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\134546.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14738953.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14738984.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14739000.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14763609.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14764031.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14764375.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14954250.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14954296.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14954562.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14967625.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14968531.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14968984.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14969968.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14971000.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14971468.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14990937.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14991359.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14991703.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\14999031.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15004093.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15004531.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15006218.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15006921.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15007453.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15040921.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15041125.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\15041218.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\164343.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\177359.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\199187.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\200125.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\200140.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\211921.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\213031.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\213453.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\257703.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\258234.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\258265.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\259781.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\260328.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\260625.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\268296.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\269609.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270000.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270656.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270734.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\270968.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\271171.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\272265.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\272937.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\273359.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\287890.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\290828.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\291203.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\291531.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\297921.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\298062.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\298656.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\298718.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299046.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299250.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299625.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\299703.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\301031.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\301703.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\302140.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\311156.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\312406.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\312812.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\313531.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\314500.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\314921.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\325609.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\336609.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\337031.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\337109.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\338656.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\339265.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\339562.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\347875.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\348515.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\348984.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\365390.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\375046.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\379609.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\379656.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\458718.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\491562.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\492218.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\503812.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\505156.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\505578.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\539828.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\540437.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\540734.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\549562.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\550187.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\550546.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\565734.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\57625.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\58687.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\598328.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\598703.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\598812.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\61921.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\63156.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\63203.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\66265.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67046.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67093.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67125.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\67593.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\70343.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\72328.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\82500.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\83515.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\83812.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\86468.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\87125.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\87421.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\92562.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\93343.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\93421.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\93640.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\94031.exe 
Deleted ! - C:\Documents and Settings\Bertrand\Application Data\drivers\downld\94328.exe 
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\drivers\downld"  
Deleted ! - "C:\Documents and Settings\Bertrand\Application Data\drivers"  
 
»»»» Supression files in C:\DOCUME~1\Bertrand\LOCALS~1\Temp 
 
 
»»»» Supression files in C:\Documents and Settings\Bertrand\Local Settings\Temporary Internet Files\Content.IE5 
 
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-1532298954-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro   
 
--------------- [ States / Restarting of services ] ---------------- 
 
+- Safe boot mode restored ! 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

 Ndisuio - Type of startup  = 3 
 
 EapHost - Type of startup  = 2 
 
 Ip6Fw - Type of startup  = 2 
 
 SharedAccess - Type of startup  = 2 
 
 wuauserv - Type of startup  = 2 
 
 wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

H: - Lecteur fixe

 
+- deleting files : 
 
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack\Readme.txt
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack\winedit 5.3.2002.323.exe
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack\WinEdt v. 5.3.2002.323 english.PATCH-DBZ.rar
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack\winedt54.rar
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack\WinEdt_5.4.2002.802.PATCH_MP2K.rar
C:\Documents and Settings\Bertrand\Bureau\Winedit v5.4.2002.232 - Incl Crack\WinEdt_5.4.2002.802_private_build.PATCH_MP2K.rar

 
---------------- ! End of report ! ------------------

Destrio5 · Answer

Très bien.

---> Réinstalle les applications qui ont été infectés (Antivirus...).

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Johnny · Answer

Encore merci pour ton aide. Voici (enfin !) les rapports :

log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bertrand at 2008-12-27 22:34:49
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 6 GB (15%) free of 40 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:00, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bertrand\Bureau\RSIT.exe
C:\Program Files	rend micro\Bertrand.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers 

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers 

communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Bertrand\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Bertrand\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - 

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116660326000
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers 

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 

120\StarWind\StarWindServiceAE.exe

Destrio5 · Answer

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Johnny · Answer

et hop !

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1556
Windows 5.1.2600 Service Pack 3

27/12/2008 23:09:50
mbam-log-2008-12-27 (23-09-50).txt

Type de recherche: Examen rapide
Eléments examinés: 54291
Temps écoulé: 4 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents (Trojan.Agent) -> Quarantined and deleted successfully.

Johnny · Answer

un petit up au kazoo ...

Destrio5 · Answer

Je reviens plus tard.

---> Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries sur ton Bureau :
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Clique sur Search For Updates.
* Sélectionne Update Using jucheck.exe puis clique sur Search.
* Autorise le processus à se connecter s'il le demande, clique sur Install et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Remove Older Versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur Ok, puis une deuxième fois sur Ok.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.
Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

Johnny · Answer

Voici le rapport de JavaRa (je ne comprends plus trop ce qu'on fait)

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Dec 27 23:58:29 2008

Found and removed: C:\Program Files\Java\jre1.5.0_01

Found and removed: C:\Program Files\Java\jre1.5.0_02

Found and removed: C:\Program Files\Java\jre1.5.0_04

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Windows\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150010}

Found and removed: C:\Windows\System32\jupdate-1.5.0_01-b08.log

Found and removed: Software\JavaSoft\Java2D\1.5.0_01

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_01

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510001

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150010}\

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Dec 27 23:59:40 2008

------------------------------------

Finished reporting.

Destrio5 · Answer

---> Supprime JavaRa.

---> Relance MBAM, va dans Quarantaine et supprime tout.

- Télécharge HijackThis v2.0.2 sur ton Bureau.

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.

mnm · Answer

Avez-vous essayé de booter et de faire un scan avec un LiveCD, genre DrWeb LiveCD ?

ftp://ftp.drweb.com/pub/drweb/livecd/minDrWebLiveCD-4.44.1.0811190.iso

Johnny · Answer

Bonjour,

voici le log de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:26, on 28/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Bertrand\Application Data\drivers\winupgro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1116660326000
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) - 
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) - 
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) - 
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - 
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - 
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - 
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - 
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F8A6C73-C55A-44E3-AE71-4159F9FBD67F}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only.

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Bertrand\Application Data\drivers\winupgro.exe 

O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) - 

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) - 

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - 

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - 

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - 

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - 

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis.

Winupgro.exe (encore ...!)

15 réponses

Votre réponse

Discussions similaires

Newsletters