Help mémoire infectée

Résolu
didou43 -  
crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

après deux scan avast, ma mémoire a été infectée avec plusieurs fichiers infectés (766 lignes listées)
depuis quand je demarre mon ordi ca m affiche le fichier " c:\windows\system32\tzilwi.dll" introuvable.

aussi au démarrage affichage de : HPZipm 12.exe - Erreur d' application
L' instruction à " 0x774bdf 1b" emploie l' adresse mémoire " 0x00000000". la mémoire ne peut pas être " read". cliquez sur OK pour terminer....

que faut il faire? tout désinstaller et re- installer windows et orange.
merci de vos réponses. urgence
Configuration: Windows XP
Internet Explorer 7.0

67 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Le problème porte sur une infection mémoire après deux scans Avast, avec des fichiers infectés et des messages d'erreur au démarrage (c:\windows\system32\tzilwi.dll introuvable et l'erreur HPZipm 12.exe). Plusieurs réponses suggèrent des nettoyages et vérifications avec des outils spécialisés comme SDFix, OTMoveIt3 et HijackThis, afin d'extraire les éléments malveillants et remettre les paramètres système. D'autres approches recommandent des scans en ligne (Kaspersky Online Scanner) et des nettoyages via UsbFix, ainsi que la mise à jour de la quarantaine Avast et l'analyse des rapports pour repérer les éléments résiduels. Pour compléter ces éléments, certaines recommandations incitent à ne pas ouvrir les pièces jointes infectées et à éviter des actions risquées tant que le nettoyage n'est pas terminé.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ••RiverToo•• Messages postés 1098 Statut Membre 53
     
    Salut

    Commence par faire un rapport hijackthis :

    • Tu peux le télécharger ici : https://www.commentcamarche.net/telecharger/ 159 hijackthis

    • Le dézipper dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < c : ! (Cela permet des back-up en cas de mauvaises suppressions)
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    • L’exécuter puis sur "Do a system scan and save a logfile" (cf. démo)
    faire un copier-coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    De plus

    • Télécharge rmalwarebyte's antimalware : http://www.commentcamarche.net/telecharger/telechargement 34055379-malwarebytes-anti-malware
    • Tuto ici : https://forum.pcastuces.com/sujet.asp?f=31&s=3

    poste le rapport complet dans ton prochain poste

    Bon courage

    ••RiverToo••

    0
    1. didou43
       
      bjour

      pour les 4 premiers liens, impossible d y accéder. faut il faire qu avec le 5 eme lien seulement?
      MERCI
      0
    2. didou43
       
      j ai téléchargé hijakthis mais cé en anglais pas terrible pour comprendre.
      et avec je fais un scan only.
      0
  2. ••RiverToo•• Messages postés 1098 Statut Membre 53
     
    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    post egalement un nouveau rapport hijack this dans ta reponse .

    Pour hijackthis :

    Télécharge HijackThis ici :

    -> https://www.commentcamarche.net/telecharger/ 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    Bon courage
    0
    1. didou43
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:36:16, on 01/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Controle Parental\bin\optproxy.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\winscenter.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\PROGRA~1\MSNMES~1\msnmsgr.exe
      C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Controle Parental\bin\OPTGui.exe
      C:\Program Files\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Wanadoo\Watch.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {625A1937-9ACC-4757-BF3E-F0D0B027BDA2} - (no file)
      O2 - BHO: {c688acbf-d0d1-827b-47e4-e9ae77d5ce46} - {64ec5d77-ea9e-4e74-b728-1d0dfbca886c} - C:\WINDOWS\system32\sqdwcr.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Documents and Settings\colomb\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] ~"C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O20 - AppInit_DLLs: sqdwcr.dll
      O20 - Winlogon Notify: jkkJdbBU - jkkJdbBU.dll (file missing)
      O21 - SSODL: InternetConnection - {51B1FC10-1C65-438A-8EA9-FCE48AE587AC} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ccrgswyely.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
      O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
      O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      0
      1. didou43 > didou43
         
        Quels sont les fichies que je dois supprimer ou réparer???
        0
  3. ••RiverToo•• Messages postés 1098 Statut Membre 53
     
    fait combofix stp
    0
    1. didou43
       
      voici mon rapport apres scan combofix,




      ComboFix 09-01-01.01 - colomb 2009-01-02 12:01:51.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.255.29 [GMT 1:00]
      LancÚ depuis: c:\docume~1\colomb\MESDOC~1\DIDIER~1\combofix.exe
      Commutateurs utilisÚs :: c:\docume~1\colomb\MESDOC~1\DIDIER~1\combofix.exe
      * Un nouveau point de restauration a ÚtÚ crÚÚ
      .
      [i] ADS - svchost.exe: deleted 32256 bytes in 1 streams. /i
      /wow section - STAGE 3


      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
      c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
      c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
      c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
      c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
      c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
      c:\documents and settings\colomb\Local Settings\Application Data\gowmw.dat
      c:\documents and settings\colomb\Local Settings\Application Data\gowmw.exe
      c:\documents and settings\colomb\Local Settings\Application Data\gowmw_nav.dat
      c:\documents and settings\colomb\Local Settings\Application Data\gowmw_navps.dat
      c:\documents and settings\colomb\Local Settings\Application Data\kuyug.dat
      c:\documents and settings\colomb\Local Settings\Application Data\kuyug.exe
      c:\documents and settings\colomb\Local Settings\Application Data\kuyug_nav.dat
      c:\documents and settings\colomb\Local Settings\Application Data\kuyug_navps.dat
      c:\windows\reged.exe
      c:\windows\spoolsystem.exe
      c:\windows\sys.com
      c:\windows\syscert.exe
      c:\windows\sysexplorer.exe
      c:\windows\system32\aogoyywm.ini
      c:\windows\system32\bujlorbc.dll
      c:\windows\system32\dfvpjwwq.dll
      c:\windows\system32\evscldrd.dll
      c:\windows\system32\ggxpfkre.dll
      c:\windows\system32\hgsfjfif.ini
      c:\windows\system32\jlivotos.ini
      c:\windows\system32\kkjmonbd.ini
      c:\windows\system32\kmnoYcfe.ini
      c:\windows\system32\kmnoYcfe.ini2
      c:\windows\system32\kvnsajiy.dll
      c:\windows\system32\MabryObj.dll
      c:\windows\system32\mcrh.tmp
      c:\windows\system32\nVwvDcfe.ini
      c:\windows\system32\nVwvDcfe.ini2
      c:\windows\system32\pnwhuo.dll
      c:\windows\system32\qxeefwqv.ini
      c:\windows\system32\rwcgta.dll
      c:\windows\system32\sqdwcr.dll
      c:\windows\system32\TDSSmaxt.dat
      c:\windows\system32\TDSSrhym.log
      c:\windows\system32\uupmni.dll
      c:\windows\system32\vlrahmxv.dll
      c:\windows\system32\vqwfeexq.dll
      c:\windows\system32\vxmharlv.ini
      c:\windows\system32\winscenter.exe
      c:\windows\system32\wxqmsf.dll
      c:\windows\system32\xgtaabbf.dll
      c:\windows\system32\xktenalt.dll
      c:\windows\system32\zbjqow.dll
      c:\windows\vmreg.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_FCI
      -------\Legacy_ICF
      -------\Legacy_TDSSSERV.SYS
      -------\Service_FCI
      -------\Service_ICF
      -------\Service_TDSSserv.sys


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
      .

      2008-12-31 17:50 . 2008-12-31 17:50 <REP> d-------- c:\program files\Trend Micro
      2008-12-28 21:22 . 2008-12-28 21:22 135,712 --a------ c:\windows\system32\drivers\ethspfqh.sys
      2008-12-27 12:23 . 2008-12-27 12:23 525 --a------ C:\hpfr3420.xml
      2008-12-26 13:04 . 2008-12-26 13:04 244 --ah----- C:\sqmnoopt17.sqm
      2008-12-26 13:04 . 2008-12-26 13:04 232 --ah----- C:\sqmdata17.sqm
      2008-12-26 12:17 . 2008-12-26 12:17 244 --ah----- C:\sqmnoopt16.sqm
      2008-12-26 12:17 . 2008-12-26 12:17 232 --ah----- C:\sqmdata16.sqm
      2008-12-26 12:15 . 2008-12-26 12:15 244 --ah----- C:\sqmnoopt15.sqm
      2008-12-26 12:15 . 2008-12-26 12:15 232 --ah----- C:\sqmdata15.sqm
      2008-12-26 11:33 . 2008-12-26 11:33 244 --ah----- C:\sqmnoopt14.sqm
      2008-12-26 11:33 . 2008-12-26 11:33 232 --ah----- C:\sqmdata14.sqm
      2008-12-26 10:24 . 2008-12-26 10:24 483 --ah----- c:\documents and settings\colomb\hpothb07.dat
      2008-12-26 10:24 . 2008-12-26 10:24 187 --ah----- c:\documents and settings\colomb\Application Data\hpothb07.dat
      2008-12-25 00:01 . 2008-12-25 00:01 244 --ah----- C:\sqmnoopt13.sqm
      2008-12-25 00:01 . 2008-12-25 00:01 232 --ah----- C:\sqmdata13.sqm
      2008-12-24 23:15 . 2008-12-24 23:15 244 --ah----- C:\sqmnoopt12.sqm
      2008-12-24 23:15 . 2008-12-24 23:15 232 --ah----- C:\sqmdata12.sqm
      2008-12-24 14:58 . 2009-01-02 12:11 54,156 --ah----- c:\windows\QTFont.qfn
      2008-12-24 14:58 . 2009-01-02 12:07 1,409 --a------ c:\windows\QTFont.for
      2008-12-23 14:39 . 2008-12-23 14:39 134,880 --a------ c:\windows\system32\drivers\ethfdthv.sys
      2008-12-22 20:31 . 2008-12-22 20:31 244 --ah----- C:\sqmnoopt11.sqm
      2008-12-22 20:31 . 2008-12-22 20:31 232 --ah----- C:\sqmdata11.sqm
      2008-12-22 20:03 . 2008-12-22 20:03 244 --ah----- C:\sqmnoopt10.sqm
      2008-12-22 20:03 . 2008-12-22 20:03 232 --ah----- C:\sqmdata10.sqm
      2008-12-22 19:56 . 2008-12-22 19:56 117 --a------ c:\windows\system32\iwtk.bat
      2008-12-22 14:36 . 2008-12-22 14:36 244 --ah----- C:\sqmnoopt09.sqm
      2008-12-22 14:36 . 2008-12-22 14:36 232 --ah----- C:\sqmdata09.sqm
      2008-12-20 13:09 . 2008-12-20 13:09 244 --ah----- C:\sqmnoopt08.sqm
      2008-12-20 13:09 . 2008-12-20 13:09 232 --ah----- C:\sqmdata08.sqm
      2008-12-20 11:36 . 2008-12-20 11:36 244 --ah----- C:\sqmnoopt07.sqm
      2008-12-20 11:36 . 2008-12-20 11:36 232 --ah----- C:\sqmdata07.sqm
      2008-12-20 09:13 . 2008-12-20 09:13 244 --ah----- C:\sqmnoopt06.sqm
      2008-12-20 09:13 . 2008-12-20 09:13 232 --ah----- C:\sqmdata06.sqm
      2008-12-19 22:14 . 2008-12-19 22:14 244 --ah----- C:\sqmnoopt04.sqm
      2008-12-19 22:14 . 2008-12-19 22:14 232 --ah----- C:\sqmdata04.sqm
      2008-12-19 22:14 . 2008-12-19 22:14 172 --ah----- C:\sqmnoopt05.sqm
      2008-12-19 22:14 . 2008-12-19 22:14 172 --ah----- C:\sqmdata05.sqm
      2008-12-19 17:23 . 2008-12-19 17:23 244 --ah----- C:\sqmnoopt03.sqm
      2008-12-19 17:23 . 2008-12-19 17:23 232 --ah----- C:\sqmdata03.sqm
      2008-12-16 21:29 . 2008-12-16 21:29 244 --ah----- C:\sqmnoopt02.sqm
      2008-12-16 21:29 . 2008-12-16 21:29 232 --ah----- C:\sqmdata02.sqm
      2008-12-16 20:28 . 2008-12-16 20:28 244 --ah----- C:\sqmnoopt01.sqm
      2008-12-16 20:28 . 2008-12-16 20:28 232 --ah----- C:\sqmdata01.sqm
      2008-12-16 20:27 . 2008-12-16 20:27 244 --ah----- C:\sqmnoopt00.sqm
      2008-12-16 20:27 . 2008-12-16 20:27 232 --ah----- C:\sqmdata00.sqm
      2008-12-15 22:27 . 2008-12-15 22:27 102,438 --a------ c:\windows\system32\msvcrt2.dll
      2008-12-15 20:15 . 2008-12-15 20:15 128 --a------ c:\windows\system32\zokegx.bat
      2008-12-15 19:39 . 2008-12-15 19:39 127 --a------ c:\windows\system32\nhbji.bat
      2008-12-15 19:24 . 2008-12-15 19:24 123 --a------ C:\revmsis.bat
      2008-12-15 14:32 . 2008-12-24 19:09 2,707 --a------ c:\windows\system32\TDSScfum.dll
      2008-12-15 11:03 . 2008-12-15 11:03 <REP> dr-hs---- C:\CONFIG
      2008-12-02 20:55 . 2008-12-02 20:55 <REP> d-------- c:\documents and settings\colomb\WINDOWS

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-01-02 11:17 --------- d-----w c:\program files\Wanadoo
      2008-12-29 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
      2008-12-27 16:03 --------- d-----w c:\program files\LimeWire
      2008-12-19 21:52 --------- d-----w c:\program files\Norton Security Scan
      2008-12-13 22:07 --------- d-----w c:\program files\Incomplete
      2008-12-13 22:03 --------- d-----w c:\documents and settings\colomb\Application Data\LimeWire
      2008-12-02 19:57 --------- d-----w c:\program files\EHMINSTALL
      2008-11-30 11:00 5,632 --sha-w c:\program files\Thumbs.db
      2008-11-30 11:00 --------- d-----w c:\program files\Windows Live Toolbar
      2008-11-19 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
      2008-11-19 18:14 --------- d-----w c:\program files\SweetIM
      2008-11-19 18:07 --------- d-----w c:\documents and settings\colomb\Application Data\MessengerSkinner
      2008-11-16 20:00 --------- d-----w c:\program files\Fichiers communs\Vivendi Universal Games
      2008-11-16 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\Vivendi Universal Games
      2008-11-16 18:18 --------- d-----w c:\program files\MSN Messenger
      2008-11-16 17:57 95,128 ----a-w c:\documents and settings\colomb\Application Data\GDIPFONTCACHEV1.DAT
      2008-11-06 21:48 --------- d-----w c:\program files\Microsoft Works
      2008-11-06 21:46 --------- d-----w c:\program files\Microsoft.NET
      2008-11-06 19:53 --------- d-----w c:\program files\Yahoo!
      2008-11-04 19:37 --------- d-----w c:\program files\Google
      2008-11-04 12:23 --------- d-----w c:\program files\OpenOffice.org 2.4
      2008-11-04 12:19 --------- d-----w c:\documents and settings\colomb\Application Data\OpenOffice.org2
      2008-07-19 12:05 1,148 ----a-w c:\program files\Gamenext Jeux.lnk
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
      "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-11-06 151597]
      "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-11-06 77824]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
      "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

      c:\documents and settings\colomb\Menu D‚marrer\Programmes\D‚marrage\
      Outil de notification Live Search.lnk - c:\documents and settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-11-16 143360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Contr“leur de calendrier Ulead.lnk - c:\apps\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-06-20 69632]
      hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
      hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
      Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=sqdwcr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\NetMeeting\\conf.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=

      R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2003-11-06 11264]
      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-25 111184]
      R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\Drivers\vcsmpdrv.sys [2003-11-06 49024]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-28 20560]
      R2 OPTENET_FILTER;Orange Contrôle Parental;c:\program files\Controle Parental\bin\optproxy.exe [2008-04-25 624376]
      R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2003-11-06 139264]
      S1 ethfdthv;ethfdthv;c:\windows\system32\drivers\ethfdthv.sys [2008-12-23 134880]
      S1 ethspfqh;ethspfqh;c:\windows\system32\drivers\ethspfqh.sys [2008-12-28 135712]
      S2 bEvtService;bEvtService;c:\windows\System32\bEvtService.exe -k netsvcs []

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}]
      \Shell\AutoRun\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
      \Shell\open\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
      c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2008-08-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1209284961.job
      - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

      2008-10-25 c:\windows\Tasks\Symantec NetDetect.job
      - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 15:07]

      2009-01-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{625A1937-9ACC-4757-BF3E-F0D0B027BDA2} - (no file)
      BHO-{64ec5d77-ea9e-4e74-b728-1d0dfbca886c} - c:\windows\system32\sqdwcr.dll
      HKCU-Run-gowmw - c:\documents and settings\colomb\local settings\application data\gowmw.exe
      HKCU-Run-msnmsgr - ~c:\progra~1\MSNMES~1\msnmsgr.exe
      HKCU-Run-unilex04 - (no file)
      HKLM-Run-zzz_ImInstaller_IncrediMail - c:\documents and settings\colomb\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe
      Notify-jkkJdbBU - jkkJdbBU.dll
      SafeBoot-ati5uxxx.sys


      .
      ------- Examen supplémentaire -------
      .
      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
      uStart Page = hxxp://www.orange.fr
      uInternet Connection Wizard,ShellNext = iexplore
      uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
      IE: { - c:\program files\Messenger\msmsgs.exe
      LSP: c:\program files\Controle Parental\bin\lsp.dll

      O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
      c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

      O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

      c:\windows\Downloaded Program Files\zylomgamesplayer.dll - c:\windows\Downloaded Program Files\CONFLICT.1\zylomgamesplayer.dll
      O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
      hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
      c:\windows\Downloaded Program Files\CONFLICT.1\ZylomGamesPlayer.inf
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-02 12:14:06
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_USERS\Network1-2678596377-4133434974-3130629362-1007\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
      @Allowed: (Read) (RestrictedCode)
      @Allowed: (Read) (RestrictedCode)
      @SACL=
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\system32\FTRTSVC.exe
      c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      c:\windows\wanmpsvc.exe
      c:\progra~1\Wanadoo\TaskBarIcon.exe
      c:\progra~1\Wanadoo\GestionnaireInternet.exe
      c:\documents and settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      c:\progra~1\Wanadoo\ComComp.exe
      c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      c:\progra~1\Wanadoo\Toaster.exe
      c:\progra~1\Wanadoo\Inactivity.exe
      c:\progra~1\Wanadoo\PollingModule.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-01-02 12:22:13 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-01-02 11:22:06

      Avant-CF: 56 366 170 112 octets libres
      Après-CF: 56,287,916,032 octets libres

      287 --- E O F --- 2008-12-29 10:57:10

      voilà
      0
      1. didou43 > didou43
         
        Voilà aussi le nouveau rapport hyjack this :

        *Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 12:40:53, on 02/01/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16762)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\FTRTSVC.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Controle Parental\bin\optproxy.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
        C:\WINDOWS\wanmpsvc.exe
        C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
        C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
        C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
        C:\PROGRA~1\MSNMES~1\msnmsgr.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
        C:\PROGRA~1\Wanadoo\Toaster.exe
        C:\PROGRA~1\Wanadoo\Inactivity.exe
        C:\PROGRA~1\Wanadoo\PollingModule.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Controle Parental\bin\OPTGui.exe
        C:\Program Files\Wanadoo\GestionnaireInternet.exe
        C:\Program Files\Wanadoo\ComComp.exe
        C:\Program Files\Wanadoo\Watch.exe
        C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
        C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
        O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
        O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O20 - AppInit_DLLs: sqdwcr.dll
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
        O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
        O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
        O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
        0
  4. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Salut, pour avancer :

    Télécharge sur le bureau Navilog1 (Merci à IL-MAFIOSO)
    = = = = >>> En cliquant ici <<< = = = =
    * La console noire de Navilog1 doit s’ouvrir après l’installation
    * Sinon, pour l’ouvrir, double-clique sur le raccourci « Navilog1 » sur ton bureau
    * Appuie sur la lettre F de ton clavier puis sur la touche Entrée
    * Appuie sur une touche de ton clavier pour continuer...
    * Tape 1, puis appuie sur la touche Entrée de ton clavier
    * Ainsi, Navilog1 va effectuer la recherche des fichiers infectieux sur ton PC.
    * NE PAS UTILISER L’OPTION 2, 3, 4 SANS AVIS
    * Sois patient, cela peut prendre une dizaine de minutes
    * Navilog1 t’informe que la recherche est terminée
    * Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
    * Le rapport sera sauvegardé dans le fichier suivant : « fixnavi.txt » à la racine de ton disque dur (C:\fixnavi.txt).
    * Poste le rapport généré
    0
    1. didou43
       
      voici le rapport navilog1 :

      Search Navipromo version 3.7.0 commencé le 02/01/2009 à 16:42:17,35

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : colomb ( Administrator )
      BOOT : Normal boot

      Antivirus : avast! antivirus 4.8.1296 [VPS 081229-0] 4.8.1296 (Activated)


      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:70 Go (Free:51 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)


      Recherche executé en mode normal

      *** Recherche Programmes installés ***

      Favorit

      *** Recherche dossiers dans "C:\WINDOWS" ***


      *** Recherche dossiers dans "C:\Program Files" ***


      *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\colomb\applic~1" ***

      ...\MessengerSkinner trouvé !

      *** Recherche dossiers dans "C:\Documents and Settings\colomb\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\colomb\menudm~1\progra~1" ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\WINDOWS\system32" *

      * Recherche dans "C:\Documents and Settings\colomb\locals~1\applic~1" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***
      !! Les clés trouvées ne sont pas forcément infectées !!


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\WINDOWS\system32" :


      * Dans "C:\Documents and Settings\colomb\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group trouvé !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit trouvé !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche autres dossiers et fichiers connus :



      *** Analyse terminée le 02/01/2009 à 16:48:34,45 ***
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Nettoyage :

    * Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    * Relance Navilog en faisant un clic droit sur le raccourci Navilog présent sur ton bureau et en choisissant
    « Exécuter en tant qu’administrateur ». (si tu as Vista)
    * Au menu principal, choisis 2 et valide.
    * Il va t’informer qu’il va alors redémarrer ton PC
    * Appuie sur une touche comme demandé (Si ton Pc ne redémarre pas automatiquement, fais le toi même)
    * Au redémarrage de ton PC, choisis ta session habituelle.

    * Patiente jusqu’au message :
    *** Nettoyage Termine le ..... ***

    * Le bloc note va s’ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.
    0
    1. didou43
       
      voici le rapport :

      Clean Navipromo version 3.7.0 commencé le 02/01/2009 à 19:30:34,25

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : colomb ( Administrator )
      BOOT : Normal boot

      Antivirus : avast! antivirus 4.8.1296 [VPS 090102-0] 4.8.1296 (Activated)


      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:70 Go (Free:51 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)


      Mode suppression automatique
      avec prise en charge résultats Catchme et GNS


      Nettoyage exécuté au redémarrage de l'ordinateur


      *** fsbl1.txt non trouvé ***
      (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


      *** Suppression avec sauvegardes résultats GenericNaviSearch ***

      * Suppression dans "C:\WINDOWS\System32" *


      * Suppression dans "C:\Documents and Settings\colomb\locals~1\applic~1" *



      *** Suppression dossiers dans "C:\WINDOWS" ***


      *** Suppression dossiers dans "C:\Program Files" ***


      *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


      *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\colomb\applic~1" ***

      ...\MessengerSkinner ...suppression...
      ...\MessengerSkinner supprimé !


      *** Suppression dossiers dans "C:\Documents and Settings\colomb\locals~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\colomb\menudm~1\progra~1" ***



      *** Suppression fichiers ***


      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\WINDOWS\Temp effectué !
      Nettoyage contenu C:\Documents and Settings\colomb\locals~1\Temp effectué !

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

      2)Recherche, création sauvegardes et suppression Heuristique :


      * Dans "C:\WINDOWS\system32" *


      * Dans "C:\Documents and Settings\colomb\locals~1\applic~1" *


      *** Sauvegarde du Registre vers dossier Safebackup ***

      sauvegarde du Registre réalisée avec succès !

      *** Nettoyage Registre ***

      Nettoyage Registre Ok


      *** Certificats ***

      Certificat Egroup absent !
      Certificat Electronic-Group supprimé !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit supprimé !
      Certificat Sunny-Day-Design-Ltdt absent !

      *** Recherche autres dossiers et fichiers connus ***



      *** Nettoyage terminé le 02/01/2009 à 19:37:41,60 ***
      0
  7. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Très bien, poste un nouveau rapport hijackthis stp.
    0
    1. didou43
       
      voici le rapport hijack this :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:25:38, on 02/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Controle Parental\bin\optproxy.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\Program Files\Controle Parental\bin\OPTGui.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O20 - AppInit_DLLs: sqdwcr.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      0
  8. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge Malwarebytes’ Anti-Malware
    = = = = >>> En cliquant ici <<< = = = =

    - Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
    - Enregistres le sur le bureau
    - Double cliques sur le fichier téléchargé pour lancer le processus d’installation
    - Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
    - Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
    - Une fois la mise à jour terminée, ferme Malwarebytes
    - Double-cliques sur l’icône de malwarebytes pour le relancer
    - Dans l’onglet, Recherche, probablement ouvert par défaut,
    - Sélectionne Exécuter un examen complet
    - Clique sur Rechercher
    - Le scan démarre
    - A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
    - Cliques sur Ok pour poursuivre.
    - Si des malwares ont été détectés, cliques sur Afficher les résultats
    - Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    - Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
    - Rends toi dans l’onglet rapport/log
    - Tu cliques dessus pour l’afficher une fois affiché
    - Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
    - Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
    - Tu cliques droit dans le cadre de la réponse et coller

    Si tu as besoin d’aide regarde ce tutorial ICI
    0
    1. didou43
       
      voici le rapport :

      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1597
      Windows 5.1.2600 Service Pack 3

      02/01/2009 22:43:17
      mbam-log-2009-01-02 (22-43-17).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 132379
      Temps écoulé: 49 minute(s), 53 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 3
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 328

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\ggxpfkre.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\rwcgta.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\winscenter.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\wxqmsf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\xgtaabbf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\xktenalt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Qoobox\Quarantine\C\WINDOWS\system32\zbjqow.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0173134.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207103.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207115.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207131.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207168.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207185.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0207200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0208199.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0211200.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212195.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212210.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0213209.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0213210.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0214209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212211.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0215209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0216209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0217209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0218209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218218.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218220.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218289.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218299.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0218310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0219310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0220310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0221307.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0221613.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0222613.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0222614.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0222663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0222664.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0223667.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0224659.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0224673.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0225669.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0225755.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226067.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226194.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226055.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226063.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226064.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226065.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226066.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226069.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226070.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226071.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226072.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226073.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226074.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226075.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226108.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226118.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0227191.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227276.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227576.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227584.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227585.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227586.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227587.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227590.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227591.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227592.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227593.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227594.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227595.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227596.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227612.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227613.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227622.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227625.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227588.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227930.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0228928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0228932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0229928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0230928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0230933.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0231931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0231932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0232931.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0232937.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0233931.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0233932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0234932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0236930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0237930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0239930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0242145.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244324.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0241116.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0241140.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0242139.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244139.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244229.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244258.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244323.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244325.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244326.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244327.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244328.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244329.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244330.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244331.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244332.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244333.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244334.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244335.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244336.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244337.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244338.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244339.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244340.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244341.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244342.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244343.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244344.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244345.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244346.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244347.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244348.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244349.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244350.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244351.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244355.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244364.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0245363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0245364.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245367.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245375.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245376.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246375.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246388.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246389.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246394.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246423.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246427.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246428.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246429.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP377\A0247502.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP377\A0247503.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\colomb\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
      C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
      0
  9. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Pour vérification :

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    = = = = >>> En cliquant ici <<< = = = =

    Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.

    Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    * Redémarre ton ordinateur
    * Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

    Déroule la liste des instructions ci-dessous :
    * Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le processus de nettoyage.
    * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.

    * Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
    * Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
    * Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    Si t’as besoin d’un tuto, clic ICI

    ************************

    Télécharges Ad-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    = = = =>>> En cliquant ici <<<= = = =

    /!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. (C:\Program files )
    ● Double clique sur l'icône Ad-remover située sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparaît à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    0
    1. didou43
       
      voici le rapport sdfix :


      [b]SDFix: Version 1.240 [/b]
      Run by colomb on 03/01/2009 at 00:00

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\SDFix

      [b]Checking Services [/b]:


      Restoring Default Security Values
      Restoring Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      No Trojan Files Found






      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-03 00:13:40
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      [b]Remaining Services [/b]:




      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [b]Remaining Files [/b]:



      [b]Files with Hidden Attributes [/b]:

      Thu 6 Nov 2003 193 A.SHR --- "C:\BOOT.BAK"
      Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
      Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
      Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
      Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
      Sat 18 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
      Tue 15 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
      Mon 15 Dec 2008 480,478 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0004.tmp"
      Sat 13 Dec 2008 125,709 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0005.tmp"
      Sat 13 Dec 2008 205,597 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0847.tmp"

      [b]Finished![/b]

      le rapport AD REMOVER suivra demain samedi.
      a+
      0
      1. didou43 > didou43
         
        commenr faire pour désactiver AVAST 4.8,

        MERCI
        0
  10. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Clic droit sur son icone "A", puis "arrêter la protection résidente".
    Même manipulation pour le réactiver après.
    0
    1. didou43
       
      Quand j ai l avast sur écran ( CA représente unl auto radio gris comme symbole) je clique ou?
      0
  11. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    En bas à droite dans la barre tes tâches !
    Si tu n'y arrive vraiment pas essaye sans le désactiver mais si tu as une alerte d'Avast au moment où tu lances Ad-aware, accepte l'accès, ignore l'alerte.
    0
    1. didou43
       
      bjr

      j ai fermé oragnge sauf avast que je n ai pas désactivé.
      puis j ai fait options sur ad remover icone tete de singe rouge 1.0.8.4. by C mais rien ne se passe.
      0
      1. didou43 > didou43
         
        j ai désactivé avast mais rien encore.

        ca affiche vite fait erreur : le système........................ (impossible à lire la phrase)
        0
  12. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. (tdss)
    = = = = >>> En cliquant ici <<< = = = =

    Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.

    Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    * Redémarre ton ordinateur
    * Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

    Déroule la liste des instructions ci-dessous :
    * Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le processus de nettoyage.
    * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.

    * Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
    * Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
    * Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    Si t’as besoin d’un tuto, clic ICI
    0
    1. didou43
       
      voici le 2 eme rapport SDFIX //



      [b]SDFix: Version 1.240 [/b]
      Run by colomb on 03/01/2009 at 21:50

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\SDFix

      [b]Checking Services [/b]:


      Restoring Default Security Values
      Restoring Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      No Trojan Files Found






      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-03 22:09:02
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      [b]Remaining Services [/b]:




      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

      [b]Remaining Files [/b]:



      [b]Files with Hidden Attributes [/b]:

      Thu 6 Nov 2003 193 A.SHR --- "C:\BOOT.BAK"
      Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
      Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
      Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
      Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
      Sat 18 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
      Tue 15 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
      Mon 15 Dec 2008 480,478 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0004.tmp"
      Sat 13 Dec 2008 125,709 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0005.tmp"
      Sat 13 Dec 2008 205,597 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0847.tmp"

      [b]Finished![/b]
      0
  13. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.

    = = = = >>> En cliquant ici <<< = = = =

    * Double-clique sur RSIT.exe pour le lancer.

    * Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).

    * Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.

    * Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).

    * Poste le contenu de log.txt (c’est celui qui apparaît à l’écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
    0
    1. didou43
       
      Voici le rapport log bloc notes :
      info.txt logfile of random's system information tool 1.05 2009-01-03 23:15:02

      ======Uninstall list======

      -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036
      -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      -->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
      -->C:\Program Files\Fichiers communs\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
      -->C:\Program Files\Fichiers communs\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
      -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      -->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
      -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      -->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe"
      -->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
      Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
      Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
      Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
      avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
      Barbie(TM) Horse Adventures(TM)-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\HorseUn.exe
      Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
      Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
      CCleaner (remove only)-->"C:\Documents and Settings\colomb\Mes documents\CCleaner\uninst.exe"
      Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
      Contrôle Parental-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
      Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
      Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
      DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      Enjoy 4e-->C:\WINDOWS\Enjoy 4e Uninstaller.exe
      Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
      Favorit-->"c:\documents and settings\colomb\local settings\application data\kuyug.exe" -uninstall
      Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
      GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
      HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
      hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
      iFinger 2.0-->C:\PROGRA~1\iFinger\UNINSTD.EXE C:\PROGRA~1\iFinger\INSTDICS.LOG
      Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu"
      Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c
      LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
      LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
      Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
      Micro Application - La grande Encyclopédie 2004-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\La grande Encyclopédie 2004\Uninst.isu"
      Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
      Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
      Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
      Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
      Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
      Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
      Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
      Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
      Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
      Navilog1 3.7.0-->"C:\Program Files\Navilog1\unins000.exe"
      Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
      OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}
      Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
      Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
      Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
      Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
      Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
      Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
      Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
      Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
      Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
      Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
      Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
      Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
      Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
      Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
      SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
      Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
      Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
      Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
      Version d'évaluation de Microsoft Office Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
      Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
      Votre Budget 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76246D41-471B-46DF-8904-AF3EA8954BA9}\Setup.exe" -l0x40c
      Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
      Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
      Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
      Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
      Windows Live Toolbar-->MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}
      Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

      ======Hosts File======

      127.0.0.1 localhost

      ======Security center information======

      AV: avast! antivirus 4.8.1296 [VPS 090102-0]

      System event log

      Computer Name: SN100948140001
      Event Code: 26
      Message: Application popup :  : Machine Check: Regs

      Record Number: 1229
      Source Name: Application Popup
      Time Written: 20081226212743.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 26
      Message: Application popup :  : Machine Check:

      Record Number: 1228
      Source Name: Application Popup
      Time Written: 20081226212743.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 6005
      Message: Le service d'Enregistrement d'événement a démarré.

      Record Number: 1227
      Source Name: EventLog
      Time Written: 20081226212716.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 6009
      Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

      Record Number: 1226
      Source Name: EventLog
      Time Written: 20081226212716.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 26
      Message: Application popup :  : Machine Check: Regs

      Record Number: 1225
      Source Name: Application Popup
      Time Written: 20081226212521.000000+060
      Event Type: Informations
      User:

      Application event log

      Computer Name: SN100948140001
      Event Code: 12001
      Message: The Messenger Sharing USN Journal Reader service started successfully.

      Record Number: 5
      Source Name: usnjsvc
      Time Written: 20081210163617.000000+060
      Event Type:
      User:

      Computer Name: SN100948140001
      Event Code: 2002
      Message: Le service EAPOL a été arrêté correctement.

      Record Number: 4
      Source Name: EAPOL
      Time Written: 20081210160802.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 2003
      Message: Le service EAPOL est en cours d'exécution

      Record Number: 3
      Source Name: EAPOL
      Time Written: 20081210160801.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 1800
      Message: Le service Centre de sécurité Windows a démarré.

      Record Number: 2
      Source Name: SecurityCenter
      Time Written: 20081210160531.000000+060
      Event Type: Informations
      User:

      Computer Name: SN100948140001
      Event Code: 105
      Message: The service was started.

      Record Number: 1
      Source Name: ATI Smart
      Time Written: 20081210160429.000000+060
      Event Type: Informations
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
      "windir"=%SystemRoot%
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
      "PROCESSOR_REVISION"=0a00
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "CLASSPATH"="i\QTJava.zip"
      "QTJAVA"="i\QTJava.zip"
      "FP_NO_HOST_CHECK"=NO

      -----------------EOF-----------------
      et le log :


      Logfile of random's system information tool 1.05 (written by random/random)
      Run by colomb at 2009-01-03 23:14:34
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 52 GB (72%) free of 72 GB
      Total RAM: 255 MB (14% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:14:56, on 03/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Controle Parental\bin\optproxy.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Controle Parental\bin\OPTGui.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\colomb\Bureau\rsit.exe
      C:\Program Files\Trend Micro\HijackThis\colomb.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O20 - AppInit_DLLs: sqdwcr.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      0
  14. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Télécharge UsbFix sur ton bureau :
    = = = = >>> En cliquant ici <<< = = = =

    => Lance l’installation avec les paramètres par défaut

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d’avoir été infectés sans les ouvrir

    => Double clic sur le raccourci UsbFix sur ton bureau

    => Sélectionne l’option 1 : Nettoyage

    => Le PC va redémarrer

    =>Après redémarrage poste le rapport UsbFix.txt

    Notes :
    * Le rapport UsbFix.txt est sauvegardé a la racine du disque
    * Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche", tape explorer.exe et valide.

    ******************

    - Fais un scan en ligne avec Kaspersky = = = = >>> En cliquant ici <<< = = = = (avec Internet Explorer)

    - En bas à droite, clique sur Démarrer Online-scaner

    - Dans la nouvelle fenêtre qui s’affiche, clique sur J’accepte

    - Accepte les Contrôles ActiveX

    - Choisis Poste de travail pour le scan.

    - Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport

    - Pour t’aider à utiliser le scan en ligne, tu as un tuto ICI

    Note :
    Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
    0
    1. didou43
       
      j ai pas de disque dur externe. mais j ai une clé USB avec des affaires stockés. j' espère que le nettoyage ne va rien détruire.
      pour la mission suivante avec KASPERSKY? je n ai plus interner explorer depuis que j ai tous ces blèmes de virus§§§
      alors comment faire? pour le télécharger?
      0
  15. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Oui tu peux la brancher sans souci !

    Concernant IE, tu ne l'as pas du tout ?! Comment ça se fait ?!
    0
    1. didou43
       
      voici le rapport usb.fix :



      -------------- UsbFix V2.413.8 ---------------

      * User : colomb - SN100948140001
      * Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
      * Recherche effectuée à 10:42:05 le 04/01/2009
      * Windows Xp - Internet Explorer 7.0.5730.13


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe

      --------------- [ Informations lecteurs ] ----------------

      C: - Lecteur fixe

      F: - Lecteur amovible


      +- Contenu de l'autorun : F:\autorun.inf

      [autorun]
      open=CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
      icon=%SystemRoot%\system32\SHELL32.dll,4
      action=Open folder to view files
      shell\open=Open
      shell\open\command=CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
      shell\open\default=1

      --------------- [ Lecteur C ] ----------------

      C: - Lecteur fixe


      +- Listing des fichiers présents :

      [16/10/2002 09:52][--a------] C:\GETBOOTD.BAT
      [16/10/2002 09:52][--a------] C:\revmsis.bat
      [26/04/2008 13:58][-rahs----] C:\NTDETECT.COM
      [09/03/2000 09:06][--a------] C:\FLIPART.EXE
      [09/03/2000 09:06][--a------] C:\GETDRIVE.EXE
      [09/03/2000 09:06][--a------] C:\karafun_118.exe
      [15/12/2008 15:43][--ahs----] C:\BOOT.INI
      [02/01/2009 19:37][--a------] C:\cleannavi.txt
      [02/01/2009 19:37][--a------] C:\ComboFix.txt
      [02/01/2009 19:37][--a------] C:\DWNLOG.TXT
      [02/01/2009 19:37][--a------] C:\fixnavi.txt
      [02/01/2009 19:37][--a------] C:\UsbFix.txt
      [][] C:\hiberfil.sys
      [][] C:\IO.SYS
      [][] C:\MSDOS.SYS
      [][] C:\pagefile.sys

      --------------- [ Lecteur F ] ----------------

      F: - Lecteur amovible


      +- Listing des fichiers présents :

      [17/12/2008 22:56][-rahs----] F:\autorun.inf

      --------------- [ Registre / Startup ] ----------------

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
      msnmsgr=~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
      WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
      QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
      Installed=1
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
      Installed=1
      NoChange=1
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
      Installed=1

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000143
      "NoDriveAutoRun"=dword:03ffffff
      "NoDrives"=dword:00000000

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveAutoRun"=dword:03ffffff
      "NoDriveTypeAutoRun"=dword:00000143
      "NoDrives"=dword:00000000

      --------------- [ Registre / Mountpoint2 ] ----------------

      Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}\Shell\AutoRun\command
      Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}\Shell\open\Command

      --------------- [ Nettoyage des disques ] ----------------

      F:\autorun.inf ~> fichier appelé : "F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe" ( présent ! )
      Supprimé ! - F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
      Supprimé ! - [09/03/2000 09:06][--a------] C:\FLIPART.EXE
      Supprimé ! - [16/10/2002 09:52][--a------] C:\GETBOOTD.BAT
      Supprimé ! - [17/12/2008 22:56][-rahs----] F:\autorun.inf

      --------------- [ Resumé ] ----------------

      -> /!\ Le resultat doit etre interprété par un spécialiste /!\

      [15/12/2008 19:24][--a------] C:\revmsis.bat
      [26/04/2008 13:58][-rahs----] C:\NTDETECT.COM
      [29/08/2002 15:03][--a------] C:\GETDRIVE.EXE
      [29/08/2002 15:03][--a------] C:\karafun_118.exe
      [15/12/2008 15:43][--ahs----] C:\BOOT.INI

      --------------- ! Fin du rapport ! ----------------
      0
  16. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Essaye de faire un scan en ligne ICI
    Avec Mozilla Firefox.
    0
    1. didou43
       
      voici le rapport kaspersky :


      Fri Dec 26 10:09:31 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 10:40:08 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 11:07:30 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 11:48:28 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 12:26:21 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 12:46:23 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 13:05:51 2008 [ERR] Generic exception caught
      Fri Dec 26 21:32:34 2008 [ERR] Error connecting to the StatusToApply server
      Fri Dec 26 21:32:35 2008 [WRN] Generic error in connection/blocksock
      Fri Dec 26 21:44:31 2008 [ERR] Error connecting to the StatusToApply server
      Fri Dec 26 21:44:35 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 09:02:42 2008 [ERR] Error connecting to the StatusToApply server
      Sat Dec 27 09:59:45 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 10:27:48 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 10:48:54 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 10:54:07 2008 [WRN] Error reading pwd.conf data
      Sat Dec 27 11:03:06 2008 [ERR] Error connecting to the StatusToApply server
      Sat Dec 27 11:03:06 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 12:02:01 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 12:22:02 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 13:28:31 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 14:21:20 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 15:03:08 2008 [ERR] Error connecting to the license server
      Sat Dec 27 15:54:52 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 18:25:12 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 19:03:09 2008 [ERR] Error connecting to the license server
      Sat Dec 27 20:25:15 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 20:45:16 2008 [WRN] Generic error in connection/blocksock
      Sat Dec 27 23:03:09 2008 [ERR] Error connecting to the license server
      Sun Dec 28 09:55:24 2008 [ERR] Error connecting to the StatusToApply server
      Sun Dec 28 09:55:25 2008 [WRN] Generic error in connection/blocksock
      Sun Dec 28 10:15:27 2008 [WRN] Generic error in connection/blocksock
      Sun Dec 28 10:44:35 2008 [ERR] Error connecting to the StatusToApply server
      Sun Dec 28 10:44:36 2008 [WRN] Generic error in connection/blocksock
      Sun Dec 28 19:53:13 2008 [WRN] Generic error in connection/blocksock
      Sun Dec 28 19:53:14 2008 [ERR] Error connecting to the StatusToApply server
      Sun Dec 28 20:03:50 2008 [WRN] Generic error in connection/blocksock
      Sun Dec 28 20:04:08 2008 [ERR] Error connecting to the StatusToApply server
      Sun Dec 28 21:12:21 2008 [ERR] Error connecting to the StatusToApply server
      Mon Dec 29 11:47:35 2008 [ERR] Error connecting to the StatusToApply server
      Mon Dec 29 12:01:55 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 13:29:47 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 13:29:49 2008 [ERR] Error connecting to the StatusToApply server
      Mon Dec 29 15:34:07 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 15:34:40 2008 [ERR] Generic exception caught
      Mon Dec 29 15:52:49 2008 [ERR] Error connecting to the StatusToApply server
      Mon Dec 29 15:55:38 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 16:10:30 2008 [ERR] Generic exception caught
      Mon Dec 29 18:59:55 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 19:00:01 2008 [ERR] Error connecting to the StatusToApply server
      Mon Dec 29 19:51:58 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 20:00:13 2008 [ERR] Generic exception caught
      Mon Dec 29 21:21:32 2008 [ERR] Error connecting to the StatusToApply server
      Mon Dec 29 22:09:44 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 23:25:57 2008 [WRN] Generic error in connection/blocksock
      Mon Dec 29 23:49:13 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 00:09:17 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 00:29:20 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 08:51:14 2008 [ERR] Error connecting to the StatusToApply server
      Tue Dec 30 08:53:23 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 09:13:30 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 09:47:00 2008 [ERR] Error connecting to the StatusToApply server
      Tue Dec 30 09:49:36 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 10:47:03 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 10:47:03 2008 [ERR] Error connecting to the StatusToApply server
      Tue Dec 30 12:47:04 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 13:07:06 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 17:42:28 2008 [ERR] Error connecting to the license server
      Tue Dec 30 20:03:30 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 21:26:11 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 21:46:12 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 23:07:18 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 23:27:19 2008 [WRN] Generic error in connection/blocksock
      Tue Dec 30 23:47:20 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 00:07:22 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 00:27:24 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 12:56:35 2008 [ERR] Error connecting to the StatusToApply server
      Wed Dec 31 13:01:30 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 14:09:16 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 14:28:35 2008 [ERR] Generic exception caught
      Wed Dec 31 14:35:05 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 14:35:10 2008 [ERR] Error connecting to the StatusToApply server
      Wed Dec 31 15:17:42 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 15:40:23 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 16:04:43 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 16:41:19 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 17:27:32 2008 [WRN] Generic error in connection/blocksock
      Wed Dec 31 18:02:46 2008 [WRN] Generic error in connection/blocksock
      Thu Jan 01 14:38:38 2009 [ERR] Error connecting to the StatusToApply server
      Thu Jan 01 14:41:08 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 15:01:10 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 15:21:11 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 15:53:07 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 16:25:57 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 16:54:00 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 17:14:01 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 17:34:02 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 17:54:03 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 18:14:04 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 18:34:05 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 18:54:08 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 19:20:40 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 20:24:07 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 20:51:02 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 22:15:48 2009 [WRN] Generic error in connection/blocksock
      Thu Jan 01 23:50:23 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 00:10:25 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 00:30:28 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 09:52:20 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 10:59:46 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 11:20:50 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 12:15:08 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 12:21:11 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 12:41:12 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 13:21:13 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 13:42:51 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 14:05:01 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 14:27:11 2009 [ERR] Generic exception caught
      Fri Jan 02 14:31:51 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 14:31:55 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 14:58:57 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 15:25:38 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 15:45:45 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 16:05:48 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 16:25:49 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 16:56:01 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 17:16:02 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 17:36:03 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 18:13:50 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 18:39:20 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 18:59:23 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 19:19:25 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 19:42:10 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 20:42:37 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 21:30:57 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 21:32:04 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 21:52:07 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 22:12:12 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 22:32:15 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 22:54:27 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 22:55:34 2009 [WRN] Generic error in connection/blocksock
      Fri Jan 02 23:22:57 2009 [ERR] Error connecting to the StatusToApply server
      Fri Jan 02 23:22:58 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 00:10:16 2009 [ERR] Error connecting to the StatusToApply server
      Sat Jan 03 00:10:17 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 09:20:53 2009 [ERR] Error connecting to the StatusToApply server
      Sat Jan 03 09:20:54 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 09:40:56 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 10:00:57 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 18:32:04 2009 [ERR] Error connecting to the StatusToApply server
      Sat Jan 03 19:11:17 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 19:39:49 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 19:59:51 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 20:39:52 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 20:59:54 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 21:57:38 2009 [ERR] Error connecting to the StatusToApply server
      Sat Jan 03 21:57:39 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 22:32:40 2009 [WRN] Generic error in connection/blocksock
      Sat Jan 03 23:46:23 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 00:06:24 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 00:26:26 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 09:58:41 2009 [ERR] Error connecting to the StatusToApply server
      Sun Jan 04 09:59:58 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 10:20:00 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 10:44:30 2009 [ERR] Error connecting to the StatusToApply server
      Sun Jan 04 11:13:53 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 11:36:05 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 11:57:49 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 12:38:49 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 13:06:24 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 13:15:40 2009 [ERR] Error connecting to the StatusToApply server
      Sun Jan 04 13:19:46 2009 [WRN] Generic error in connection/blocksock
      Sun Jan 04 13:39:48 2009 [WRN] Generic error in connection/blocksock
      0
      1. didou43 > didou43
         
        faut il faire le scan pozilla firefox?
        0
  17. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Euh, c'est le scan kaspersky avec internet explorer ça ?
    Il a détecté des virus ?!
    Si non, fais avec Mozilla sur le lien donné oui.
    0
  18. didou43
     
    j ai fait scan en ligne trend micro :

    il y a 21 cookies HTTP et 3 infections

    faut il supprimer les cookies ou les nettoyer? Enettoyer les infections?
    0
  19. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Supprime tout et copie colle s'il y a un rapport pour que je vois les infections et leurs localisations.
    0
    1. didou43
       
      Désolé il n y avait pas de rapport pour envoyer en copier coller . et en plus j ai fait mauvaise manif alors j ai perdu la page du rapport affichée sur écran.
      on verra demain suis naze. mais y a t il un aurtre moyen pour que tu vois toi qui t y connait le rapport en poier coller?
      0
  20. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    euh non, pas trop.
    Repostes un rapport hijackthis.
    0
    1. didou43
       
      VOICI LE RAPPORT :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:56:10, on 04/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Controle Parental\bin\optproxy.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\WINDOWS\system32\slserv.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Controle Parental\bin\OPTGui.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O20 - AppInit_DLLs: sqdwcr.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      0
  21. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
     
    Relance un examen complet de malwarebytes anti malware mis à jour stp.
    0
    1. didou43
       
      voici le rapport ::

      Malwarebytes' Anti-Malware 1.32
      Version de la base de données: 1617
      Windows 5.1.2600 Service Pack 3

      05/01/2009 13:46:39
      mbam-log-2009-01-05 (13-46-39).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 136536
      Temps écoulé: 1 hour(s), 25 minute(s), 31 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  • 1
  • 2
  • 3
  • 4