Trojan Adload Fermé

Question

Bonjour, mon antivirus m'a détécté un Trojan Adload-r.FD dans le fichier D:\SystemVolumeInformation\-restore... , j'ai essayé de le supprimer avec spybot mais il est toujours là à chaque scan. Spybot m'indique une modification de registre HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2
J'ai utilisé hijackthis voici le résultat :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:49, on 15/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
D:\documents and settings\véronique\local settings\application data\esaec.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\OFFICE One6.5\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\Véronique\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [esaec] "d:\documents and settings\véronique\local settings\application data\esaec.exe" esaec
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop]  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop]  (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O23 - Service: Adobe Version Cue CS3 {fr_FR}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

jlpjlp · Answer

slt

D:\SystemVolumeInformation\-restore  cela ira vite il suffira de désactiver ta restauration système!


sinon 1 ordinateur  = 1 seul antivirus alors vire avast ou norton comme ceci

https://www.avast.com/fr-fr/uninstall-utility

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924


_________________


tu as par contre un rootkit:

ici
O4 - HKCU\..\Run: [esaec] "d:\documents and settings\véronique\local settings\application data\esaec.exe" esaec 


alors (désactive le tea timer de spybot le temps de la désinfection : MODE puis MODE AVANCE puis OUTILS puis RESIDENT)

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

jlpjlp · Answer

si tu paye tu gardes norton  même si en payant c'est pas le top!

sinon en gratuit avast ou de préférence antivir qui est meilleur
https://www.malekal.com/avira-free-security-antivirus-gratuit/



___________________

= Lance navilog1 
= Cette fois-ci choisi l'option 2 
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... *** 
= Un rapport va être génrer sur ton C:\ qui sera en option 2 
Note: le bureau disparaît 

= colle le contenu du rapport de navilog (qui est en option2) 


PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches. 
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter" 
Tape explorer et valide. Celà te fera apparaitre ton bureau. 


_______________________


désactive ta restauration puis redémarre ton ordi puis réactive la pour virer les infections qui seraient dedans
https://www.informatruc.com

_______________________

encore des soucis???

millenium7 · Answer

d'accord, merci, Voici le rapport :


1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\esaec*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\esaec*.pf réalisée avec succès !
C:\WINDOWS\prefetch\esaec*.pf supprimé !


* Dans "D:\Documents and Settings\Véronique\locals~1\applic~1" * 


esaec.exe trouvé ! 
Copie esaec.exe réalisée avec succès !
esaec.exe supprimé !

esaec.dat trouvé ! 
Copie esaec.dat réalisée avec succès !
esaec.dat supprimé !

esaec_nav.dat trouvé ! 
Copie esaec_nav.dat réalisée avec succès !
esaec_nav.dat supprimé !

esaec_navps.dat trouvé ! 
Copie esaec_navps.dat réalisée avec succès !
esaec_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 15/01/2009 à 22:32:14,45 ***

millenium7 · Answer

Alors j'ai bien fais tout ce que vous m'avez indiqué mais en refaisant une analyse avec spybot je retrouve le problème de modification registre HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start (is not) W=2 Est-ce normal ? De plus en affinant les paramètres de spybot j'ai découvert ceci : --- Search result list --- Hint of the Day: Click the bar at the right of this to see more information! () Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Réglages (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start Common Dialogs: History (274 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Activity: imsins.log (Sauver le fichier, nothing done) C:\WINDOWS\imsins.log Log: Activity: OEWABLog.txt (Sauver le fichier, nothing done) C:\WINDOWS\OEWABLog.txt Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done) C:\WINDOWS tbtlog.txt Log: Install: comsetup.log (Sauver le fichier, nothing done) C:\WINDOWS\comsetup.log Log: Install: ocgen.log (Sauver le fichier, nothing done) C:\WINDOWS\ocgen.log Log: Install: setupact.log (Sauver le fichier, nothing done) C:\WINDOWS\setupact.log Log: Install: setupapi.log (Sauver le fichier, nothing done) C:\WINDOWS\setupapi.log Log: Install: setuplog.txt (Sauver le fichier, nothing done) C:\WINDOWS\setuplog.txt Log: Install: svcpack.log (Sauver le fichier, nothing done) C:\WINDOWS\svcpack.log Log: Install: wmsetup.log (Sauver le fichier, nothing done) C:\WINDOWS\wmsetup.log Log: Install: DtcInstall.log (Sauver le fichier, nothing done) C:\WINDOWS\DtcInstall.log Log: Shutdown: System32\wbem\logs\mofcomp.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\mofcomp.log Log: Shutdown: System32\wbem\logs\setup.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\setup.log Log: Shutdown: System32\wbem\logs\wbemcore.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemcore.log Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.lo_ Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemprox.log Log: Shutdown: System32\wbem\logs\wmiadap.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiadap.log Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Internet Explorer: [SBI $1E8157BE] Typed URL list (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_D_ISABEL\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: [SBI $1E8157BE] Typed URL list (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_D_JEAN-JACQUES\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: [SBI $D9A946AF] Last used directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Internet Explorer\Main\Save Directory Internet Explorer: [SBI $FF589D0C] Download directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Internet Explorer\Download Directory Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Management Console: [SBI $ECD50EAD] Recent command list (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: [SBI $E48560B4] Recent file list (9 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\Player\RecentFileList MS Media Player: [SBI $735D57D7] Recent open directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir MS Media Player: [SBI $3EE69CC3] Save as Directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir MS Media Player: [SBI $656F1808] Search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch MS Media Player: [SBI $8E65C0EE] Last opened playlist (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist MS Media Player: [SBI $1BDA487B] Last selected track index (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex MS Media Player: [SBI $6D2E50D8] Last selected node (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode MS Media Player: [SBI $3B46EBCE] Manually modified tags history (28 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaEdit MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID MS Direct3D: [SBI $7FB7B83F] Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name MS DirectInput: [SBI $9A063C91] Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [SBI $7B184199] Most recent application ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\DirectInput\MostRecentApplication\Id MS Paint: [SBI $07867C39] Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List MS Regedit: [SBI $C3B62FC1] Recent open key (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Search Assistant\ACMru MS Wordpad: [SBI $4C02334D] Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List RealOne Player 2 (aka RealPlayer 6.0): [SBI $F369C542] Last login time (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastLoginTime\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $BB3E2788] Last open file directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $C1A51AF4] Last Save as directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\LastSaveAsDir\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $066A5F4B] Most recent clips #1 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips1\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $9BCCEEB8] Most recent clips #2 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips2\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $598183D6] Most recent clips #3 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips3\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $7BF08B1F] Most recent clips #4 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips4\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $B9BDE671] Most recent clips #5 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips5\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $241B5782] Most recent clips #6 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips6\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $E6563AEC] Most recent clips #7 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips7\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $60F94610] Most recent clips #8 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentClips8\ RealOne Player 2 (aka RealPlayer 6.0): [SBI $0AA1D244] Most recent skins #1 (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\RealNetworks\RealPlayer\6.0\Preferences\MostRecentSkins1\ Ulead PhotoImpact 8.0: [SBI $38A179E9] Recent URL list (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Ulead Systems\Web Recent Used String\URL String Windows: [SBI $1E4E2003] Drivers installation paths (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows.OpenWith: [SBI $F6D91293] Open with list - .AI extension (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (11 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (11 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList Windows.OpenWith: [SBI $63036C95] Open with list - .CAB extension (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (3 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (501 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU Windows Explorer: [SBI $7308A845] Run history (2 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: [SBI $AA0766B5] Stream history (137 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_D_ISABEL\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_D_JEAN-JACQUES\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $2026AFB6] User Assistant history IE (51 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (12 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_D_ISABEL\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (11 fichiers) (Clé du registre, nothing done) HKEY_USERS\PE_D_JEAN-JACQUES\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (321 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [SBI $B7EBA926] Last visited history (26 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder Windows Media SDK: [SBI $37AAEDE6] Computer name (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $37AAEDE6] Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $37AAEDE6] Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber WinRAR: [SBI $0B56E92B] Recent file list (4 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\WinRAR\ArcHistory WinRAR: [SBI $B84F9965] Last used directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\WinRAR\General\LastFolder WinRAR: [SBI $B510882E] Extraction directory history (5 fichiers) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-3255490894-1748115572-1009262203-1006\Software\WinRAR\DialogEditHistory\ExtrPath Cookie: [SBI $49804B54] Cookie (164) (Cookie, nothing done) Cache: [SBI $49804B54] Cache (551) (Cache, nothing done) History: [SBI $49804B54] Historique (372) (Historique, nothing done) Cookie: [SBI $49804B54] Cookie (902) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-09-16 TeaTimer.exe (1.6.3.25) 2009-01-03 unins000.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-10-22 advcheck.dll (1.6.2.13) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-09-15 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2008-11-04 Includes\Adware.sbi (*) 2009-01-13 Includes\AdwareC.sbi (*) 2009-01-08 Includes\Cookies.sbi (*) 2009-01-06 Includes\Dialer.sbi (*) 2009-01-13 Includes\DialerC.sbi (*) 2009-01-13 Includes\HeavyDuty.sbi (*) 2008-11-18 Includes\Hijackers.sbi (*) 2009-01-13 Includes\HijackersC.sbi (*) 2008-12-09 Includes\Keyloggers.sbi (*) 2009-01-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-11-18 Includes\Malware.sbi (*) 2009-01-14 Includes\MalwareC.sbi (*) 2008-12-16 Includes\PUPS.sbi (*) 2009-01-13 Includes\PUPSC.sbi (*) 2009-01-13 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2009-01-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-12-10 Includes\Spyware.sbi (*) 2009-01-13 Includes\SpywareC.sbi (*) 2008-06-03 Includes\Tracks.uti (*) 2009-01-05 Includes\Trojans.sbi (*) 2009-01-14 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 3 (5.1.2600) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / MSXML4SP2: Security update for MSXML4 SP2 (KB954430) / Step By Step Interactive Training / SP2: Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) / Step By Step Interactive Training / SP2: Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Encoder: Mise à jour de sécurité pour le Codeur Windows Media (KB954156) / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player: Mise à jour de sécurité pour Lecteur Windows Media (KB952069) / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) / Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) / Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683) / Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154) / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) / Windows XP: Mise à jour de sécurité pour Windows XP (KB941569) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) / Windows XP / SP0: Correctif pour Windows Internet Explorer 7 (KB947864) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215) / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP3: Windows XP Service Pack 3 / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB938464) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB946648) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950760) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950762) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950974) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951066) / Windows XP / SP4: Mise à jour pour Windows XP (KB951072-v2) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951376) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951376-v2) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951698) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951748) / Windows XP / SP4: Mise à jour pour Windows XP (KB951978) / Windows XP / SP4: Correctif pour Windows XP (KB952287) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB952954) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB953839) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954211) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954459) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB954600) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB955069) / Windows XP / SP4: Mise à jour pour Windows XP (KB955839) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956391) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956802) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956803) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB956841) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB957095) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB957097) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958644) / Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB958687) / Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221 --- Startup entries list --- Located: HK_LM:Run, command: file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, Acrobat Assistant 8.0 command: "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" file: D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe size: 624248 MD5: 4D042B1F1375CF371AFBE0E0276BA627 Located: HK_LM:Run, ACTIVBOARD command: c:\apps\ABoard\ABoard.exe file: c:\apps\ABoard\ABoard.exe size: 24576 MD5: 84DA056C4331B17A5AAFACFF49C3BBA3 Located: HK_LM:Run, Adobe_ID0EYTHM command: C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE file: C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE size: 1884160 MD5: C1873D880786B6B03AF781E23835D925 Located: HK_LM:Run, AlcFDMonitor command: C:\WINDOWS\ALCFDRTM.EXE file: C:\WINDOWS\ALCFDRTM.EXE size: 73728 MD5: 527030FDC7C38147506BE690A5FE3D6C Located: HK_LM:Run, Alcmtr command: ALCMTR.EXE file: C:\WINDOWS\ALCMTR.EXE size: 57344 MD5: EA438D679FD55612B195539971F90A1C Located: HK_LM:Run, AlcWzrd command: ALCWZRD.EXE file: C:\WINDOWS\ALCWZRD.EXE size: 2557952 MD5: 17CF16FA813C551353E531A51B6800D2 Located: HK_LM:Run, ATIPTA command: "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" file: C:\ATI Technologies\ATI Control Panel\atiptaxx.exe size: 344064 MD5: 8824078BDA1635639AAE125D24B85383 Located: HK_LM:Run, avast! command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe size: 81000 MD5: 55EBFBAB39BFAB5E62358C093F297641 Located: HK_LM:Run, ccApp command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe size: 51048 MD5: B01902E9451B3D39DC5CAFDC9B9B398C Located: HK_LM:Run, IMJPMIG8.1 command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, LogitechCameraAssistant command: C:\Program Files\Logitech\Video\CameraAssistant.exe file: C:\Program Files\Logitech\Video\CameraAssistant.exe size: 434176 MD5: 00FD11E84EF70027D46F92996FF76956 Located: HK_LM:Run, LogitechCameraService(E) command: C:\WINDOWS\system32\ElkCtrl.exe /automation file: C:\WINDOWS\system32\ElkCtrl.exe size: 262144 MD5: 35CADFC53E7D7E4336E7C9C04D66C82B Located: HK_LM:Run, LogitechVideo[inspector] command: C:\Program Files\Logitech\Video\InstallHelper.exe /inspect file: C:\Program Files\Logitech\Video\InstallHelper.exe size: 73728 MD5: 4339D3139EC703A8E3E8C50A7E6A1948 Located: HK_LM:Run, LVCOMSX command: C:\WINDOWS\system32\LVCOMSX.EXE file: C:\WINDOWS\system32\LVCOMSX.EXE size: 221184 MD5: A95BED8FB2B001FC31F638A446A86D9F Located: HK_LM:Run, osCheck command: "C:\Program Files\Norton Internet Security\osCheck.exe" file: C:\Program Files\Norton Internet Security\osCheck.exe size: 714608 MD5: 91535A86F6BD48BACCC3D58E6653456A Located: HK_LM:Run, PCMService command: "c:\Apps\Powercinema\PCMService.exe" file: c:\Apps\Powercinema\PCMService.exe size: 127118 MD5: C31A0AF9B3702C5C2A3FA4BDCC37A76F Located: HK_LM:Run, PHIME2002A command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE size: 455168 MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6 Located: HK_LM:Run, PHIME2002ASync command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE size: 455168 MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6 Located: HK_LM:Run, PSPVideo9 command: C:\Program Files\pspvideo9\pspVideo9.exe -t file: C:\Program Files\pspvideo9\pspVideo9.exe size: 606208 MD5: 3B3B9A2B55C3D7A04B81C37894C479D5 Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 413696 MD5: 6CD5C3276C83F72677D647F27EE14ABD Located: HK_LM:Run, Raccourci vers la page des propriétés de High Definition Audio command: HDAudPropShortcut.exe file: C:\WINDOWS\system32\HDAudPropShortcut.exe size: 61952 MD5: 3E7A11C1C4EBD2C3C52197238DF4E14B Located: HK_LM:Run, SoundMan command: SOUNDMAN.EXE file: C:\WINDOWS\SOUNDMAN.EXE size: 77824 MD5: 5750D7AE7B501DAB3E9546403784939F Located: HK_LM:Run, SsAAD.exe command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe size: 81920 MD5: D728A3BE3BBB48F7DF4D847D0CF70BB9 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre6\bin\jusched.exe" file: C:\Program Files\Java\jre6\bin\jusched.exe size: 136600 MD5: B98FFA8288EFAABC436C30D198608345 Located: HK_LM:Run, TkBellExe command: "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot file: C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe size: 180269 MD5: 77ED13FD3196EBC7311CCD6899C7488C Located: HK_LM:Run, Ulead AutoDetector v2 command: C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe file: C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe size: 90112 MD5: CAA71374014DA23AF7E10F15EA975BDF Located: HK_LM:Run, UserFaultCheck command: %systemroot%\system32\dumprep 0 -u file: C:\WINDOWS\system32\dumprep 0 -u size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, WOOTASKBARICON command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe file: C:\PROGRA~1\Wanadoo\GestMaj.exe size: 32768 MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9 Located: HK_LM:Run, WOOWATCH command: C:\PROGRA~1\Wanadoo\Watch.exe file: C:\PROGRA~1\Wanadoo\Watch.exe size: 20480 MD5: 9A29592CD135F6262C429152F7A8DD4A Located: HK_CU:Run, CTFMON.EXE where: .DEFAULT... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:RunOnce, ^SetupICWDesktop where: .DEFAULT... command: file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, CTFMON.EXE where: PE_D_ISABEL... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, MSMSGS where: PE_D_ISABEL... command: "C:\Program Files\Messenger\msmsgs.exe" /background file: C:\Program Files\Messenger\msmsgs.exe size: 1695232 MD5: E13EA4860E8F2AA845B53BFD2B6FEC5B Located: HK_CU:Run, OM_Monitor where: PE_D_ISABEL... command: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe file: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, CTFMON.EXE where: PE_D_JEAN-JACQUES... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, MSMSGS where: PE_D_JEAN-JACQUES... command: "C:\Program Files\Messenger\msmsgs.exe" /background file: C:\Program Files\Messenger\msmsgs.exe size: 1695232 MD5: E13EA4860E8F2AA845B53BFD2B6FEC5B Located: HK_CU:Run, OM_Monitor where: PE_D_JEAN-JACQUES... command: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe file: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, CTFMON.EXE where: S-1-5-19... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-20... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, ctfmon.exe where: S-1-5-21-3255490894-1748115572-1009262203-1006... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:Run, LogitechSoftwareUpdate where: S-1-5-21-3255490894-1748115572-1009262203-1006... command: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot file: C:\Program Files\Logitech\Video\ManifestEngine.exe size: 196608 MD5: 660B6158BC2BC5D7CB1FF18D148C17AA Located: HK_CU:Run, OM_Monitor where: S-1-5-21-3255490894-1748115572-1009262203-1006... command: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart file: C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-3255490894-1748115572-1009262203-1006... command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 1833296 MD5: 63B3FF83B87AFCEBA89CED54695DA0F6 Located: HK_CU:Run, WOOKIT where: S-1-5-21-3255490894-1748115572-1009262203-1006... command: C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx file: C:\PROGRA~1\Wanadoo\Shell.exe size: 122880 MD5: 2BD5E1E68614DBC6B320597856ED6EA7 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-18... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 Located: HK_CU:RunOnce, ^SetupICWDesktop where: S-1-5-18... command: file: size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: Démarrage (tous utilisateurs), Lancement rapide d'Adobe Reader.lnk where: D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage... command: C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe file: C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe size: 29696 MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD Located: Démarrage (utilisateur), OFFICE One 6.5.lnk where: D:\Documents and Settings\Véronique\Menu Démarrer\Programmes\Démarrage... command: C:\Program Files\OFFICE One6.5\program\quickstart.exe file: C:\Program Files\OFFICE One6.5\program\quickstart.exe size: 36864 MD5: F10DE870B8304A505A88FF63E773E4B3 Located: Démarrage (utilisateur), OpenOffice.org 2.4.lnk where: D:\Documents and Settings\Véronique\Menu Démarrer\Programmes\Démarrage... command: C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe file: C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe size: 393216 MD5: F5CECCFE0CF964B209DCAB226D4C1DE3 Located: WinLogon, AtiExtEvent command: Ati2evxx.dll file: Ati2evxx.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, dimsntfy command: %SystemRoot%\System32\dimsntfy.dll file: %SystemRoot%\System32\dimsntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, WgaLogon command: WgaLogon.dll file: WgaLogon.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {074C1DC5-9320-4A9A-947D-C042949C6216} (ContributeBHO Class) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: ContributeBHO Class Path: D:\Program Files\Adobe\ Long name: contributeieplugin.dll Short name: CONTRI~1.DLL Date (created): 27/03/2007 05:39:42 Date (last access): 15/01/2009 22:34:24 Date (last write): 27/03/2007 05:39:42 Filesize: 118784 Attributes: archive MD5: 7E16B01AA9F9ACB6FE8D64F8376DEE26 CRC32: 98B856E6 Version: 1.0.0.0 {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (NCO 2.0 IE BHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: NCO 2.0 IE BHO CLSID name: Path: C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\ Long name: CoIEPlg.dll Short name: Date (created): 24/08/2007 20:51:56 Date (last access): 15/01/2009 22:31:18 Date (last write): 24/08/2007 20:51:56 Filesize: 316784 Attributes: archive MD5: 6BC066FCC66BB0EE33A618EBC65683D5 CRC32: D7E3A9BB Version: 2008.2.0.84 {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Symantec Intrusion Prevention CLSID name: Symantec Intrusion Prevention Path: C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\ Long name: IPSBHO.dll Short name: Date (created): 05/04/2008 11:39:48 Date (last access): 15/01/2009 22:34:26 Date (last write): 05/04/2008 12:12:40 Filesize: 116088 Attributes: archive MD5: FA3E00177B57D5B2BF058D560931D750 CRC32: DF9D41CC Version: 8.2.0.86 {7E853D72-626A-48EC-A868-BA8D5E23E045} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Programme d'aide de l'Assistant de connexion Windows Live Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 20/09/2007 09:30:18 Date (last access): 15/01/2009 22:36:36 Date (last write): 20/09/2007 09:30:18 Filesize: 328752 Attributes: archive MD5: 59CF5BF6684AFCF906CADAD39B4214DE CRC32: C363813C Version: 4.200.520.1 {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Google Toolbar Helper description: Google toolbar classification: Open for discussion known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_*.**-big.dll
Googletoolbar_en_*.*.**-deleon.dll info link: http://www.google.com/intl/fr/toolbar/ie/index.html info source: TonyKlein Path: c:\program files\google\ Long name: GoogleToolbar2.dll Short name: GOOGLE~2.DLL Date (created): 13/11/2008 16:18:50 Date (last access): 15/01/2009 21:46:50 Date (last write): 13/11/2008 16:18:50 Filesize: 2436160 Attributes: readonly archive MD5: 6D44E0C3B43D27484FBB355E470C4188 CRC32: 2DE875CD Version: 4.0.1601.4978 {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java(tm) Plug-In 2 SSV Helper Path: C:\Program Files\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 19/12/2008 17:49:30 Date (last access): 15/01/2009 22:34:30 Date (last write): 19/12/2008 17:49:30 Filesize: 34816 Attributes: archive MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162 CRC32: D7C13FB2 Version: 6.0.110.3 {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: JQSIEStartDetectorImpl CLSID name: JQSIEStartDetectorImpl Class Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\ Long name: jqs_plugin.dll Short name: JQS_PL~1.DLL Date (created): 19/12/2008 17:49:32 Date (last access): 15/01/2009 22:34:30 Date (last write): 19/12/2008 17:49:32 Filesize: 73728 Attributes: archive MD5: F68EDAFE003F2B3523C0742CD3B8D673 CRC32: 9C709350 Version: 6.0.110.3 {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: EpsonToolBandKicker Class Path: C:\Program Files\EPSON\EPSON Web-To-Page\ Long name: EPSON Web-To-Page.dll Short name: EPSONW~1.DLL Date (created): 11/12/2006 19:17:28 Date (last access): 15/01/2009 22:43:02 Date (last write): 21/02/2005 21:50:34 Filesize: 368640 Attributes: archive MD5: 01319CF4030B3740BA8261E7024ACAD1 CRC32: D484DB79 Version: 1.1.0.0 --- ActiveX list --- Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: Installer: Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) DPF name: CLSID name: Shockwave ActiveX Control Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab description: Macromedia ShockWave Flash Player 7 classification: Legitimate known filename: SWDIR.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\system32\Adobe\Director\ Long name: SwDir.dll {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab description: classification: Legitimate known filename: LegitCheckControl.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.dll Short name: LEGITC~1.DLL Date (created): 14/02/2006 09:20:14 Date (last access): 15/01/2009 22:41:38 Date (last write): 20/03/2008 17:06:36 Filesize: 1480232 Attributes: archive MD5: E058C4821D48E0A67F6069CB50818D44 CRC32: 3513AE02 Version: 1.7.69.2 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) DPF name: CLSID name: Symantec AntiVirus scanner Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab description: Symantec online scanner classification: Legitimate known filename: AVSNIFF.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\Downloaded Program Files\ Long name: avsniff.dll Short name: Date (created): 17/05/2006 14:32:30 Date (last access): 15/01/2009 21:46:50 Date (last write): 17/05/2006 14:32:30 Filesize: 231072 Attributes: archive MD5: A5E06A91CF82D97985C90B12FEE33A01 CRC32: 5AC66733 Version: 2006.2.22.58 {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) DPF name: CLSID name: Symantec Script Runner Class Installer: C:\WINDOWS\Downloaded Program Files gctlsr.inf Codebase: https://support.norton.com/sp/en/us/home/current/info description: classification: Legitimate known filename: tgctlsr.dll info link: info source: Safer Networking Ltd. Path: C:\PROGRA~1\FICHIE~1\SYMANT~1\SUPPOR~1\ Long name: tgctlsr.dll Short name: Date (created): 30/07/2007 15:54:40 Date (last access): 15/01/2009 21:46:50 Date (last write): 03/09/2007 09:14:10 Filesize: 578848 Attributes: archive MD5: 11B757C44B95B50ECE47B3E1128B8A2B CRC32: 384A8A8C Version: 6.9.2674.0 {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) DPF name: CLSID name: MSN Photo Upload Tool Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf Codebase: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab description: classification: Legitimate known filename: MsnPUpld.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: MsnPUpld.dll Short name: Date (created): 20/06/2006 15:44:04 Date (last access): 15/01/2009 22:46:12 Date (last write): 20/06/2006 15:44:04 Filesize: 379704 Attributes: archive MD5: D2FB109C3F0DAAAA4A73E5921656DB3E CRC32: A13093E8 Version: 10.0.913.0 {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) DPF name: CLSID name: Symantec RuFSI Utility Class Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab description: classification: Legitimate known filename: rufsi.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: rufsi.dll Short name: Date (created): 17/05/2006 14:32:42 Date (last access): 15/01/2009 21:46:52 Date (last write): 17/05/2006 14:32:42 Filesize: 161480 Attributes: archive MD5: D9021B7C1D765851774FD9A753AEC435 CRC32: 6D65423F Version: 2006.2.15.43 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) DPF name: CLSID name: DivXBrowserPlugin Object Installer: C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab description: classification: Legitimate known filename: npdivx32.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\DivX\DivX Web Player\ Long name: npdivx32.dll {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) DPF name: CLSID name: Symantec Download Manager Installer: C:\WINDOWS\Downloaded Program Files\symdlmgr.inf Codebase: https://webdl.symantec.com/activex/symdlmgr.cab description: classification: Legitimate known filename: symdlmgr.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: symdlmgr.dll Short name: Date (created): 06/12/2006 08:11:48 Date (last access): 15/01/2009 22:46:12 Date (last write): 06/12/2006 08:11:48 Filesize: 224768 Attributes: archive MD5: 2C58372F36FA9AC9937A188FAE31EC06 CRC32: A7AA1929 Version: 7.0.1.63 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_11 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin pjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_11.dll Short name: NPJPI1~1.DLL Date (created): 19/12/2008 17:49:30 Date (last access): 15/01/2009 21:46:52 Date (

jlpjlp · Answer

scannés  avec malwarbyte , après mise à jour et colles le rapport: 

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

millenium7 · Answer

Voici le rapport :


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1658
Windows 5.1.2600 Service Pack 3

16/01/2009 17:00:41
mbam-log-2009-01-16 (17-00-41).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 228566
Temps écoulé: 1 hour(s), 9 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

jlpjlp · Answer

ok c'est bon désactive le tea timer de spybot ou accepte les modifications

d'autres soucis?

millenium7 · Answer

D'accord merci beaucoup pour cette aide précieuse en tout cas.
Sinon j'ai toujours des publicités intempestives quand je suis sur internet explorer mais peut-être qu'il n'y a rien à faire.
Par contre, mon copain a un ordi portable et a attrapé un Win32trojan-gen {other} par wifi via ma connection internet, je ne savais pas encore que j'étais infectée donc j'aimerais savoir s'il est possible de suivre la même démarche que pour moi pour l'enlever.

jlpjlp · Answer

encore des pubs de quoi?



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

millenium7 · Answer

J'ai essayé de faire comme dans le tutoriel seulement qd je déplace le fichier Windows Xp (bootdisk) sur le combofix.exe une fenêtre me dit que je n'ai pas supprimé toutes les applications or il me semble avoir tout fermé, plus aucune fenêtre n'est ouverte, norton et avast sont désactivé, la connexion intertnet est arrêté, et le tea timer de spybot est arrêté.
Qu'ai-je pu oublier?

jlpjlp · Answer

il suffit de lancer combofix, que tu auras téléchargé sur ton bureau, pas besoin de déplacer un fichier sur combofix!

millenium7 · Answer

Désolé pour le temps de réponse, combofix ne veut pas s'éxécuter peut importe la manière utilisée (ouverture simple sur le bureau ou comme dans le tutoriel). "some files could not be created. please close all application, reboot windows and restart this installation." voila la seule chose qu'il me dit, j'ai tout essayé, j'ai fermé les applications que vous m'avez indiquées. Que dois-je faire svp?

jlpjlp · Answer

scan avec 
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 


_______________________

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

millenium7 · Answer

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1688
Windows 5.1.2600 Service Pack 3

24/01/2009 20:04:34
mbam-log-2009-01-24 (20-04-34).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 231571
Temps écoulé: 1 hour(s), 7 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

millenium7 · Answer

Désolée je ferais le reste demain.

jlpjlp · Answer

et désactive le tea timer de spybot le temps de la desinsfetion

en allant dans mode puis mode avancé puis outils puis resident

car le tea timer trouve des modifications du registre , ce qui est normal car on désinfecte et donc on modifie le registre!

Trojan Adload

16 réponses

Discussions similaires

Newsletters