S.O.S virus and Cie

rabetsimeli -  
rabetsimeli Messages postés 39 Statut Membre -
Bonjour,

Très très embêtée, mon AVG antispyware ne fonctionnant plus, j'ai voulu retélécharger une version gratuite après avoir désinstallé l'ancien et j'ai téléchargée un virus à la place.
Mon ordinateur est très lent.
Une personne pendant mon absence a acheté Drive Detective et m'a remis la plupart des drivers de mon PC. Cependant je n'ai plus de son depuis ce fameux virus, mon ordinateur s'arrête et m'affiche un écran sur fond bleu (si vous voyez ce message pour la première fois, redémarrez votre PC,...).
J'ai voulu mettre CCleaner, mais mon ordi a affiché le message précédent, j'ai voulu appliquer Ad-Aware, mais j'ai reçu un message comme quoi ce dernier était introuvable de même que pour Avast Antivirus. Chose qui d'habitude n'arrive jamais.

Bref beaucoup d'information et de comportement étrange sachant que je suis vraiment nul en informatique.

Si quelqu'un avait l'amabilité de me donner un petit coup de pouce, cela serait avec grand plaisir.

Merci
Configuration: Windows XP
Firefox 3.0.6

48 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème central est une infection après le téléchargement d’un logiciel douteux, alors que AVG antispyware ne fonctionnait plus, provoquant lenteur du système et écran bleu sur Windows XP. Plusieurs recommandations préconisent de rétablir les protections antivirus et antispyware, de vérifier les processus actifs et les éléments de démarrage, puis d’employer des outils dédiés comme HijackThis, ComboFix et CCleaner pour dépister et nettoyer l’infection. Des solutions additionnelles évoquent OTMoveIt3, Ad-Aware et des pare-feu tels ZoneAlarm ou Comodo, tout en soulignant la prudence avec les périphériques externes susceptibles de propager l’infection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    as tu essayé de restaurer ton ordi avant le téléchargement?

    _____________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. rabetsimeli
     
    Slt,

    Non je ne l'avais pas fait...
    J'ai suivi ta description et au moment d'appuyer sur "continue", une barre de progression s'est mise au maximum et depuis rien. J'ai recommencé 3 fois, mais RSIT ne m'a pas proposé l'outil HijackThis ni d'analyses.

    Mais étant donné qu'on est plusieurs a utiliser le PC, que RSIT était déjà installé sur mon bureau, donc quelqu'un chez moi a du le faire. Et j'ai retrouvé ces deux fichiers qui datent de dimanche dernier, je ne sais pas si ça reste valable pour toi.

    Il n'y avait rien dans le fichier log.txt

    info.txt logfile of random's system information tool 1.05 2009-02-06 23:28:56

    ======Uninstall list======

    -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    AudioEase Altiverb 5.4.6-->C:\PROGRA~1\AUDIOE~1\ALTIVE~1\AIRLOG~1\ALTIVE~1\UNWISE.EXE C:\PROGRA~1\AUDIOE~1\ALTIVE~1\AIRLOG~1\ALTIVE~1\INSTALL.LOG
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
    Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
    BrowsingTool-->C:\Program Files\BrowsingTool\uninstall.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
    Digidesign D-Show-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D397278A-593D-47FE-BC65-EE980DD2D0FE}\Setup.exe" -l0x9 FromUninstall
    Digital Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1205500-2179-11D7-B0B9-0000E24D4B29}\setup.exe"
    DivX 4.12 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
    EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst
    EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    ESPRX420 Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\REF_G\DOCUNINS.EXE
    ESPRX420 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\PQU_G\DOCUNINS.EXE
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    FileZilla Client 3.1.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Finale NotePad 2007-->C:\Program Files\Finale NotePad 2007\uninstallNP.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    GetDataBack for NTFS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}\setup.exe" -l0x9 -removeonly
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
    Icatch(IV) Camera Driver-->Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\CA533A.ini, Ca533AUnInstall
    i-minitel ADSL-->C:\PROGRA~1\MINITE~1\UNWISE.EXE C:\PROGRA~1\MINITE~1\INSTALL.LOG
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    KeyGen Crack Toolbar-->regsvr32 /u /s "C:\Program Files\KeyGen Crack Toolbar\keygen_crack.dll"
    Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -usb
    K-Lite Codec Pack 2.20 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Ma-Config.com plugin-->MsiExec.exe /I{D2D7529F-6B55-4C1C-BC9C-D6F1BCC066B6}
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft LifeCam-->MsiExec.exe /X{718263DE-E612-4653-BB7D-7154BA9E31AB}
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
    Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
    NFO viewer v 2.1-->"C:\Program Files\NFO viewer\unins000.exe"
    Nord Modular G2 Demo v1.40-->C:\WINDOWS\unvise32.exe C:\Program Files\Clavia\Modular G2 Demo v1.40\uninstal.log
    NVIDIA Audio Driver-->C:\WINDOWS\system32\nvuAudio.exe Uninstall C:\WINDOWS\system32\NvAudio.nvu,NVIDIA Audio Driver
    NVIDIA nForce Utilities-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
    OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Pd-0.38.4-extended-RC8-->"C:\Program Files\pd\unins000.exe"
    PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x40c
    PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything
    Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
    PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    QuickTime Alternative 2.1.1-->"C:\Program Files\QuickTime Alternative\unins000.exe"
    Real Alternative-->"C:\Program Files\Real Alternative\unins000.exe"
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
    Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
    Recettes de cuisine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9AC04CA-B567-45E1-A381-8023CD2F6954}\Setup.exe"
    ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
    SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
    Steinberg Cubase SX v1.0.5.61-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
    Steinberg Nuendo v3.0.2.623-->C:\PROGRA~1\STEINB~1\NUENDO~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\NUENDO~1\INSTALL.LOG
    Streamripper Plugin 1.61.25 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
    Subtitle Workshop 2.51-->"C:\Program Files\Subtitle Workshop\uninstall.exe"
    Syberia-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Microids\Syberia\Uninstall\Setup.exe" -l0x40c
    SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
    The Playa-->"C:\Program Files\The Playa\uninstall.exe"
    Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe" -l0x40c
    USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinXoundPro-->MsiExec.exe /I{3F355C0F-3ECD-4AF1-90FE-620255E934D0}
    XviD Video Codec 22032003-1 (Koepi's developer build)-->"C:\Program Files\XviD\UninstXviD.exe"
    Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090206-0]

    System event log

    Computer Name: XPSP2-223B9AA05
    Event Code: 7036
    Message: Le service LiveUpdate est entré dans l'état : arrêté.

    Record Number: 40910
    Source Name: Service Control Manager
    Time Written: 20090108074957.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-223B9AA05
    Event Code: 7036
    Message: Le service LiveUpdate est entré dans l'état : en cours d'exécution.

    Record Number: 40909
    Source Name: Service Control Manager
    Time Written: 20090108074937.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-223B9AA05
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service LiveUpdate.

    Record Number: 40908
    Source Name: Service Control Manager
    Time Written: 20090108074937.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: XPSP2-223B9AA05
    Event Code: 7036
    Message: Le service LiveUpdate est entré dans l'état : arrêté.

    Record Number: 40907
    Source Name: Service Control Manager
    Time Written: 20090108034531.000000+060
    Event Type: Informations
    User:

    Computer Name: XPSP2-223B9AA05
    Event Code: 7036
    Message: Le service LiveUpdate est entré dans l'état : en cours d'exécution.

    Record Number: 40906
    Source Name: Service Control Manager
    Time Written: 20090108034508.000000+060
    Event Type: Informations
    User:

    Application event log

    Computer Name: XPSP2-223B9AA05
    Event Code: 101
    Message: Niveau d'information : success

    LiveUpdate automatique a terminé.

    Record Number: 17563
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081219173526.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: XPSP2-223B9AA05
    Event Code: 101
    Message: Niveau d'information : success

    Le Planificateur a lancé LiveUpdate automatique.

    Record Number: 17562
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081219173502.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: XPSP2-223B9AA05
    Event Code: 101
    Message: Niveau d'information : success

    L'exécution suivante a été planifiée pour intervenir approximativement à 5:35 PM.

    Record Number: 17561
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081219135422.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: XPSP2-223B9AA05
    Event Code: 101
    Message: Niveau d'information : success

    LiveUpdate automatique a terminé.

    Record Number: 17560
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081219135422.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: XPSP2-223B9AA05
    Event Code: 101
    Message: Niveau d'information : success

    Le Planificateur a lancé LiveUpdate automatique.

    Record Number: 17559
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081219135401.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "CSOUNDRC"=C:\Program Files\Csound\.csoundrc
    "OPCODEDIR64"=C:\Program Files\Csound\plugins64
    "RAWWAVE_PATH"=C:\Program Files\Csound\samples
    "PYTHONPATH"=;C:\Program Files\Csound\bin
    "SFOUTYP"=WAV

    -----------------EOF-----------------
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  4. rabetsimeli
     
    re,

    impossible d'installer HIjackthis.

    Pour être plus clair, je l'ai téléchargé sur le bureau.
    Quand je double clique dessus il me sort une fenêtre nommée "Trend micro HijackThis" mais elle s'efface avant même que je puisse sélectionner quoique ce soit.
    En étant rapide j'ai pu mettre programme files par défaut. A ce moment une deuxième icône de HijackThis est apparue. J'ai cliqué dessus et j'ai reçu le message suivant:
    "C:Program files/....HijackThis/ n'est pas une application win32 valide".
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec
    MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
  7. rabetsimeli
     
    Bonjour,

    Le logiciel n'a pas pu tout supprimer selon le message mais voici le scan après suppression:

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1753
    Windows 5.1.2600 Service Pack 3

    12/02/2009 11:54:45
    mbam-log-2009-02-12 (11-54-45).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 175138
    Temps écoulé: 1 hour(s), 7 minute(s), 52 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 116
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 61
    Fichier(s) infecté(s): 73

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{0494d93e-a2bb-4802-865c-a80a53b78107} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{06799d48-20b5-46e9-8b10-ae6410595c66} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0777f4cb-c8d3-4d24-87ae-da072c750ffb} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0d4da0aa-99ab-40b3-9bf7-a9270fbaca46} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{155e990b-c7e9-47fd-a272-acdcb1474232} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17b69d53-cd88-4657-be84-63297b10078e} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{19bbc30a-d722-46ef-a260-e97cf87d4b3b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1a697b7c-1f9a-4428-a35f-d67d3a7fb403} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1e4dda88-df4b-4a51-8efb-acb68370b5e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1e7a2f4c-1b67-43f2-8839-1a5313f39fab} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21785954-f667-4e24-aa93-3e96dbf87088} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21f92505-0d90-4d8e-89d7-95158d147e00} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2a81c12b-bddf-42aa-98dd-f91a78097e13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2aa95d12-cdba-44ce-abb7-14f35fe213c9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2c5638f8-9943-412e-bdaa-729df3caf9f2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3479c9c8-b7ba-4704-9359-86fe33620c07} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{38200d33-6c95-43ed-bb05-aa6e9be57af8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{387dd594-eca5-4053-b43e-49125a188d0f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{49b3f626-1d1b-4018-8ba5-8ccab3fce422} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4fd6fe10-7424-4347-9527-b47ec1e5a5bb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5183e02d-21d6-4325-8810-191ce7dbfa70} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5319069a-a18e-4a37-98e0-292e949f6302} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{536c1ae5-9000-4349-bdf4-ba9489d68ea1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{566a294b-d4a3-447e-9bc7-c1ad9d4dab68} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{597e9862-08f9-48e8-b2fa-a59bf7b53791} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{599805b6-6faa-46e6-99e6-5f5425f52fd6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5db349b9-44c9-469f-909b-1e2a4c200b43} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6600c6c2-e8c5-4280-ae77-aaeb1bbbcb7b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6ab213fd-7b4d-4ed1-96a5-b62bcfa0b36b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6b22978e-f8a5-437b-8f35-8010d0173441} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6b3b803b-ec5b-4e8b-b3d5-a9f6e0418565} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{70c1cc74-496c-42ce-acb4-768407d505ce} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{71d71cd3-3ade-409a-92e9-760def7e73ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{722c97fb-2966-424d-9432-fb0ae9275dd2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72b1c0d3-3957-453a-8f48-48cb854a569e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{73766aaa-d49b-4fea-a46b-b288b97a91df} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{737ebf2a-41a0-4c01-8476-30fa38580c03} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{76dd8871-d61f-497c-8fb4-1886a73986e0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{79b9cdad-6160-468b-8c95-47fa426cb081} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7b57f151-f41c-49e1-a83f-8543867d2fea} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7ebc5c68-c80a-41b2-bd12-0d51a3efd683} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{815ff77e-a436-4485-8137-75fbe65eba2d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{87da8e65-15bc-4b5d-8a7d-649f81a4003b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8bfed1cd-14f8-497d-90f1-bada7d1e7f4e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8df45a28-2cf7-4175-ac04-ce45d26b7d0b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90305b36-8d00-48b6-bc2d-ae2131a50f64} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{975b8fb4-a107-4b4c-a811-d3560c5b70b8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9ada0fb8-1133-4c07-a46e-eaa8b6982727} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9e809c16-5c6e-47e9-a58e-3d8cecaac5fe} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a5357862-4be9-4eeb-af92-02efd2a2a8a8} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aeebd295-3f93-4745-9208-57ba25305136} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b6ae969b-8eb6-4173-a696-ca39a0a50165} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b7ef28d0-1b74-4fad-8226-4c5e0a467106} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c0405c55-b010-4b29-b1c1-4a9968a0eab6} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c1941056-f303-4db8-b014-48b70a2b9048} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ca243c53-890c-4e0e-ba24-6c01431993b3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cea21171-37d9-48c1-bc42-466071222381} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d63fc539-120d-4db8-ab0d-cd1eb7c960b9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{db0c739d-8790-4a6b-9f9f-de43c08a6e23} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{dc16bb9b-f6ff-4e4f-85ee-f5b0c94d6d13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ec66f0db-f509-42c8-b0f3-92eaf64affad} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f8af8de8-bf15-4e9f-8601-f0985a1e8759} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{a521ac73-b0b9-48a4-82c2-454156af0e26} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{31ce147e-178c-4c35-9520-319db1143a2f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{008addc3-3b8f-40e1-b56f-c12b6219d91c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00f50f76-117d-4564-8a78-e76a2d11ab6f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2013135b-7839-46ec-9989-dc829a44c11f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2019678f-9f33-487e-bee4-f80f9e7ac345} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{214102ae-43ce-4003-a47b-65506607af73} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{31a4603e-339a-49a2-a412-63d6ca08328e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3ac92a1f-794b-4480-a7f7-475cf4506fe2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{449707ce-2a4c-4c1e-83af-a120e4f9c3ba} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{50e30a50-4f4c-443a-9d00-fb4ae5c04df1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{52d4274a-d2f9-44dd-8690-a59d3b75cc62} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5a5f69a7-0eea-4852-9592-274b7a7ddc33} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6a0e8a48-a5b5-453e-b548-0199cbe4a218} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6e6b475e-b462-413b-b4ab-c05cc145f4a7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7332d44f-07b2-49d6-b4b2-3b3e5668995d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7dbd1d47-db41-4de3-a97b-f81cbc6bbc39} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84e5bb82-a15f-463a-b185-5905d872e48d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{875a7ee8-87ef-47cc-8850-d8e27e96e53a} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9382ed95-cd10-4c03-a651-cadec1b225ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{955bf87c-3760-4ac5-87a5-a307e048c9d7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b10104cd-b681-4a63-b316-c9f4edc97190} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3aa1f3c0-7fbb-410f-9b19-e3838a6e3e42} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingtool (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb05670.xbtb05670toolbar (Adware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
    C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Program Files\Hot internet offers (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\m (Trojan.Agent) -> Delete on reboot.

    Fichier(s) infecté(s):
    C:\Program Files\Spy-Rid\krnl.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\Installation programme\soundforge 7\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Installation programme\SOUNDFORGE 8+CRACK\Crack\Sony SoundForge 8 - KeyGen Retail.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000522.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001574.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001575.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000523.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002686.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002687.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006429.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006430.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0006591.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0006592.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007678.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007679.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007867.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007868.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0010845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0010846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0011845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0011846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0012845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0012846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0013845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0013846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014847.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0015873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0015874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003314.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003315.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003407.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003408.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003439.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003440.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003767.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003768.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003801.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003802.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003958.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003959.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003994.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003995.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006046.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006047.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006071.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006072.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\down\117734.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\down\175156.exe (Trojan.Packed) -> Quarantined and deleted successfully.
    C:\Program Files\Hot internet offers\offers.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\Registry Defender\backup\12_03_2008.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
    C:\Program Files\Spy-Rid\msvcp71.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Program Files\Spy-Rid\msvcr71.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Program Files\Spy-Rid\Spy-Rid.exe.local (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Program Files\Spy-Rid\Spy-Rid.exe.log (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool\BrowsingTool.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
    C:\Documents and Settings\MELINA\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tu es infecté par bagle, cela vient de cracks téléchargés! vire les puis

    Telecharge FindyKill sur ton bureau :

    --> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    --> Lance l installation avec les parametres par default

    --> Double clic sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
  9. rabetsimeli
     
    Re,

    Effectivement je me doutais que cela venait de là, merci.

    Le scan:

    ############################## [ FindyKill V4.716 ]

    # User : MELINA (Administrateurs) # XPSP2-223B9AA05
    # Update on 10/02/09 by Chiquitine29
    # Start at: 12:10:09 | 12/02/2009

    # AMD Athlon(tm) XP 2500+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Disabled
    # AV : avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 [ (!) Disabled | Updated ]

    # C:\ # Disque fixe local # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque CD-ROM
    # J:\ # Disque amovible

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wintems.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Processus infectieux stoppés ]

    "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe" (1272)
    "C:\WINDOWS\system32\wintems.exe" (3148)

    ################## [ Fichiers / Dossiers infectieux C:\ ]

    Found ! - "C:\Avenger"

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    Found ! - C:\WINDOWS\prefetch\104531.EXE-076553BC.pf
    Found ! - C:\WINDOWS\prefetch\112078.EXE-07A63799.pf
    Found ! - C:\WINDOWS\prefetch\119593.EXE-1F9B37F9.pf
    Found ! - C:\WINDOWS\prefetch\170156.EXE-32553D70.pf
    Found ! - C:\WINDOWS\prefetch\187375.EXE-0258371D.pf
    Found ! - C:\WINDOWS\prefetch\543031.EXE-0AE24D15.pf
    Found ! - C:\WINDOWS\prefetch\550890.EXE-2E16C6CA.pf
    Found ! - C:\WINDOWS\prefetch\587265.EXE-2078B675.pf
    Found ! - C:\WINDOWS\prefetch\598203.EXE-15A10EF0.pf
    Found ! - C:\WINDOWS\prefetch\98593.EXE-3866B706.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-03D5BD6F.pf
    Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

    ################## [ C:\WINDOWS\system32 ]

    Found ! - C:\WINDOWS\system32\mdelk.exe
    Found ! - C:\WINDOWS\system32\wintems.exe
    Found ! - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\MELINA\Application Data ]

    Found ! - "C:\Documents and Settings\MELINA\Application Data\m\flec006.exe"
    Found ! - "C:\Documents and Settings\MELINA\Application Data\m"
    Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers"
    Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys"
    Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys"
    Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe"
    Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\downld"

    ################## [ C:\DOCUME~1\MELINA\LOCALS~1\Temp ]

    ################## [ Registre / Clés infectieuses ]

    Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FirtR
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

    ################## [ Etat / Services ]

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    # Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    # Mode sans echec non fonctionnel !!

    # Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    # Mode sans echec non fonctionnel !!

    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    Ndisuio # Type de démarrage = 4

    EapHost # Type de démarrage = 3

    Ip6Fw # Type de démarrage = 4

    SharedAccess # Type de démarrage = 4

    wuauserv # Type de démarrage = 4

    wscsvc # Type de démarrage = 4

    ################## [ Recherche dans supports amovibles]

    # presence des fichiers :

    ################## [ Registre / Mountpoint2 ]

    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}\Shell\AutoRun\command

    ################## [ ! Fin du rapport # FindyKill V4.716 ! ]
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 2 (Suppression)

    /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    -------> ensuite post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

    _______________________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
  11. rabetsimeli
     
    re,

    1/ rapport Findkill:

    ############################## [ FindyKill V4.716 ]

    # User : MELINA (Administrateurs) # XPSP2-223B9AA05
    # Update on 10/02/09 by Chiquitine29
    # Start at: 12:40:41 | 12/02/2009

    # AMD Athlon(tm) XP 2500+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Disabled
    # AV : avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 [ (!) Disabled | Updated ]

    # C:\ # Disque fixe local # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque CD-ROM
    # J:\ # Disque amovible

    ############################## [ Active Processes ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Infected Files / Folders C:\ ]

    Deleted ! - "C:\Avenger\m\shared"
    Deleted ! - "C:\Avenger\m"
    Deleted ! - "C:\Avenger"

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    Deleted ! - C:\WINDOWS\prefetch\104531.EXE-076553BC.pf
    Deleted ! - C:\WINDOWS\prefetch\112078.EXE-07A63799.pf
    Deleted ! - C:\WINDOWS\prefetch\119593.EXE-1F9B37F9.pf
    Deleted ! - C:\WINDOWS\prefetch\170156.EXE-32553D70.pf
    Deleted ! - C:\WINDOWS\prefetch\187375.EXE-0258371D.pf
    Deleted ! - C:\WINDOWS\prefetch\543031.EXE-0AE24D15.pf
    Deleted ! - C:\WINDOWS\prefetch\550890.EXE-2E16C6CA.pf
    Deleted ! - C:\WINDOWS\prefetch\587265.EXE-2078B675.pf
    Deleted ! - C:\WINDOWS\prefetch\598203.EXE-15A10EF0.pf
    Deleted ! - C:\WINDOWS\prefetch\98593.EXE-3866B706.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-03D5BD6F.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf

    ################## [ C:\WINDOWS\system32 ]

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\MELINA\Application Data ]

    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\m"
    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys"
    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys"
    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe"
    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\downld"
    Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers"

    ################## [ Cleaning Temp Files... ]

    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_2[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_6[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[3].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[4].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\servernames[1].htm
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[3].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_2[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_6[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_6[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\file[1].txt
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\file[2].txt
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_6[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_6[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\mxd[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[3].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[4].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_6[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_6[2].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\servernames[1].htm

    ################## [ Registry / Infected keys ]

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_CURRENT_USER\Software\bisoft
    Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! - HKEY_CURRENT_USER\Software\FirtR
    Deleted ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FFC

    ################## [ States / Restarting of services ]

    # Safe boot mode restored !
    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio # Type of startup = 3

    EapHost # Type of startup = 2

    Ip6Fw # Type of startup = 2

    SharedAccess # Type of startup = 2

    wuauserv # Type of startup = 2

    wscsvc # Type of startup = 2

    ################## [ Cleaning Removable drives ]

    # Deleting files :

    ################## [ Registry / Mountpoint2 ]

    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}\Shell\AutoRun\command

    ################## [ Searching Other Infections ]

    # Références de comparaison Bagle MD5 :

    d8f3958d C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe
    23df44d298f1a9fd16fa87cfeefcc65f C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe

    ################## [ ! End of Report # FindyKill V4.716 ! ]

    Scan avec Active scan: Est ce que je dois désinfecter le PC comme il me le propose?

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-02-12 19:16:18
    PROTECTIONS: 1
    MALWARE: 20
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@atdmt[2].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@tradedoubler[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@fastclick[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@tribalfusion[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@mediaplex[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@xiti[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@ad.yieldmanager[1].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@burstnet[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@advertising[2].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@realmedia[1].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@zedo[1].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@bluestreak[1].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@adrevolver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@smartadserver[1].txt
    00583014 Trj/LdPinch.AUE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017301.exe
    00584667 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    00584667 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017068.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000214.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000217.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000218.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000528.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000533.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000534.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006055.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001582.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001583.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002688.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002690.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002691.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006409.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006432.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006433.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007575.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007582.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007583.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007685.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007686.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007687.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007719.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014849.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014876.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016877.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016879.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016880.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017065.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017066.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017067.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001580.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017116.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017132.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017133.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017134.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017137.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017146.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017152.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017172.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017174.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017176.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017183.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017187.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017231.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017232.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017278.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017294.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017322.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017311.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006073.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017359.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017360.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017361.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017438.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017439.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017469.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017474.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017475.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017483.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017504.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017530.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017619.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017815.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017829.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017859.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017896.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017913.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017921.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017957.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017988.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018010.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018024.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018044.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018062.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018080.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018089.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018099.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018105.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018106.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018109.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018112.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018113.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018116.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018129.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018139.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018145.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018150.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018173.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018174.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018183.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018216.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018231.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003317.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003318.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003319.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003332.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003333.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003444.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003445.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003773.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003774.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003803.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003805.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003806.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003960.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003963.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003964.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003996.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0004000.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0004001.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004019.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004020.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004023.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006052.exe
    02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006054.exe
    02990320 Application/BoontyGames HackTools Yes 0 Yes No C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location d
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description d
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt

    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    :files
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\BOONTY Shared

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ________________________

    désactive ta restauration puis redemarre ton ordi puis réactive la:

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

    _______________________

    vire ton antivirus puis reinstalle le ainsi que toutes tes protections et dis si elles marchent
    ________________________
    mets un rapport hijkahcits
    0
  13. rabetsimeli
     
    Re,

    Le rapport OTMo...

    ========== FILES ==========
    File/Folder C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb­arNotifier.exe not found.
    C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
    C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_200931

    Que veut dire: "désactive ta restauration puis redemarre ton ordi puis réactive la"
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire le fichier googltoolbar notifier
    en allant manuellement dans psote de travail puis

    C:\Program Files\Google\GoogleToolbarNotifier

    _________________

    pour desactiver la restauration tu as le lien en bleu qui explique dans le message précedent
    0
  15. rabetsimeli
     
    Re,

    Bon bein antivirus et protections refonctionnent normalement, c super! Merci!
    Suis-je pour autant encore virusé, étant donné que mon pc est toujours lent?
    Je n'arrive toujours pas a avoir le son? Est ce que tu pense que c lié aux virus puisque c arrivé en même temps ou est ce parce qu'il faut que je change de carte son?

    Rapport Hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:18:39, on 12/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    Liens
    R3 - URLSearchHook: Yahoo! Toolbar -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper -

    {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

    communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre6\bin\ssv.dll
    O2 - BHO: XBTP05670 - {793A9CBF-8B4E-4026-B25A-27F3A48B32E9} -

    (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

    file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl -

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

    Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class -

    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program

    Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page -

    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program

    Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

    Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA

    Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program

    Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd

    (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y

    "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

    (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall]

    %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd

    (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program

    Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd

    (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program

    Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd

    (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

    C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

    {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

    (file missing)
    O9 - Extra button: Recherche -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

    - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0

    Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

    - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

    Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATI Smart - Unknown owner -

    C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

    Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

    Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers

    communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

    Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner -

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ad aware 2007 car dépassé . as tu essayé de réinstaller les pilotes de la carte son?
    0
  17. rabetsimeli
     
    J'ai viré avant le scan Hijackthis ad-aware 2007 pour mettre une version d'essai gratuite à la place.
    Pour les drivers de la carte son, je suis en train de remettre de l'ordre.
    Tu penses que y'a d'autre choses a vérifier?
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    rq:

    pour protéger gratos ton ordi
    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR ou ((Avast))
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MALWAREBYTE ANTIMALWARE + SPYBOT
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    (celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/ 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  19. rabetsimeli Messages postés 39 Statut Membre
     
    Merci pour les multiples infos, ça me sera bien utile.
    Par contre le lien que tu m'a envoyé ne fonctionne plus. Je suis allée directement sur le site , mais j'ai peur de télécharger le mauvais produit.
    Est ce que tu aurais une autre référence?

    Merci.
    0
  20. rabetsimeli Messages postés 39 Statut Membre
     
    Bonjour,

    Quand je te disais que le lien ne fonctionnait pas c'était concernant AD-Remover, afin que je puisse te faire un scan comme tu me l'avais demandé, sauf si tu pense que ce n'est plus utile.
    Désolé j'aurais du être plus clair.
    0
  • 1
  • 2
  • 3