Sujet Précédent Sujet Suivant

S.O.S virus and Cie

rabetsimeli -  
rabetsimeli Messages postés 39 Statut Membre -
Bonjour,

Très très embêtée, mon AVG antispyware ne fonctionnant plus, j'ai voulu retélécharger une version gratuite après avoir désinstallé l'ancien et j'ai téléchargée un virus à la place.
Mon ordinateur est très lent.
Une personne pendant mon absence a acheté Drive Detective et m'a remis la plupart des drivers de mon PC. Cependant je n'ai plus de son depuis ce fameux virus, mon ordinateur s'arrête et m'affiche un écran sur fond bleu (si vous voyez ce message pour la première fois, redémarrez votre PC,...).
J'ai voulu mettre CCleaner, mais mon ordi a affiché le message précédent, j'ai voulu appliquer Ad-Aware, mais j'ai reçu un message comme quoi ce dernier était introuvable de même que pour Avast Antivirus. Chose qui d'habitude n'arrive jamais.

Bref beaucoup d'information et de comportement étrange sachant que je suis vraiment nul en informatique.

Si quelqu'un avait l'amabilité de me donner un petit coup de pouce, cela serait avec grand plaisir.

Merci
A voir également:

48 réponses

  • 1
  • 2
  • 3
Réponse 1 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
as tu essayé de restaurer ton ordi avant le téléchargement?

_____________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 48
rabetsimeli
 
Slt,

Non je ne l'avais pas fait...
J'ai suivi ta description et au moment d'appuyer sur "continue", une barre de progression s'est mise au maximum et depuis rien. J'ai recommencé 3 fois, mais RSIT ne m'a pas proposé l'outil HijackThis ni d'analyses.

Mais étant donné qu'on est plusieurs a utiliser le PC, que RSIT était déjà installé sur mon bureau, donc quelqu'un chez moi a du le faire. Et j'ai retrouvé ces deux fichiers qui datent de dimanche dernier, je ne sais pas si ça reste valable pour toi.

Il n'y avait rien dans le fichier log.txt

info.txt logfile of random's system information tool 1.05 2009-02-06 23:28:56

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AudioEase Altiverb 5.4.6-->C:\PROGRA~1\AUDIOE~1\ALTIVE~1\AIRLOG~1\ALTIVE~1\UNWISE.EXE C:\PROGRA~1\AUDIOE~1\ALTIVE~1\AIRLOG~1\ALTIVE~1\INSTALL.LOG
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
BrowsingTool-->C:\Program Files\BrowsingTool\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
Digidesign D-Show-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D397278A-593D-47FE-BC65-EE980DD2D0FE}\Setup.exe" -l0x9 FromUninstall
Digital Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1205500-2179-11D7-B0B9-0000E24D4B29}\setup.exe"
DivX 4.12 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX420 Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\REF_G\DOCUNINS.EXE
ESPRX420 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\PQU_G\DOCUNINS.EXE
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
FileZilla Client 3.1.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Finale NotePad 2007-->C:\Program Files\Finale NotePad 2007\uninstallNP.exe
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
GetDataBack for NTFS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}\setup.exe" -l0x9 -removeonly
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Icatch(IV) Camera Driver-->Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\CA533A.ini, Ca533AUnInstall
i-minitel ADSL-->C:\PROGRA~1\MINITE~1\UNWISE.EXE C:\PROGRA~1\MINITE~1\INSTALL.LOG
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeyGen Crack Toolbar-->regsvr32 /u /s "C:\Program Files\KeyGen Crack Toolbar\keygen_crack.dll"
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -usb
K-Lite Codec Pack 2.20 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Ma-Config.com plugin-->MsiExec.exe /I{D2D7529F-6B55-4C1C-BC9C-D6F1BCC066B6}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{718263DE-E612-4653-BB7D-7154BA9E31AB}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NFO viewer v 2.1-->"C:\Program Files\NFO viewer\unins000.exe"
Nord Modular G2 Demo v1.40-->C:\WINDOWS\unvise32.exe C:\Program Files\Clavia\Modular G2 Demo v1.40\uninstal.log
NVIDIA Audio Driver-->C:\WINDOWS\system32\nvuAudio.exe Uninstall C:\WINDOWS\system32\NvAudio.nvu,NVIDIA Audio Driver
NVIDIA nForce Utilities-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Pd-0.38.4-extended-RC8-->"C:\Program Files\pd\unins000.exe"
PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x40c
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything
Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime Alternative 2.1.1-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Recettes de cuisine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9AC04CA-B567-45E1-A381-8023CD2F6954}\Setup.exe"
ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Steinberg Cubase SX v1.0.5.61-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg Nuendo v3.0.2.623-->C:\PROGRA~1\STEINB~1\NUENDO~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\NUENDO~1\INSTALL.LOG
Streamripper Plugin 1.61.25 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
Subtitle Workshop 2.51-->"C:\Program Files\Subtitle Workshop\uninstall.exe"
Syberia-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Microids\Syberia\Uninstall\Setup.exe" -l0x40c
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
The Playa-->"C:\Program Files\The Playa\uninstall.exe"
Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe" -l0x40c
USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinXoundPro-->MsiExec.exe /I{3F355C0F-3ECD-4AF1-90FE-620255E934D0}
XviD Video Codec 22032003-1 (Koepi's developer build)-->"C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090206-0]

System event log

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : arrêté.

Record Number: 40910
Source Name: Service Control Manager
Time Written: 20090108074957.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : en cours d'exécution.

Record Number: 40909
Source Name: Service Control Manager
Time Written: 20090108074937.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-223B9AA05
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service LiveUpdate.

Record Number: 40908
Source Name: Service Control Manager
Time Written: 20090108074937.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : arrêté.

Record Number: 40907
Source Name: Service Control Manager
Time Written: 20090108034531.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : en cours d'exécution.

Record Number: 40906
Source Name: Service Control Manager
Time Written: 20090108034508.000000+060
Event Type: Informations
User:

Application event log

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

LiveUpdate automatique a terminé.

Record Number: 17563
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219173526.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 17562
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219173502.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

L'exécution suivante a été planifiée pour intervenir approximativement à 5:35 PM.

Record Number: 17561
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219135422.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

LiveUpdate automatique a terminé.

Record Number: 17560
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219135422.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 17559
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219135401.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CSOUNDRC"=C:\Program Files\Csound\.csoundrc
"OPCODEDIR64"=C:\Program Files\Csound\plugins64
"RAWWAVE_PATH"=C:\Program Files\Csound\samples
"PYTHONPATH"=;C:\Program Files\Csound\bin
"SFOUTYP"=WAV

-----------------EOF-----------------
0
Réponse 3 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 4 / 48
rabetsimeli
 
re,

impossible d'installer HIjackthis.

Pour être plus clair, je l'ai téléchargé sur le bureau.
Quand je double clique dessus il me sort une fenêtre nommée "Trend micro HijackThis" mais elle s'efface avant même que je puisse sélectionner quoique ce soit.
En étant rapide j'ai pu mettre programme files par défaut. A ce moment une deuxième icône de HijackThis est apparue. J'ai cliqué dessus et j'ai reçu le message suivant:
"C:Program files/....HijackThis/ n'est pas une application win32 valide".
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 6 / 48
rabetsimeli
 
Bonjour,

Le logiciel n'a pas pu tout supprimer selon le message mais voici le scan après suppression:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1753
Windows 5.1.2600 Service Pack 3

12/02/2009 11:54:45
mbam-log-2009-02-12 (11-54-45).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 175138
Temps écoulé: 1 hour(s), 7 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 116
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 61
Fichier(s) infecté(s): 73

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{0494d93e-a2bb-4802-865c-a80a53b78107} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{06799d48-20b5-46e9-8b10-ae6410595c66} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0777f4cb-c8d3-4d24-87ae-da072c750ffb} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0d4da0aa-99ab-40b3-9bf7-a9270fbaca46} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{155e990b-c7e9-47fd-a272-acdcb1474232} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17b69d53-cd88-4657-be84-63297b10078e} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19bbc30a-d722-46ef-a260-e97cf87d4b3b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a697b7c-1f9a-4428-a35f-d67d3a7fb403} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e4dda88-df4b-4a51-8efb-acb68370b5e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e7a2f4c-1b67-43f2-8839-1a5313f39fab} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21785954-f667-4e24-aa93-3e96dbf87088} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21f92505-0d90-4d8e-89d7-95158d147e00} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2a81c12b-bddf-42aa-98dd-f91a78097e13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2aa95d12-cdba-44ce-abb7-14f35fe213c9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c5638f8-9943-412e-bdaa-729df3caf9f2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3479c9c8-b7ba-4704-9359-86fe33620c07} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38200d33-6c95-43ed-bb05-aa6e9be57af8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{387dd594-eca5-4053-b43e-49125a188d0f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49b3f626-1d1b-4018-8ba5-8ccab3fce422} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4fd6fe10-7424-4347-9527-b47ec1e5a5bb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5183e02d-21d6-4325-8810-191ce7dbfa70} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5319069a-a18e-4a37-98e0-292e949f6302} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{536c1ae5-9000-4349-bdf4-ba9489d68ea1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{566a294b-d4a3-447e-9bc7-c1ad9d4dab68} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{597e9862-08f9-48e8-b2fa-a59bf7b53791} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{599805b6-6faa-46e6-99e6-5f5425f52fd6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5db349b9-44c9-469f-909b-1e2a4c200b43} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6600c6c2-e8c5-4280-ae77-aaeb1bbbcb7b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6ab213fd-7b4d-4ed1-96a5-b62bcfa0b36b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b22978e-f8a5-437b-8f35-8010d0173441} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b3b803b-ec5b-4e8b-b3d5-a9f6e0418565} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70c1cc74-496c-42ce-acb4-768407d505ce} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71d71cd3-3ade-409a-92e9-760def7e73ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{722c97fb-2966-424d-9432-fb0ae9275dd2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72b1c0d3-3957-453a-8f48-48cb854a569e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{73766aaa-d49b-4fea-a46b-b288b97a91df} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{737ebf2a-41a0-4c01-8476-30fa38580c03} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76dd8871-d61f-497c-8fb4-1886a73986e0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{79b9cdad-6160-468b-8c95-47fa426cb081} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7b57f151-f41c-49e1-a83f-8543867d2fea} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ebc5c68-c80a-41b2-bd12-0d51a3efd683} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{815ff77e-a436-4485-8137-75fbe65eba2d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{87da8e65-15bc-4b5d-8a7d-649f81a4003b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8bfed1cd-14f8-497d-90f1-bada7d1e7f4e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8df45a28-2cf7-4175-ac04-ce45d26b7d0b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90305b36-8d00-48b6-bc2d-ae2131a50f64} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{975b8fb4-a107-4b4c-a811-d3560c5b70b8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ada0fb8-1133-4c07-a46e-eaa8b6982727} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9e809c16-5c6e-47e9-a58e-3d8cecaac5fe} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a5357862-4be9-4eeb-af92-02efd2a2a8a8} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aeebd295-3f93-4745-9208-57ba25305136} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6ae969b-8eb6-4173-a696-ca39a0a50165} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b7ef28d0-1b74-4fad-8226-4c5e0a467106} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c0405c55-b010-4b29-b1c1-4a9968a0eab6} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1941056-f303-4db8-b014-48b70a2b9048} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ca243c53-890c-4e0e-ba24-6c01431993b3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cea21171-37d9-48c1-bc42-466071222381} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d63fc539-120d-4db8-ab0d-cd1eb7c960b9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{db0c739d-8790-4a6b-9f9f-de43c08a6e23} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dc16bb9b-f6ff-4e4f-85ee-f5b0c94d6d13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec66f0db-f509-42c8-b0f3-92eaf64affad} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8af8de8-bf15-4e9f-8601-f0985a1e8759} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a521ac73-b0b9-48a4-82c2-454156af0e26} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{31ce147e-178c-4c35-9520-319db1143a2f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{008addc3-3b8f-40e1-b56f-c12b6219d91c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00f50f76-117d-4564-8a78-e76a2d11ab6f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2013135b-7839-46ec-9989-dc829a44c11f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2019678f-9f33-487e-bee4-f80f9e7ac345} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{214102ae-43ce-4003-a47b-65506607af73} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31a4603e-339a-49a2-a412-63d6ca08328e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3ac92a1f-794b-4480-a7f7-475cf4506fe2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{449707ce-2a4c-4c1e-83af-a120e4f9c3ba} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50e30a50-4f4c-443a-9d00-fb4ae5c04df1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52d4274a-d2f9-44dd-8690-a59d3b75cc62} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5a5f69a7-0eea-4852-9592-274b7a7ddc33} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a0e8a48-a5b5-453e-b548-0199cbe4a218} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e6b475e-b462-413b-b4ab-c05cc145f4a7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7332d44f-07b2-49d6-b4b2-3b3e5668995d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7dbd1d47-db41-4de3-a97b-f81cbc6bbc39} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84e5bb82-a15f-463a-b185-5905d872e48d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{875a7ee8-87ef-47cc-8850-d8e27e96e53a} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9382ed95-cd10-4c03-a651-cadec1b225ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{955bf87c-3760-4ac5-87a5-a307e048c9d7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b10104cd-b681-4a63-b316-c9f4edc97190} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3aa1f3c0-7fbb-410f-9b19-e3838a6e3e42} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingtool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb05670.xbtb05670toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Hot internet offers (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Program Files\Spy-Rid\krnl.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Installation programme\soundforge 7\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Installation programme\SOUNDFORGE 8+CRACK\Crack\Sony SoundForge 8 - KeyGen Retail.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000522.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001574.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001575.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000523.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002686.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002687.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006429.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006430.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0006591.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0006592.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007678.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007679.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007867.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007868.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0010845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0010846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0011845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0011846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0012845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0012846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0013845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0013846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014847.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0015873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0015874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003314.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003315.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003407.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003408.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003439.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003440.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003767.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003768.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003801.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003802.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003958.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003959.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003994.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003995.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006046.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006047.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006071.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006072.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\117734.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\175156.exe (Trojan.Packed) -> Quarantined and deleted successfully.
C:\Program Files\Hot internet offers\offers.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\12_03_2008.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\msvcp71.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\msvcr71.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Spy-Rid.exe.local (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Spy-Rid.exe.log (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\BrowsingTool.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\MELINA\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
0
Réponse 7 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok tu es infecté par bagle, cela vient de cracks téléchargés! vire les puis

Telecharge FindyKill sur ton bureau :

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 8 / 48
rabetsimeli
 
Re,

Effectivement je me doutais que cela venait de là, merci.

Le scan:

############################## [ FindyKill V4.716 ]

# User : MELINA (Administrateurs) # XPSP2-223B9AA05
# Update on 10/02/09 by Chiquitine29
# Start at: 12:10:09 | 12/02/2009

# AMD Athlon(tm) XP 2500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# J:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe" (1272)
"C:\WINDOWS\system32\wintems.exe" (3148)

################## [ Fichiers / Dossiers infectieux C:\ ]

Found ! - "C:\Avenger"

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\104531.EXE-076553BC.pf
Found ! - C:\WINDOWS\prefetch\112078.EXE-07A63799.pf
Found ! - C:\WINDOWS\prefetch\119593.EXE-1F9B37F9.pf
Found ! - C:\WINDOWS\prefetch\170156.EXE-32553D70.pf
Found ! - C:\WINDOWS\prefetch\187375.EXE-0258371D.pf
Found ! - C:\WINDOWS\prefetch\543031.EXE-0AE24D15.pf
Found ! - C:\WINDOWS\prefetch\550890.EXE-2E16C6CA.pf
Found ! - C:\WINDOWS\prefetch\587265.EXE-2078B675.pf
Found ! - C:\WINDOWS\prefetch\598203.EXE-15A10EF0.pf
Found ! - C:\WINDOWS\prefetch\98593.EXE-3866B706.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-03D5BD6F.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Found ! - C:\WINDOWS\system32\mdelk.exe
Found ! - C:\WINDOWS\system32\wintems.exe
Found ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\MELINA\Application Data ]

Found ! - "C:\Documents and Settings\MELINA\Application Data\m\flec006.exe"
Found ! - "C:\Documents and Settings\MELINA\Application Data\m"
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers"
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys"
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\downld"

################## [ C:\DOCUME~1\MELINA\LOCALS~1\Temp ]

################## [ Registre / Clés infectieuses ]

Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

################## [ Etat / Services ]

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

# Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

# Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

# Mode sans echec non fonctionnel !!

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio # Type de démarrage = 4

EapHost # Type de démarrage = 3

Ip6Fw # Type de démarrage = 4

SharedAccess # Type de démarrage = 4

wuauserv # Type de démarrage = 4

wscsvc # Type de démarrage = 4

################## [ Recherche dans supports amovibles]

# presence des fichiers :

################## [ Registre / Mountpoint2 ]

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}\Shell\AutoRun\command

################## [ ! Fin du rapport # FindyKill V4.716 ! ]
0
Réponse 9 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

_______________________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 10 / 48
rabetsimeli
 
re,

1/ rapport Findkill:

############################## [ FindyKill V4.716 ]

# User : MELINA (Administrateurs) # XPSP2-223B9AA05
# Update on 10/02/09 by Chiquitine29
# Start at: 12:40:41 | 12/02/2009

# AMD Athlon(tm) XP 2500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# J:\ # Disque amovible

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

Deleted ! - "C:\Avenger\m\shared"
Deleted ! - "C:\Avenger\m"
Deleted ! - "C:\Avenger"

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\104531.EXE-076553BC.pf
Deleted ! - C:\WINDOWS\prefetch\112078.EXE-07A63799.pf
Deleted ! - C:\WINDOWS\prefetch\119593.EXE-1F9B37F9.pf
Deleted ! - C:\WINDOWS\prefetch\170156.EXE-32553D70.pf
Deleted ! - C:\WINDOWS\prefetch\187375.EXE-0258371D.pf
Deleted ! - C:\WINDOWS\prefetch\543031.EXE-0AE24D15.pf
Deleted ! - C:\WINDOWS\prefetch\550890.EXE-2E16C6CA.pf
Deleted ! - C:\WINDOWS\prefetch\587265.EXE-2078B675.pf
Deleted ! - C:\WINDOWS\prefetch\598203.EXE-15A10EF0.pf
Deleted ! - C:\WINDOWS\prefetch\98593.EXE-3866B706.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-03D5BD6F.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\MELINA\Application Data ]

Deleted ! - "C:\Documents and Settings\MELINA\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\m"
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers"

################## [ Cleaning Temp Files... ]

Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[3].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[4].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\servernames[1].htm
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[3].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\file[1].txt
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\file[2].txt
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\mxd[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\mxd[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[3].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[4].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\mxd[1].jpg
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\servernames[1].htm

################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FFC

################## [ States / Restarting of services ]

# Safe boot mode restored !
# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio # Type of startup = 3

EapHost # Type of startup = 2

Ip6Fw # Type of startup = 2

SharedAccess # Type of startup = 2

wuauserv # Type of startup = 2

wscsvc # Type of startup = 2

################## [ Cleaning Removable drives ]

# Deleting files :

################## [ Registry / Mountpoint2 ]

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}\Shell\AutoRun\command

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

d8f3958d C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe
23df44d298f1a9fd16fa87cfeefcc65f C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe

################## [ ! End of Report # FindyKill V4.716 ! ]

Scan avec Active scan: Est ce que je dois désinfecter le PC comme il me le propose?

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-12 19:16:18
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@ad.yieldmanager[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@burstnet[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@advertising[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@realmedia[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@adrevolver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\MELINA\Cookies\melina@smartadserver[1].txt
00583014 Trj/LdPinch.AUE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017301.exe
00584667 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
00584667 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017068.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000214.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000217.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000218.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000528.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000533.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000534.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006055.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001582.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001583.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002688.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002690.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002691.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006409.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006432.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006433.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007575.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007582.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007583.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007685.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007686.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007687.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007719.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014849.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014876.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016877.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016879.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016880.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017065.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017066.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017067.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001580.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017116.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017132.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017133.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017134.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017137.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017146.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017152.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017172.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017174.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017176.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017183.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017187.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017231.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017232.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017278.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017294.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017322.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017311.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006073.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017359.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017360.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017361.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017438.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017439.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017469.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017474.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017475.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017483.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017504.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017530.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017619.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017815.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017829.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017859.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017896.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017913.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017921.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017957.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017988.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018010.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018024.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018044.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018062.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018080.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018089.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018099.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018105.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018106.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018109.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018112.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018113.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018116.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018129.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018139.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018145.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018150.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018173.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018174.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018183.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018216.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018231.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003317.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003318.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003319.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003332.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003333.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003444.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003445.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003773.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003774.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003803.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003805.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003806.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003960.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003963.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003964.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003996.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0004000.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0004001.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004019.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004020.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004023.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006052.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006054.exe
02990320 Application/BoontyGames HackTools Yes 0 Yes No C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location d
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description d
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 11 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt

http://oldtimer.geekstogo.com/OTMoveIt3.exe

(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

:files
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\BOONTY Shared

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________________

désactive ta restauration puis redemarre ton ordi puis réactive la:

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

_______________________

vire ton antivirus puis reinstalle le ainsi que toutes tes protections et dis si elles marchent
________________________
mets un rapport hijkahcits
0
Réponse 12 / 48
rabetsimeli
 
Re,

Le rapport OTMo...

========== FILES ==========
File/Folder C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb­arNotifier.exe not found.
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_200931

Que veut dire: "désactive ta restauration puis redemarre ton ordi puis réactive la"
0
Réponse 13 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire le fichier googltoolbar notifier
en allant manuellement dans psote de travail puis

C:\Program Files\Google\GoogleToolbarNotifier

_________________

pour desactiver la restauration tu as le lien en bleu qui explique dans le message précedent
0
Réponse 14 / 48
rabetsimeli
 
Re,

Bon bein antivirus et protections refonctionnent normalement, c super! Merci!
Suis-je pour autant encore virusé, étant donné que mon pc est toujours lent?
Je n'arrive toujours pas a avoir le son? Est ce que tu pense que c lié aux virus puisque c arrivé en même temps ou est ce parce qu'il faut que je change de carte son?

Rapport Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:39, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Liens
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: XBTP05670 - {793A9CBF-8B4E-4026-B25A-27F3A48B32E9} -

(no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class -

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page -

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA

Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program

Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y

"%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd

(User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd

(User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

(file missing)
O9 - Extra button: Recherche -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0

Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers

communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
0
Réponse 15 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ad aware 2007 car dépassé . as tu essayé de réinstaller les pilotes de la carte son?
0
Réponse 16 / 48
rabetsimeli
 
J'ai viré avant le scan Hijackthis ad-aware 2007 pour mettre une version d'essai gratuite à la place.
Pour les drivers de la carte son, je suis en train de remettre de l'ordre.
Tu penses que y'a d'autre choses a vérifier?
0
Réponse 17 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

rq:

pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR ou ((Avast))
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 18 / 48
rabetsimeli Messages postés 39 Statut Membre
 
Merci pour les multiples infos, ça me sera bien utile.
Par contre le lien que tu m'a envoyé ne fonctionne plus. Je suis allée directement sur le site , mais j'ai peur de télécharger le mauvais produit.
Est ce que tu aurais une autre référence?

Merci.
0
Réponse 19 / 48
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

https://www.commentcamarche.net/contents/826-installer-un-firewall-avec-zonealarm

http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
0
Réponse 20 / 48
rabetsimeli Messages postés 39 Statut Membre
 
Bonjour,

Quand je te disais que le lien ne fonctionnait pas c'était concernant AD-Remover, afin que je puisse te faire un scan comme tu me l'avais demandé, sauf si tu pense que ce n'est plus utile.
Désolé j'aurais du être plus clair.
0
  • 1
  • 2
  • 3

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Page bleue : your PC ran into a problem and needs to restart
pitchalou -
Malekal_morte- -

2 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses