S.O.S virus and Cie

Question

Bonjour,

Très très embêtée, mon AVG antispyware ne fonctionnant plus, j'ai voulu retélécharger une version gratuite après avoir désinstallé l'ancien et j'ai téléchargée un virus à la place.
Mon ordinateur est très lent. 
Une personne pendant mon absence a acheté Drive Detective et m'a remis la plupart des drivers de mon PC. Cependant je n'ai plus de son depuis ce fameux virus, mon ordinateur s'arrête et m'affiche un écran sur fond bleu (si vous voyez ce message pour la première fois, redémarrez votre PC,...).
J'ai voulu mettre CCleaner, mais mon ordi a affiché le message précédent, j'ai voulu appliquer Ad-Aware, mais j'ai reçu un message comme quoi ce dernier était introuvable de même que pour Avast Antivirus. Chose qui d'habitude n'arrive jamais.

Bref beaucoup d'information et de comportement étrange sachant que je suis vraiment nul en informatique.

Si quelqu'un avait l'amabilité de me donner un petit coup de pouce, cela serait avec grand plaisir.

Merci

jlpjlp · Answer

slt
as tu essayé de restaurer ton ordi avant le téléchargement?



_____________


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

rabetsimeli · Answer

Slt,

Non je ne l'avais pas fait...
J'ai suivi ta description et au moment d'appuyer sur "continue", une barre de progression s'est mise au maximum et depuis rien. J'ai recommencé 3 fois, mais RSIT ne m'a pas proposé l'outil HijackThis ni d'analyses.

Mais étant donné qu'on est plusieurs a utiliser le PC, que RSIT était déjà installé sur mon bureau, donc quelqu'un chez moi a du le faire. Et j'ai retrouvé ces deux fichiers qui datent de dimanche dernier, je ne sais pas si ça reste valable pour toi.

Il n'y avait rien dans le fichier log.txt 



info.txt logfile of random's system information tool 1.05 2009-02-06 23:28:56

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
AudioEase Altiverb 5.4.6-->C:\PROGRA~1\AUDIOE~1\ALTIVE~1\AIRLOG~1\ALTIVE~1\UNWISE.EXE C:\PROGRA~1\AUDIOE~1\ALTIVE~1\AIRLOG~1\ALTIVE~1\INSTALL.LOG
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
BrowsingTool-->C:\Program Files\BrowsingTool\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
Digidesign D-Show-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D397278A-593D-47FE-BC65-EE980DD2D0FE}\Setup.exe" -l0x9 FromUninstall
Digital Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1205500-2179-11D7-B0B9-0000E24D4B29}\setup.exe" 
DivX 4.12 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX420 Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\REF_G\DOCUNINS.EXE
ESPRX420 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\PQU_G\DOCUNINS.EXE
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
FileZilla Client 3.1.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Finale NotePad 2007-->C:\Program Files\Finale NotePad 2007\uninstallNP.exe
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
GetDataBack for NTFS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}\setup.exe" -l0x9  -removeonly
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Icatch(IV) Camera Driver-->Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\CA533A.ini, Ca533AUnInstall
i-minitel ADSL-->C:\PROGRA~1\MINITE~1\UNWISE.EXE C:\PROGRA~1\MINITE~1\INSTALL.LOG
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeyGen Crack Toolbar-->regsvr32 /u /s "C:\Program Files\KeyGen Crack Toolbar\keygen_crack.dll" 
Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c  -usb
K-Lite Codec Pack 2.20 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Ma-Config.com plugin-->MsiExec.exe /I{D2D7529F-6B55-4C1C-BC9C-D6F1BCC066B6}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{718263DE-E612-4653-BB7D-7154BA9E31AB}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NFO viewer v 2.1-->"C:\Program Files\NFO viewer\unins000.exe"
Nord Modular G2 Demo v1.40-->C:\WINDOWS\unvise32.exe C:\Program Files\Clavia\Modular G2 Demo v1.40\uninstal.log
NVIDIA Audio Driver-->C:\WINDOWS\system32
vuAudio.exe Uninstall C:\WINDOWS\system32\NvAudio.nvu,NVIDIA Audio Driver
NVIDIA nForce Utilities-->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF
vautlml.inf
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Pd-0.38.4-extended-RC8-->"C:\Program Files\pd\unins000.exe"
PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x40c 
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything
Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
QuickTime Alternative 2.1.1-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c  -removeonly
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Recettes de cuisine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9AC04CA-B567-45E1-A381-8023CD2F6954}\Setup.exe" 
ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Steinberg Cubase SX v1.0.5.61-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg Nuendo v3.0.2.623-->C:\PROGRA~1\STEINB~1\NUENDO~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\NUENDO~1\INSTALL.LOG
Streamripper Plugin 1.61.25 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
Subtitle Workshop 2.51-->"C:\Program Files\Subtitle Workshop\uninstall.exe"
Syberia-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Microids\Syberia\Uninstall\Setup.exe" -l0x40c 
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
The Playa-->"C:\Program Files\The Playa\uninstall.exe"
Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe" -l0x40c 
USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinXoundPro-->MsiExec.exe /I{3F355C0F-3ECD-4AF1-90FE-620255E934D0}
XviD Video Codec 22032003-1 (Koepi's developer build)-->"C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32egsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32egsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090206-0]

System event log

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : arrêté.

Record Number: 40910
Source Name: Service Control Manager
Time Written: 20090108074957.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : en cours d'exécution.

Record Number: 40909
Source Name: Service Control Manager
Time Written: 20090108074937.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-223B9AA05
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service LiveUpdate.

Record Number: 40908
Source Name: Service Control Manager
Time Written: 20090108074937.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : arrêté.

Record Number: 40907
Source Name: Service Control Manager
Time Written: 20090108034531.000000+060
Event Type: Informations
User: 

Computer Name: XPSP2-223B9AA05
Event Code: 7036
Message: Le service LiveUpdate est entré dans l'état : en cours d'exécution.

Record Number: 40906
Source Name: Service Control Manager
Time Written: 20090108034508.000000+060
Event Type: Informations
User: 

Application event log

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

LiveUpdate automatique a terminé.

Record Number: 17563
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219173526.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 17562
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219173502.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

L'exécution suivante a été planifiée pour intervenir approximativement à 5:35 PM.

Record Number: 17561
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219135422.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

LiveUpdate automatique a terminé.

Record Number: 17560
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219135422.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-223B9AA05
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 17559
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081219135401.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CSOUNDRC"=C:\Program Files\Csound\.csoundrc
"OPCODEDIR64"=C:\Program Files\Csound\plugins64
"RAWWAVE_PATH"=C:\Program Files\Csound\samples
"PYTHONPATH"=;C:\Program Files\Csound\bin
"SFOUTYP"=WAV

-----------------EOF-----------------

jlpjlp · Answer

colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

rabetsimeli · Answer

re,

impossible d'installer HIjackthis.

Pour être plus clair, je l'ai téléchargé sur le bureau. 
Quand je double clique dessus il me sort une fenêtre nommée "Trend micro HijackThis" mais elle s'efface avant même que je puisse sélectionner quoique ce soit. 
En étant rapide j'ai pu mettre programme files par défaut. A ce moment une deuxième icône de HijackThis est apparue. J'ai cliqué dessus et j'ai reçu le message suivant: 
"C:Program files/....HijackThis/ n'est pas une application win32 valide".

jlpjlp · Answer

scan avec 
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 


_________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

rabetsimeli · Answer

Bonjour,

Le logiciel n'a pas pu tout supprimer selon le message mais voici le scan après suppression:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1753
Windows 5.1.2600 Service Pack 3

12/02/2009 11:54:45
mbam-log-2009-02-12 (11-54-45).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 175138
Temps écoulé: 1 hour(s), 7 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 116
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 61
Fichier(s) infecté(s): 73

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{0494d93e-a2bb-4802-865c-a80a53b78107} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{06799d48-20b5-46e9-8b10-ae6410595c66} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0777f4cb-c8d3-4d24-87ae-da072c750ffb} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0d4da0aa-99ab-40b3-9bf7-a9270fbaca46} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{155e990b-c7e9-47fd-a272-acdcb1474232} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17b69d53-cd88-4657-be84-63297b10078e} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19bbc30a-d722-46ef-a260-e97cf87d4b3b} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a697b7c-1f9a-4428-a35f-d67d3a7fb403} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e4dda88-df4b-4a51-8efb-acb68370b5e7} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e7a2f4c-1b67-43f2-8839-1a5313f39fab} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21785954-f667-4e24-aa93-3e96dbf87088} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21f92505-0d90-4d8e-89d7-95158d147e00} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2a81c12b-bddf-42aa-98dd-f91a78097e13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2aa95d12-cdba-44ce-abb7-14f35fe213c9} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c5638f8-9943-412e-bdaa-729df3caf9f2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3479c9c8-b7ba-4704-9359-86fe33620c07} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38200d33-6c95-43ed-bb05-aa6e9be57af8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{387dd594-eca5-4053-b43e-49125a188d0f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49b3f626-1d1b-4018-8ba5-8ccab3fce422} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4fd6fe10-7424-4347-9527-b47ec1e5a5bb} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5183e02d-21d6-4325-8810-191ce7dbfa70} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5319069a-a18e-4a37-98e0-292e949f6302} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{536c1ae5-9000-4349-bdf4-ba9489d68ea1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{566a294b-d4a3-447e-9bc7-c1ad9d4dab68} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{597e9862-08f9-48e8-b2fa-a59bf7b53791} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{599805b6-6faa-46e6-99e6-5f5425f52fd6} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5db349b9-44c9-469f-909b-1e2a4c200b43} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6600c6c2-e8c5-4280-ae77-aaeb1bbbcb7b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6ab213fd-7b4d-4ed1-96a5-b62bcfa0b36b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b22978e-f8a5-437b-8f35-8010d0173441} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6b3b803b-ec5b-4e8b-b3d5-a9f6e0418565} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70c1cc74-496c-42ce-acb4-768407d505ce} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71d71cd3-3ade-409a-92e9-760def7e73ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{722c97fb-2966-424d-9432-fb0ae9275dd2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72b1c0d3-3957-453a-8f48-48cb854a569e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{73766aaa-d49b-4fea-a46b-b288b97a91df} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{737ebf2a-41a0-4c01-8476-30fa38580c03} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76dd8871-d61f-497c-8fb4-1886a73986e0} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{79b9cdad-6160-468b-8c95-47fa426cb081} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7b57f151-f41c-49e1-a83f-8543867d2fea} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ebc5c68-c80a-41b2-bd12-0d51a3efd683} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{815ff77e-a436-4485-8137-75fbe65eba2d} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{87da8e65-15bc-4b5d-8a7d-649f81a4003b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8bfed1cd-14f8-497d-90f1-bada7d1e7f4e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8df45a28-2cf7-4175-ac04-ce45d26b7d0b} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90305b36-8d00-48b6-bc2d-ae2131a50f64} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{975b8fb4-a107-4b4c-a811-d3560c5b70b8} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ada0fb8-1133-4c07-a46e-eaa8b6982727} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9e809c16-5c6e-47e9-a58e-3d8cecaac5fe} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a5357862-4be9-4eeb-af92-02efd2a2a8a8} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aeebd295-3f93-4745-9208-57ba25305136} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6ae969b-8eb6-4173-a696-ca39a0a50165} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b7ef28d0-1b74-4fad-8226-4c5e0a467106} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c0405c55-b010-4b29-b1c1-4a9968a0eab6} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1941056-f303-4db8-b014-48b70a2b9048} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ca243c53-890c-4e0e-ba24-6c01431993b3} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cea21171-37d9-48c1-bc42-466071222381} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d63fc539-120d-4db8-ab0d-cd1eb7c960b9} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{db0c739d-8790-4a6b-9f9f-de43c08a6e23} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dc16bb9b-f6ff-4e4f-85ee-f5b0c94d6d13} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec66f0db-f509-42c8-b0f3-92eaf64affad} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8af8de8-bf15-4e9f-8601-f0985a1e8759} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a521ac73-b0b9-48a4-82c2-454156af0e26} (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{31ce147e-178c-4c35-9520-319db1143a2f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{008addc3-3b8f-40e1-b56f-c12b6219d91c} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00f50f76-117d-4564-8a78-e76a2d11ab6f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2013135b-7839-46ec-9989-dc829a44c11f} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2019678f-9f33-487e-bee4-f80f9e7ac345} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{214102ae-43ce-4003-a47b-65506607af73} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31a4603e-339a-49a2-a412-63d6ca08328e} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3ac92a1f-794b-4480-a7f7-475cf4506fe2} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{449707ce-2a4c-4c1e-83af-a120e4f9c3ba} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50e30a50-4f4c-443a-9d00-fb4ae5c04df1} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52d4274a-d2f9-44dd-8690-a59d3b75cc62} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5a5f69a7-0eea-4852-9592-274b7a7ddc33} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a0e8a48-a5b5-453e-b548-0199cbe4a218} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e6b475e-b462-413b-b4ab-c05cc145f4a7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7332d44f-07b2-49d6-b4b2-3b3e5668995d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7dbd1d47-db41-4de3-a97b-f81cbc6bbc39} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84e5bb82-a15f-463a-b185-5905d872e48d} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{875a7ee8-87ef-47cc-8850-d8e27e96e53a} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9382ed95-cd10-4c03-a651-cadec1b225ae} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{955bf87c-3760-4ac5-87a5-a307e048c9d7} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b10104cd-b681-4a63-b316-c9f4edc97190} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3aa1f3c0-7fbb-410f-9b19-e3838a6e3e42} (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0661233-42d4-f7f1-80e1-8a9e0e99e71d} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingtool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xbtb05670.xbtb05670toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\EasySpywareCleaner\Quarantine (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Infected (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKCURun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnce (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\HKLMRun\RunOnceEx (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuAllUsers (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\Autorun\StartMenuCurrentUser (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\spy-rid.com\SpyRid\BrowserObjects (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Hot internet offers (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Program Files\Spy-Rid\krnl.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Installation programme\soundforge 7\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Installation programme\SOUNDFORGE 8+CRACK\Crack\Sony SoundForge 8 - KeyGen Retail.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000522.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001574.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001575.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000523.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002686.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002687.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006429.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006430.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0006591.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0006592.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007678.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007679.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007867.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007868.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0010845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0010846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0011845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0011846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0012845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0012846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0013845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0013846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014846.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014847.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0015873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0015874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016873.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003314.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003315.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003407.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003408.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003439.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003440.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003767.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003768.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003801.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003802.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003958.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003959.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003994.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003995.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006046.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006047.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006071.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006072.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\117734.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down\175156.exe (Trojan.Packed) -> Quarantined and deleted successfully.
C:\Program Files\Hot internet offers\offers.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\12_03_2008.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\msvcp71.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\msvcr71.dll (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Spy-Rid.exe.local (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\Spy-Rid\Spy-Rid.exe.log (Rogue.Spy-Rid) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\BrowsingTool.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\pcre3.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingTool\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\MELINA\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.

jlpjlp · Answer

ok tu es infecté par bagle, cela vient de cracks téléchargés! vire les puis




Telecharge FindyKill sur ton bureau : 

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

rabetsimeli · Answer

Re,

Effectivement je me doutais que cela venait de là, merci.

Le scan:


############################## [ FindyKill V4.716 ] 

# User : MELINA (Administrateurs) # XPSP2-223B9AA05
# Update on 10/02/09 by Chiquitine29
# Start at: 12:10:09 | 12/02/2009

# AMD Athlon(tm) XP 2500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# J:\ # Disque amovible
 
############################## [ Processus actifs ] 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
################## [ Processus infectieux stoppés ]  
 
"C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe"  (1272)
"C:\WINDOWS\system32\wintems.exe"  (3148)
 
################## [ Fichiers / Dossiers infectieux C:\ ] 
 
Found ! - "C:\Avenger" 
 
################## [ C:\WINDOWS ] 
 
 
################## [ C:\WINDOWS\Prefetch ] 
 
Found ! - C:\WINDOWS\prefetch\104531.EXE-076553BC.pf 
Found ! - C:\WINDOWS\prefetch\112078.EXE-07A63799.pf 
Found ! - C:\WINDOWS\prefetch\119593.EXE-1F9B37F9.pf 
Found ! - C:\WINDOWS\prefetch\170156.EXE-32553D70.pf 
Found ! - C:\WINDOWS\prefetch\187375.EXE-0258371D.pf 
Found ! - C:\WINDOWS\prefetch\543031.EXE-0AE24D15.pf 
Found ! - C:\WINDOWS\prefetch\550890.EXE-2E16C6CA.pf 
Found ! - C:\WINDOWS\prefetch\587265.EXE-2078B675.pf 
Found ! - C:\WINDOWS\prefetch\598203.EXE-15A10EF0.pf 
Found ! - C:\WINDOWS\prefetch\98593.EXE-3866B706.pf 
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-03D5BD6F.pf 
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
 
################## [ C:\WINDOWS\system32 ] 
 
Found ! - C:\WINDOWS\system32\mdelk.exe 
Found ! - C:\WINDOWS\system32\wintems.exe 
Found ! - C:\WINDOWS\system32\ban_list.txt 
 
################## [ C:\WINDOWS\system32\drivers ] 
 
 
################## [ C:\Documents and Settings\MELINA\Application Data ] 
 
Found ! - "C:\Documents and Settings\MELINA\Application Data\m\flec006.exe" 
Found ! - "C:\Documents and Settings\MELINA\Application Data\m" 
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers" 
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys" 
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys" 
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe" 
Found ! - "C:\Documents and Settings\MELINA\Application Data\drivers\downld" 
 
################## [ C:\DOCUME~1\MELINA\LOCALS~1\Temp ] 
 
 
################## [ Registre / Clés infectieuses ] 
 
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\bisoft 
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\DateTime4 
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FFC 
Found ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FirtR 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_CURRENT_USER\Software\bisoft 
Found ! - HKEY_CURRENT_USER\Software\DateTime4 
Found ! - HKEY_CURRENT_USER\Software\FirtR 
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit   
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe   
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key   
 
 
################## [ Etat / Services ] 
 
# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot 
 
 # Mode sans echec non fonctionnel !! 
 
# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal 
 
 # Mode sans echec non fonctionnel !! 
 
# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network 
 
 # Mode sans echec non fonctionnel !! 
 
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ] 

Ndisuio # Type de démarrage = 4 
 
EapHost # Type de démarrage = 3 
 
Ip6Fw # Type de démarrage = 4 
 
SharedAccess # Type de démarrage = 4 
 
wuauserv # Type de démarrage = 4 
 
wscsvc # Type de démarrage = 4 
 
 
################## [ Recherche dans supports amovibles] 
 
# presence des fichiers :  

 
################## [ Registre / Mountpoint2 ] 
 
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}\Shell\AutoRun\command   
 
################## [ ! Fin du rapport # FindyKill V4.716 ! ]

jlpjlp · Answer

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides 


_______________________________



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

rabetsimeli · Answer

re,

1/ rapport Findkill:


############################## [ FindyKill V4.716 ] 

# User : MELINA (Administrateurs) # XPSP2-223B9AA05
# Update on 10/02/09 by Chiquitine29
# Start at: 12:40:41 | 12/02/2009

# AMD Athlon(tm) XP 2500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1296 [VPS 090206-0] 4.8.1296 [ (!) Disabled | Updated ]

# C:\ # Disque fixe local # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# J:\ # Disque amovible
 
############################## [ Active Processes ]  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
################## [ Infected Files / Folders C:\ ] 
 
Deleted ! - "C:\Avenger\m\shared"  
Deleted ! - "C:\Avenger\m"  
Deleted ! - "C:\Avenger"  
 
################## [ C:\WINDOWS ] 
 
 
################## [ C:\WINDOWS\Prefetch ] 
 
Deleted ! - C:\WINDOWS\prefetch\104531.EXE-076553BC.pf 
Deleted ! - C:\WINDOWS\prefetch\112078.EXE-07A63799.pf 
Deleted ! - C:\WINDOWS\prefetch\119593.EXE-1F9B37F9.pf 
Deleted ! - C:\WINDOWS\prefetch\170156.EXE-32553D70.pf 
Deleted ! - C:\WINDOWS\prefetch\187375.EXE-0258371D.pf 
Deleted ! - C:\WINDOWS\prefetch\543031.EXE-0AE24D15.pf 
Deleted ! - C:\WINDOWS\prefetch\550890.EXE-2E16C6CA.pf 
Deleted ! - C:\WINDOWS\prefetch\587265.EXE-2078B675.pf 
Deleted ! - C:\WINDOWS\prefetch\598203.EXE-15A10EF0.pf 
Deleted ! - C:\WINDOWS\prefetch\98593.EXE-3866B706.pf 
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-03D5BD6F.pf 
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-33125E68.pf 
 
################## [ C:\WINDOWS\system32 ] 
 
Deleted ! - C:\WINDOWS\system32\mdelk.exe  
Deleted ! - C:\WINDOWS\system32\wintems.exe  
Deleted ! - C:\WINDOWS\system32\ban_list.txt  
 
################## [ C:\WINDOWS\system32\drivers ] 
 
 
################## [ C:\Documents and Settings\MELINA\Application Data ] 
 
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\m\flec006.exe"  
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\m"  
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\srosa2.sys"  
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\wfsintwq.sys"  
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe"  
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers\downld"  
Deleted ! - "C:\Documents and Settings\MELINA\Application Data\drivers"  
 
################## [ Cleaning Temp Files... ] 
 
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_1[3].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_2[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_2[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_3[3].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\b64_6[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[3].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\mxd[4].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\BXPSJXFG\servernames[1].htm     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64[3].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_1[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_2[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_2[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_3[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_3[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_6[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\b64_6[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\file[1].txt     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\QUI5KROE\file[2].txt     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_1[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_1[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_2[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_6[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\b64_6[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\mxd[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\XOE36D3H\mxd[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[3].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64[4].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_1[3].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_2[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_3[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_6[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\b64_6[2].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\mxd[1].jpg     
Deleted ! - C:\Documents and Settings\MELINA\Local Settings\Temporary Internet Files\Content.IE5\YUBBITAY\servernames[1].htm     
 
################## [  Registry / Infected keys ]  
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_CURRENT_USER\Software\bisoft   
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4   
Deleted ! - HKEY_CURRENT_USER\Software\FirtR   
Deleted ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! - HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\Software\FFC   
 
################## [ States / Restarting of services ]  
 
# Safe boot mode restored ! 
# Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio # Type of startup  = 3 
 
EapHost # Type of startup  = 2 
 
Ip6Fw # Type of startup  = 2 
 
SharedAccess # Type of startup  = 2 
 
wuauserv # Type of startup  = 2 
 
wscsvc # Type of startup  = 2 
 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
 
################## [ Registry / Mountpoint2 ] 
 
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}\Shell\AutoRun\command  
 
################## [ Searching Other Infections ] 
 
# Références de comparaison Bagle MD5 :

d8f3958d C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe 
23df44d298f1a9fd16fa87cfeefcc65f C:\Documents and Settings\MELINA\Application Data\drivers\winupgro.exe 

 
################## [ ! End of Report # FindyKill V4.716 ! ] 
                    
Scan avec Active scan: Est ce que je dois désinfecter le PC comme il me le propose?

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-12 19:16:18
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1296 [VPS 090206-0]     4.8.1296                      No        Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@atdmt[2].txt
00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@tradedoubler[1].txt
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@fastclick[1].txt
00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@tribalfusion[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@mediaplex[2].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@xiti[1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@ad.yieldmanager[1].txt
00168076  Cookie/BurstNet                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@burstnet[2].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@advertising[2].txt
00170556  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@realmedia[1].txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@zedo[1].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@bluestreak[1].txt
00184846  Cookie/Adrevolver                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@adrevolver[2].txt
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\MELINA\Cookies\melina@smartadserver[1].txt
00583014  Trj/LdPinch.AUE                    Virus/Trojan        No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017301.exe
00584667  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
00584667  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017068.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000214.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000217.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000218.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000528.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000533.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0000534.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006055.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001582.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001583.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002688.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002690.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0002691.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006409.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006432.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP10\A0006433.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007575.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007582.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007583.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007685.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007686.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP11\A0007687.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0007719.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014849.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0014876.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016877.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016879.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0016880.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017065.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017066.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017067.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP1\A0001580.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017116.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017132.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017133.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017134.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017137.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017146.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017152.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017172.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017174.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017176.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017183.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017187.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017231.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017232.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017278.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017294.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017322.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017311.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006073.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017359.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017360.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017361.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017438.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017439.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017469.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017474.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017475.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017483.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017504.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017530.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017619.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017815.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017829.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017859.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017896.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017913.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017921.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017957.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0017988.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018010.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018024.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018044.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018062.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018080.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018089.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018099.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018105.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018106.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018109.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018112.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018113.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018116.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018129.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018139.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018145.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018150.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018173.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018174.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018183.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018216.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP12\A0018231.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003317.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003318.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP2\A0003319.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003332.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003333.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003444.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003445.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003773.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003774.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003803.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003805.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP5\A0003806.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003960.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003963.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003964.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0003996.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0004000.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP6\A0004001.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004019.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004020.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP7\A0004023.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006052.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{F1F33DDC-C67B-4879-8D94-26DCC80733CA}\RP8\A0006054.exe
02990320  Application/BoontyGames            HackTools           Yes       0         Yes            No           C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
03541233  HackTool/Rebooter                  HackTools           No        0         Yes            No           C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              d
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                d
;===================================================================================================================================================================================
;===================================================================================================================================================================================

jlpjlp · Answer

télécharge OTMoveIt

http://oldtimer.geekstogo.com/OTMoveIt3.exe

(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.




:files
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\BOONTY Shared


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________________

désactive ta restauration puis redemarre ton ordi puis réactive la:

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

_______________________

vire ton antivirus puis reinstalle le ainsi que toutes tes protections et dis si elles marchent
________________________
mets un rapport  hijkahcits

rabetsimeli · Answer

Re,

Le rapport OTMo...

========== FILES ==========
File/Folder C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb­arNotifier.exe not found.
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_200931

Que veut dire: "désactive ta  restauration puis redemarre ton ordi puis réactive la"

jlpjlp · Answer

vire le fichier googltoolbar notifier
en allant manuellement dans psote de travail puis

C:\Program Files\Google\GoogleToolbarNotifier




_________________

pour desactiver la restauration tu as le lien en bleu qui explique dans le message précedent

rabetsimeli · Answer

Re,

Bon bein antivirus et protections refonctionnent normalement, c super! Merci!
Suis-je pour autant encore virusé, étant donné que mon pc est toujours lent?
Je n'arrive toujours pas a avoir le son? Est ce que tu pense que c lié aux virus puisque c arrivé en même temps ou est ce parce qu'il faut que je change de carte son?

Rapport Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:39, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

Liens
R3 - URLSearchHook: Yahoo! Toolbar - 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program 

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers 

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 

Files\Java\jre6\bin\ssv.dll
O2 - BHO: XBTP05670 - {793A9CBF-8B4E-4026-B25A-27F3A48B32E9} - 

(no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no 

file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - 

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - 

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program 

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - 

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program 

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - 

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program 

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI 

Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control 

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA 

Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program 

Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd 

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y 

"%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" 

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] 

%systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd 

(User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program 

Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd 

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program 

Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd 

(User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - 

C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - 

{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe 

(file missing)
O9 - Extra button: Recherche - 

{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network 

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} 

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 

Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} 

- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program 

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - 

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - 

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil 

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil 

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil 

Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers 

communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision 

Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 

32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun 

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program 

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

jlpjlp · Answer

vire ad aware 2007 car dépassé . as tu essayé de réinstaller les pilotes de la carte son?

rabetsimeli · Answer

J'ai viré avant le scan Hijackthis ad-aware 2007 pour mettre une version d'essai gratuite à la place.
Pour les drivers de la carte son, je suis en train de remettre de l'ordre.
Tu penses que y'a d'autre choses a vérifier?

jlpjlp · Answer

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
&#9679; Double clique sur l'icône Ad-removersituée sur ton bureau
&#9679; Au menu principal choisi l'option "A"
&#9679; Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.









rq:


pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR  ou ((Avast))
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

rabetsimeli · Answer

Merci pour les multiples infos, ça me sera bien utile. 
Par contre le lien que tu m'a envoyé ne fonctionne plus. Je suis allée directement sur le site , mais j'ai peur de télécharger le mauvais produit.
Est ce que tu aurais une autre référence?

Merci.

jlpjlp · Answer

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

https://www.commentcamarche.net/contents/826-installer-un-firewall-avec-zonealarm

http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

rabetsimeli · Answer

Bonjour,

Quand je te disais que le lien ne fonctionnait pas c'était concernant AD-Remover, afin que je puisse te faire un scan comme tu me l'avais demandé, sauf si tu pense que ce n'est plus utile.
Désolé j'aurais du être plus clair.

jlpjlp · Answer

ok

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

rabetsimeli · Answer

Merci,

Voilà le résultat:


------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 12:54:23 | Mer 18/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: XPSP2-223B9AA05
Current User: MELINA - Administrator
Drive(s): 
- C:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 38

+-----------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKLM\Software\Boonty
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\System\ControlSet003\Services\Boonty Games
.
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: n8vkshc2.default
.
Prefs.js: Browser.Search.DefaultEngineName:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2708 Bytes] - "C:\Ad-Report-Scan-18.02.2009.log"
-

End at: 12:55:35 | 18/02/2009
.
+-----------------| E.O.F - 64 Lines
.

jlpjlp · Answer

parfait relance pour finir ad remover, choisi l'option B et vire boonty

rabetsimeli · Answer

VOICI LE RAPPORT:


------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

*** LIMITED TO ***

Boonty/BoontyGames

******************

Start at: 13:28:00 | Mer 18/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: XPSP2-223B9AA05
Current User: MELINA - Administrator
Drive(s): 
- C:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 38

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

Service: "Boonty Games"
.
HKLM\Software\Boonty
HKLM\System\ControlSet003\Services\Boonty Games
.
C:\Documents and Settings\All Users\Application Data\BOONTY

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: n8vkshc2.default
.
Prefs.js: Browser.Search.DefaultEngineName:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-854245398-1326574676-1801674531-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2677 Bytes] - "C:\Ad-Report-Clean-18.02.2009.log"
[~2840 Bytes] - "C:\Ad-Report-Scan-18.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\18.02.2009 - Prefs.js
C:\Program Files\Ad-remover\TOOLS\BACKUP\18.02.2009 - User.js

End at: 13:29:39 | 18/02/2009
.
+-----------------| E.O.F - 59 Lines
.

jlpjlp · Answer

comment se comporte le pc ?

rabetsimeli · Answer

Assez bien. C'est un vieux pc avec un disque de 80Go, donc c'est peu être normal qu'il soit un peu lent. En fait, il marche beaucoup mieux maintenant qu'on a viré pas mal de trucs, mais il était plus rapide quand on m'avait installé windows. Je suppose que c'est normal, là j'ai 34Go de libre sur 76.
Tu pense que c'est bon?

jlpjlp · Answer

oui cela devrait être bon . Remets un rapport rsit que le vérifie. À plus

rabetsimeli · Answer

salut,

Le rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by MELINA at 2009-02-19 14:22:14
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 35 GB (45%) free of 78 GB
Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:35, on 19/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\MELINA\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MELINA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: XBTP05670 - {793A9CBF-8B4E-4026-B25A-27F3A48B32E9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

jlpjlp · Answer

ok il en reste fais ceci et cela devrait etre bon!

(c'est une infection transitant par les disques externes comme les clés usb ...)

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Program Files\WinIFixer\WinIFixer.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinIFixer]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d48e6cb-bfe3-11dd-b7c9-000ea62d8df3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7111fa75-1f22-11dc-b57b-000e9bae5697}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{927aa350-b94b-11dc-b66f-000ea62d8df3}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

_____________________

Télécharge RavAntivirus d'Evosla : (a faire sur tous les pc en contact avec tes clés usb, et faire avec toutes les clés branchées)
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_______________________

lance tools cleaner pour virer ce qui a été utilisé:
et colle le rapport
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

rabetsimeli · Answer

ok, par contre "au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. ", il ne m'a jamais proposé cela, du coup j'espère que ça ne change rien pour toi.

le rapport:

ComboFix 09-02-18.01 - MELINA 2009-02-19 18:19:13.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.257 [GMT 1:00]
Lancé depuis: c:\documents and settings\MELINA\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\MELINA\Bureau\CFscript .txt
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
c:\program files\WinIFixer\WinIFixer.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MELINA\Application Data\drivers\downld
c:\documents and settings\MELINA\Menu D‚marrer\Programmes\PlayMP3z
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.

2009-02-19 14:22 . 2009-02-19 14:22 <REP> d-------- C:\rsit
2009-02-19 13:29 . 2005-02-24 12:10 2,084,864 --a------ c:\windows\system32\AudDesign.dll
2009-02-19 13:29 . 2005-03-11 17:37 1,986,560 --a------ c:\windows\system32\AudFile.dll
2009-02-19 13:29 . 2005-02-24 12:11 1,212,416 --a------ c:\windows\system32\AudioInfos.dll
2009-02-19 13:29 . 2005-02-24 12:11 479,232 --a------ c:\windows\system32\AudioVisu.dll
2009-02-19 13:29 . 2005-02-24 15:21 458,752 --a------ c:\windows\system32\AudPlayer.dll
2009-02-19 13:29 . 2005-03-10 16:00 454,656 --a------ c:\windows\system32\AudioRecord.dll
2009-02-19 13:29 . 2005-02-24 12:10 417,792 --a------ c:\windows\system32\AudDisplay.dll
2009-02-19 13:29 . 1998-06-24 00:00 164,144 --a------ c:\windows\system32\COMCT232.OCX
2009-02-19 13:29 . 2005-01-10 12:54 116,296 --a------ c:\windows\system32\NCTWMAProfiles.prx
2009-02-19 13:27 . 2004-03-08 23:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-02-19 13:27 . 2004-03-08 23:00 224,016 --a------ c:\windows\system32\TABCTL32.OCX
2009-02-19 13:27 . 1998-07-12 23:00 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-02-19 13:27 . 2000-10-01 19:00 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-02-19 13:27 . 1999-03-25 19:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-02-19 13:27 . 1998-07-12 23:00 59,904 --a------ c:\windows\system32\Mscc2fr.dll
2009-02-19 13:27 . 1998-07-12 19:00 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-02-19 13:27 . 1998-07-12 23:00 21,504 --a------ c:\windows\system32\TABCTFR.DLL
2009-02-19 13:27 . 1998-07-12 23:00 15,360 --a------ c:\windows\system32\inetfr.DLL
2009-02-18 19:27 . 2009-02-18 19:27 <REP> d-------- c:\program files\HD Tune
2009-02-18 18:46 . 2009-02-18 18:46 <REP> d-------- C:\rapget download
2009-02-18 18:45 . 2009-02-18 18:47 <REP> d-------- c:\program files\rapget141
2009-02-18 12:52 . 2009-02-18 13:26 <REP> d-------- c:\program files\Ad-remover
2009-02-17 19:38 . 2009-02-17 19:38 <REP> d-------- C:\NV33483744.TMP
2009-02-17 18:07 . 2009-02-17 18:07 <REP> d-------- C:\NV37722956.TMP
2009-02-17 15:51 . 2009-02-17 15:51 <REP> d-------- c:\program files\Realtek AC97
2009-02-17 11:29 . 2009-02-18 19:34 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-17 11:29 . 2009-02-17 11:29 1,409 --a------ c:\windows\QTFont.for
2009-02-14 13:56 . 2009-02-14 13:56 <REP> d-------- c:\program files\Turtle Odyssey 2
2009-02-13 15:03 . 2009-02-13 15:03 <REP> d-------- c:\windows\Drivers
2009-02-13 15:03 . 2005-07-15 15:02 56,960 --a------ c:\windows\system32\drivers\ousb2hub.sys
2009-02-13 15:03 . 2005-07-15 15:02 45,696 --a------ c:\windows\system32\drivers\ousbehci.sys
2009-02-13 14:42 . 2006-04-24 17:52 289,792 --a------ c:\windows\system32\idecoiins.dll
2009-02-13 14:42 . 2005-08-03 14:52 33,280 --a------ c:\windows\system32\NVCOI.DLL
2009-02-13 14:33 . 2009-02-13 14:34 <REP> d-------- c:\program files\SystemRequirementsLab
2009-02-13 14:33 . 2009-02-13 14:33 <REP> d-------- c:\documents and settings\MELINA\Application Data\SystemRequirementsLab
2009-02-13 01:16 . 2009-02-13 01:16 <REP> d-------- C:\NV40321296.TMP
2009-02-13 01:16 . 2009-02-13 01:16 <REP> d-------- C:\NV37443928.TMP
2009-02-12 23:41 . 2009-02-13 00:30 13,030 --a------ C:\PDOXUSRS.NET
2009-02-12 23:40 . 2009-02-12 23:40 <REP> d-------- c:\program files\SdLL
2009-02-12 22:17 . 2009-02-12 22:17 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-12 22:13 . 2009-02-12 22:13 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-12 21:44 . 2009-02-12 21:44 <REP> d-------- c:\program files\CCleaner
2009-02-12 13:32 . 2009-02-12 13:32 <REP> d-------- c:\program files\Panda Security
2009-02-12 13:32 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-12 12:59 . 2009-02-19 18:20 <REP> d--h----- c:\documents and settings\MELINA\Application Data\drivers
2009-02-12 12:09 . 2009-02-12 12:45 <REP> d-------- c:\program files\FindyKill
2009-02-12 10:41 . 2009-02-12 10:41 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 10:41 . 2009-02-12 10:41 <REP> d-------- c:\documents and settings\MELINA\Application Data\Malwarebytes
2009-02-12 10:41 . 2009-02-12 10:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 10:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 10:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 20:21 . 2009-02-11 20:24 <REP> d-------- C:\Hijackthis
2009-02-11 14:58 . 2009-02-11 14:58 <REP> d-------- c:\documents and settings\MELINA\Application Data\JoyBits
2009-02-10 04:40 . 2009-02-10 04:40 <REP> d-------- c:\documents and settings\MELINA\Application Data\Home Sweet Home
2009-02-10 04:15 . 2009-02-10 04:15 <REP> d-------- c:\documents and settings\MELINA\Application Data\Boomzap
2009-02-09 22:06 . 2009-02-09 22:06 <REP> d-------- c:\program files\Intel Desktop Board
2009-02-09 17:12 . 2009-02-09 18:44 <REP> d-------- c:\documents and settings\MELINA\Application Data\Big Fish Games
2009-02-09 13:10 . 2009-02-09 13:10 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
2009-02-08 21:01 . 2009-02-08 21:01 <REP> d-------- c:\program files\NVIDIA Corporation
2009-02-08 21:01 . 2009-02-08 21:01 <REP> d-------- c:\program files\Fichiers communs\NVIDIA Shared
2009-02-08 20:58 . 2009-02-08 20:58 <REP> d-------- C:\NV8402568.TMP
2009-02-08 20:58 . 2009-02-08 20:58 <REP> d-------- C:\NV20641060.TMP
2009-02-08 20:58 . 2004-06-24 18:57 172,032 --a------ c:\windows\system32\nvumctl.exe
2009-02-08 20:58 . 2004-06-18 02:30 1,217 --a------ c:\windows\system32\nvmctl.nvu
2009-02-08 19:41 . 2009-02-08 19:41 <REP> d-------- c:\program files\PC Drivers HeadQuarters
2009-02-08 19:41 . 2009-02-08 19:41 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-02-08 19:29 . 2009-02-08 19:29 <REP> d-------- c:\program files\Uniblue
2009-02-08 19:28 . 2009-02-08 19:29 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-02-08 18:46 . 2009-02-08 18:46 <REP> dr-h----- C:\AHCache
2009-02-08 15:19 . 2009-02-08 15:29 <REP> d-------- c:\windows\SxsCaPendDel
2009-02-08 11:20 . 2009-02-08 20:32 22 --a------ c:\windows\system32\ati64hlp.stb
2009-02-08 10:57 . 2008-03-06 16:23 442,368 --a------ c:\windows\system32\NVUninst.exe
2009-02-08 10:56 . 2004-06-18 14:57 172,032 --a------ c:\windows\system32\nvuide.exe
2009-02-08 10:56 . 2004-06-18 02:30 464 --a------ c:\windows\system32\nvide.nvu
2009-02-08 10:55 . 2006-04-14 14:00 208,896 --a------ c:\windows\system32\nvugart.exe
2009-02-08 10:55 . 2006-04-14 14:00 208,896 --a------ c:\windows\system32\nvuenet.exe
2009-02-08 10:55 . 2004-06-24 18:57 172,032 --a------ c:\windows\system32\nvusmb.exe
2009-02-08 10:55 . 2004-04-27 15:22 2,124 --a------ c:\windows\system32\nvgart.nvu
2009-02-08 10:55 . 2005-10-19 12:49 1,864 -ra------ c:\windows\system32\nvsmb.nvu
2009-02-08 10:55 . 2004-01-12 21:08 1,556 --a------ c:\windows\system32\nvenet.nvu
2009-02-07 20:33 . 2009-02-07 20:35 <REP> d-------- c:\documents and settings\MELINA\Application Data\vlc
2009-02-07 16:56 . 2009-02-07 16:56 <REP> d-------- c:\documents and settings\MELINA\Application Data\ATI
2009-02-07 16:50 . 2006-01-26 08:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-02-07 16:49 . 2009-02-08 11:13 <REP> d-------- c:\program files\ATI Technologies
2009-02-07 16:48 . 2009-02-07 16:48 <REP> d-------- C:\ATI
2009-02-07 11:14 . 2009-02-07 11:16 <REP> d-------- c:\documents and settings\MELINA\Application Data\SecretIslandFraBF
2009-02-06 23:53 . 2009-02-07 08:43 <REP> d-------- c:\windows\system32\ZoneLabs
2009-02-06 23:53 . 2009-02-06 23:53 <REP> d-------- c:\program files\Zone Labs
2009-02-06 23:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2009-02-06 23:53 . 2009-02-07 08:43 352,623 --a------ c:\windows\system32\vsconfig.xml
2009-02-06 23:50 . 2009-02-07 08:43 <REP> d-------- c:\windows\Internet Logs
2009-02-06 23:28 . 2009-02-11 20:23 <REP> d-------- c:\program files\trend micro
2009-02-06 23:25 . 2009-02-06 23:25 <REP> d-------- c:\program files\NFO viewer
2009-02-06 15:06 . 2009-02-06 15:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-01-26 14:57 . 2009-02-09 15:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-01-26 09:16 . 2009-01-26 09:16 <REP> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-01-24 18:23 . 2009-01-24 18:23 <REP> d-------- c:\documents and settings\MELINA\Application Data\Artogon
2009-01-24 11:09 . 2009-01-24 11:16 <REP> d-------- c:\documents and settings\MELINA\Application Data\Ancient Quest of Saqqarah__bfg
2009-01-24 09:51 . 2009-01-24 09:51 <REP> d-------- c:\documents and settings\MELINA\Application Data\Meridian93
2009-01-24 07:52 . 2009-01-24 07:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SecretsOfOlympus
2009-01-23 17:19 . 2009-01-23 17:19 <REP> d-------- c:\documents and settings\MELINA\Application Data\URSE Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 13:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-12 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-12 21:13 --------- d-----w c:\program files\Lavasoft
2009-02-12 20:27 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-12 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-12 20:26 --------- d-----w c:\program files\Google
2009-02-10 03:10 --------- d-----w c:\program files\UBISOFT
2009-02-10 01:48 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-02-09 17:13 --------- d-----w c:\documents and settings\MELINA\Application Data\PlayFirst
2009-02-09 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-02-09 15:39 --------- d-----w c:\documents and settings\MELINA\Application Data\Skype
2009-02-09 15:06 --------- d-----w c:\documents and settings\MELINA\Application Data\skypePM
2009-02-08 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 19:34 --------- d-----w c:\documents and settings\MELINA\Application Data\dvdcss
2009-02-06 21:36 --------- d-----w c:\program files\eMule
2009-01-26 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\JollyBear
2009-01-14 11:44 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-12 23:36 774,144 ----a-w c:\program files\RngInterstitial.dll
2009-01-12 23:36 --------- d-----w c:\program files\Real
2009-01-09 18:49 --------- d-----w c:\program files\Zylom Games
2009-01-09 18:43 --------- d-----w c:\documents and settings\MELINA\Application Data\GameHouse
2009-01-09 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-01-06 09:44 --------- d-----w c:\documents and settings\MELINA\Application Data\uTorrent
2008-12-25 13:58 --------- d-----w c:\program files\MySpace
2008-12-25 13:58 --------- d-----w c:\documents and settings\MELINA\Application Data\MySpace
2008-12-22 19:11 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-20 17:18 --------- d-----w c:\program files\bfgclient
2008-02-22 18:28 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-09-08 11:56 439 -c--a-w c:\program files\Téléchargements.lnk
2008-04-14 02:33 65,024 -csha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 -csha-w c:\windows\system32\mfc42.dll
2001-08-24 12:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2001-08-24 12:00 253,952 -csha-w c:\windows\system32\msvcrt20.dll
2008-04-14 02:33 551,936 --sha-w c:\windows\system32\oleaut32.dll
2008-04-14 02:33 84,992 -csha-w c:\windows\system32\olepro32.dll
2008-04-14 02:33 30,749 -csha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-12 509784]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.xvid"= xvid.dll
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a--c--- 2005-05-11 01:46 200069 c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2002-07-18 17:36 28672 c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-12-10 08:44 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a--c--- 2006-12-06 00:38 707360 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\pd\\bin\\pd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-12 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-12 28544]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-12-22 102528]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-12-22 10368]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-12 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-02-13 45696]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-05-27 33792]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-02-13 56960]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2006-12-22 36048]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\drivers\WlanUIG.sys [2007-02-18 381312]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\system32\drivers\usbiad.sys [2006-12-26 31547]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-12 22:16]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-nForce Tray Options - sstray.exe

.
------- Examen supplémentaire -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MELINA\Application Data\Mozilla\Firefox\Profiles\n8vkshc2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\MELINA\Application Data\Mozilla\Firefox\Profiles\n8vkshc2.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 18:24:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-19 18:28:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-19 17:28:46

Avant-CF: 36ÿ551ÿ790ÿ592 octets libres
AprÞs-CF: 36,616,757,248 octets libres

320 --- E O F --- 2009-02-13 11:02:39

rabetsimeli · Answer

rapport toolscleaner:

[ Rapport ToolsCleaner version 2.3.1 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\MELINA\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\MELINA\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\MELINA\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\MELINA\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\MELINA\Bureau\ccm, 11 fév.09\post 9\FindyKill.txt: trouvé !
C:\Documents and Settings\MELINA\Bureau\ccm, 11 fév.09\post11\hijackthis.log: trouvé !
C:\Documents and Settings\MELINA\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\Program Files	rend micro\HijackThis: trouvé !
C:\Program Files	rend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files	rend micro\HijackThis\hijackthis.log: trouvé !

jlpjlp · Answer

ok rav à rien trouvé? Toolcleaner à tout viré?

rabetsimeli · Answer

Oui Toolscleaner a tout viré.
Par contre j'suis désolée mon frère est passé pendant mon absence et a viré tous ce que tu m'avais dit d'installer (post19), et m'a acheté et installé bit defender.
Du coup mon PC rame a 2 à l'heure, je ne sais pas si c lié, il m'a installé aussi ne nouvelle carte son, car je n'avais plus de son depuis le virus.
Je comprend pas ce qui se passe, juste quand j'arrivais à la fin.

rabetsimeli · Answer

Il rame essentiellement sur Internet, où il met beaucoup de temps a charger une page, mais également les fichiers et dossiers.

jlpjlp · Answer

avant de mettre bitdefender il a viré l'autre antivirus que tu avais????

______________

colle un rapport RSIt ou hijakchtis

rabetsimeli · Answer

Bonjour,

Oui je pense qu'il l'a viré puisque il n'est plus présent sur l'ordinateur, par contre je ne sais pas si il l'a viré avant ou après l'installation de bitdefender. Je pourrais lui demander ce soir.

J'ai utilisé Rsit, 2fichiers sont apparus:

log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by MELINA at 2009-02-24 10:11:18
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 33 GB (42%) free of 78 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:16, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\MELINA\Bureau\RSIT.exe
C:\Program Files	rend micro\MELINA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32un.cmd (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

jlpjlp · Answer

le rapport est bon

désinstalle ad aware via ton panneau de configuration car la version de 2007 est dépassée

et mets a la place spybot sans activer le tea timer lors de l'installation

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html







encore des soucis?

rabetsimeli · Answer

Bonjour,

J'ai viré Adware 2007, j'ai mis spybot à la place (et lancé mise a jour, vaccination, scan sur le système avec supression), j'ai enlevé quelques logiciels inutile, lancé CCleaner, défragmenté mon disque dur et redémarré mon PC, rien a faire c'est toujours plus lent qu'avant d'avoir chopé mon virus.
Je n'y comprend vraiment rien, j'attends toujours une bonne minute avant que Firefox réussisse à se lance pour en plus ramer par la suite, les fichiers c'est la même chose...

Si tu es lassé(é) de rechercher le problème, je comprendrais, ça deviens vraiment pénible!

jlpjlp · Answer

initialise firefox pour voir

http://www.commentcamarche.net/faq/sujet 9525 reinitialiser firefox reset

rabetsimeli · Answer

merci,

J'ai tenté d'entrer la commande "firefox -safe-mode" dans "executer", mais aucune interface s'ouvre comme c'est écrit dans le lien. 
A la place, Firefox m'ouvre simplement une nouvelle page vide avec le moteur de recherche Google.

jlpjlp · Answer

essaye de desinstaller firefox puis de le reinstaller

rq : sauvegarde tes marques pages  avant:
https://www.memepasmal.net

rabetsimeli · Answer

re,

J'ai réinstallé firefox après désinstallation, cela change sensiblement, au démarrage c'est toujours lent et si je ferme et ouvre firefox, la page mets moins de temps a s'ouvrir.
De toute façon je ne sais pas si il reste d'autres solutions, on m'a dit que je n'avais pas assez de rame et qu'il fallait que je change de processeur...

jlpjlp · Answer

combien de ram

et quel processeur?

rabetsimeli · Answer

AMD Athlon(tm) XP 2500+ pour le processeur et 512de rame.

jlpjlp · Answer

ok c'est pas un foudre de guerre mais suffisant pour le net


refais un coup de malwarebyte antimalware pour voir

et scanne avec bitdefender pour voir si il reste rien

et repare windows:

https://www.pcastuces.com/pratique/windows/xp/default.htm

rabetsimeli · Answer

Bonjour,

J'ai scanné avec Bitfender et il m'a trouvé une menace qui concerne deux objets, cela concernait un logiciel de jeux sur internet que j'ai viré de mon ordinateur et déjà mon ordinateur était beaucoup plus rapide!
Concernant repare windows, j'ai abandonné le scan puisqu'il me demandais d'insérer le CD d'origine Windows, seulement j'ai acheté mon ordinateur d'occasion et j'ai pas pensé (n'y connaissant rien) à demander au vendeur le CD d'installation!!

Concernant malwarebyte, voici le résultat:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1807
Windows 5.1.2600 Service Pack 3

27/02/2009 08:14:36
mbam-log-2009-02-27 (08-14-36).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 174988
Temps écoulé: 1 hour(s), 7 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

jlpjlp · Answer

pas de cd ! 

si il y a des erreurs c'est pas top il le faudrait

sinon nettoie avec ccleaner et reg cleaner ton ordi


https://www.malekal.com/tutoriel-ccleaner/

https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/




si encore des erreurs lance zeb restore
mais cré un point de restauration avant au cas ou

http://telechargement.zebulon.fr/zeb-restore.html

rabetsimeli · Answer

Re,

Bon finallement il est toujours aussi lent!

S.O.S virus and Cie - Page 2

Discussions similaires

Newsletters