les logiciels de securité ne fonctionne plus Résolu/Fermé

Question

Bonjour,
avast , zone alarme et meme ccleaner ne demarre plus.ne fonctionne plus ..la desinstalltion ne se passe pas bien.
la reinstallation est bizarre....et toujours ne fonctionne pas
les icones ont disparu de la barre des taches

ufofaysel · Answer

je met le rapport de hijackthis .ça peux peut etre vous aider moi je ne comprend rien je l'ai fait pour vous:lol.  Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:27, on 27/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\documents and settings\faith et sylvie\local settings\application data	hvcwdqf.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Documents and Settings\faith et sylvie\Application Data\m\flec006.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\faith et sylvie\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [thvcwdqf] "c:\documents and settings\faith et sylvie\local settings\application data	hvcwdqf.exe" thvcwdqf
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\faith et sylvie\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\faith et sylvie\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Utilisateur anonyme · Answer

Salut,

Telecharge FindyKill sur ton bureau :

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1  (Recherche)

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Tuto : malekal
Tuto : 01net

Utilisateur anonyme · Answer

re,

quand tu auras posté le rapport (recherche) passe directement a l option 2 de l outils et post egalement son rapport stp

a tout a l heure

ufofaysel · Answer

salut voila le rapport demandé de findykill...mais l'option 2 n'a pas vraiment fonctionné...une fois ça duré plus qu'un quart d'heure sans rien faire et la 2 eme fois ça fait planter le pc

Utilisateur anonyme · Answer

RE , oui et désolé .

tu veux bien relancer l option 2 et choisr une autre langues que le français ? 

ça plantera pas , le pc redémarrera 

merci .

ufofaysel · Answer

rebonjour
ç'a marché..voila le 2 eme rapport de findykill..

############################## [ FindyKill V4.718 ] 

# User : faith et sylvie (Administrateurs) # UNICORNI-59DD08
# Update on 27/02/09 by Chiquitine29
# Start at: 17:20:59 | 27/02/2009

# AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# AV : ZoneAlarm Security Suite Antivirus 7.0.483.000 [ (!) Disabled | (!) Outdated ]
# AV : avast! antivirus 4.8.1335 [VPS 090205-1] 4.8.1335 [ Enabled | (!) Outdated ]
# FW : Bitdefender Firewall[ Enabled ]8.0
# FW : ZoneAlarm Security Suite Firewall[ Enabled ]7.0.483.000

# A:\ # Lecteur de disquettes 3 ? pouces
# C:\ # Disque fixe local # 48,83 Go (2,63 Go free) # NTFS
# D:\ # Disque fixe local # 249,26 Go (232,55 Go free) [Nouveau nom] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
 
############################## [ Active Processes ] 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\documents and settings\faith et sylvie\local settings\application data	hvcwdqf.exe
C:\Documents and Settings\faith et sylvie\Application Data\drivers\winupgro.exe
C:\Documents and Settings\faith et sylvie\Application Data\m\flec006.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
 
################## [ Infected processes stopped ] 
 
"C:\Documents and Settings\faith et sylvie\Application Data\drivers\winupgro.exe"  (556)
"C:\Documents and Settings\faith et sylvie\Application Data\m\flec006.exe"  (568)
 
################## [ Infected Files / Folders C:\ ] 
 
 
################## [ C:\WINDOWS ] 
 
 
################## [ C:\WINDOWS\system32 ] 
 
 
################## [ C:\WINDOWS\system32\drivers ] 
 
 
################## [ C:\.. Application Data ... ] 
 
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\m\flec006.exe"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\m\list.oct"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\m\data.oct"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\m\srvlist.oct"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\m\shared"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\m"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\drivers\wfsintwq.sys"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\drivers\winupgro.exe"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\drivers\downld"  
Deleted ! - "C:\Documents and Settings\faith et sylvie\Application Data\drivers"  
 
################## [  Registry / Infected keys ]   
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_CURRENT_USER\Software\bisoft   
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! - HKEY_USERS\S-1-5-21-117609710-1275210071-839522115-1003\Software\MuleAppData   
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"drvsyskit" 
Deleted ! - HKEY_USERS\S-1-5-21-117609710-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\"drvsyskit" 
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"german.exe" 
Deleted ! - HKEY_USERS\S-1-5-21-117609710-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\"german.exe" 
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"mule_st_key" 
Deleted ! - HKEY_USERS\S-1-5-21-117609710-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\"mule_st_key" 
 
################## [ Cleaning Removable drives ]  
 
# Deleting files : 
 
 
################## [ Registry / Mountpoint2 ] 
 
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc33863-0eb6-11dd-919f-0019db86ee9e}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bc33863-0eb6-11dd-919f-0019db86ee9e}\Shell\open\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6beb1050-7f69-11dd-a90c-0019db86ee9e}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6beb1050-7f69-11dd-a90c-0019db86ee9e}\Shell\open\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6beb1087-7f69-11dd-a90c-0019db86ee9e}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6beb1087-7f69-11dd-a90c-0019db86ee9e}\Shell\open\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9c4a67-68a9-11dd-8ab6-0019db86ee9e}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9c4a67-68a9-11dd-8ab6-0019db86ee9e}\Shell\open\Command  
 
################## [ Searching Other Infections ] 
 
# Références de comparaison Bagle MD5 :

e7d08797 C:\Documents and Settings\faith et sylvie\Application Data\drivers\winupgro.exe 
0dd95f7cad549a33bbeac3128b055fc5 C:\Documents and Settings\faith et sylvie\Application Data\drivers\winupgro.exe 

Suspect ! "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" 
# Taille: 872448 # MD5: 0DD95F7CAD549A33BBEAC3128B055FC5 
 
 
################## [ PEH Corrupted ] 
 
C:\Documents and Settings\faith et sylvie\Bureau\HiJackThis.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Zone Labs\ZoneAlarmepair\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zatutor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
 
################## [ ! End of Report # FindyKill V4.718 ! ]

Utilisateur anonyme · Answer

ok,

merci :

1:

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

2:

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe 

:files 
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe


:commands 
[emptytemp] 
[start explorer] 
[reboot] 



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

ufofaysel · Answer

voici les rapport..j fait vite  car je perd la connexion[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Documents and Settings\faith et sylvie\Bureau\OTMoveIt3.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\faith et sylvie\Bureau\OTMoveIt3.exe: supprimé !
.


2-
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\FAITHE~1\LOCALS~1\Temp\etilqs_cYQQIzvZ9FQGMQM8TGUw scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\FAITHE~1\LOCALS~1\Temp\Perflib_Perfdata_20c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\FAITHE~1\LOCALS~1\Temp\~DFFFEF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_790.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_191230

Files moved on Reboot...
File C:\DOCUME~1\FAITHE~1\LOCALS~1\Temp\etilqs_cYQQIzvZ9FQGMQM8TGUw not found!
File C:\DOCUME~1\FAITHE~1\LOCALS~1\Temp\Perflib_Perfdata_20c.dat not found!
C:\DOCUME~1\FAITHE~1\LOCALS~1\Temp\~DFFFEF.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS	emp\Perflib_Perfdata_790.dat not found!
C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\faith et sylvie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ucoxyhdr.default\urlclassifier3.sqlite moved successfully.

Utilisateur anonyme · Answer

ok...


avast est cuit (win32 nn valide..)

antivir vs avast : 

-> http://forum.malekal.com/ftopic3528.php 


alors je te conseille de le desinstaller et d´installer antivir a la place 

Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->Antivir le telecharger

-> http://www.commentcamarche.net/telecharger/telecharger 55 antivir

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59 

Pour désinstaller Avast telecharge cet outil


ensuite fais un sacn avec antivir (une fois a jours) et post sn rapport STP

ufofaysel · Answer

juste aprés avoir passé findykill g pu desinstaller avast et zone alrme...
aprés avoir fait tte les manups demandé je pense que mon pc comence a se faire une bonne santée.
g reinstallé avast+zalarme et ça l'air de bien fonctionné..mais demaij j'essaierai

Utilisateur anonyme · Answer

ok , ecoute tant mieux , 


perso j en reste là .

MERCI EN TOUT CAS .

ufofaysel · Answer

je me connecte aujourd'hui pour dire merci a chiquitine29...mon probleme est bien resolu et mon pc fonctionne a merveille..encore une fois merci

Les logiciels de securité ne fonctionne plus

12 réponses

Discussions similaires