Sujet Précédent Sujet Suivant

PB TR/Spy/Gen et pubs

Résolu
clementtt Messages postés 44 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour à tous,

Je me permets de vous interpeller suite à un fâcheux problème qui m’inquiète beaucoup. A chaque ouverture de Windows, j ai une alerte Antivir qui me prévient de la présence d’un trojan horse « TR/Spy/Gen ». De plus, un certains nombres de publicités intempestibles s’ouvrent régulièrement (toute les 5 minutes), même quand je ne suis pas sous IE.

J’ai déjà fait quelques tentatives de scan « antivir » et « malwarebytes » sans succès. J’ai bien vidé les fichiers de quarantaine, les dossiers de IE etc… mais rien n’y fait !

La dernière fois que j’ai eu ce problème, j’ai pu le résoudre grâce à l’aide d’une âme très charitable sur ce forum (que je remercie encore). J’aurai aimé cette fois si m’en sortir tout seul mais j’ai peur de faire des bêtises avec mon très précieux outil professionnel (mon pc infecté !).

Si un sauveur se sent le courage de me guider pas à pas pour m’aider à résoudre ce problème, je ne pourrais que lui être très fortement reconnaissant.
Merci par avance,
Clément
A voir également:

46 réponses

Précédent
Réponse 21 / 46
clementtt Messages postés 44 Statut Membre
 
C etait finalement rapide. Voici le rapport :

-------------- UsbFix V2.414.3 ---------------

* User : clement
* Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 1:46:08 le 01/03/2009
* Windows Xp - Internet Explorer 7.0.5730.11

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

+- Contenu de l'autorun : F:\autorun.inf

[AutoRun]
open=
shellexecute=
shell\Auto\command=AdobeR.exe e
shell=Auto

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[29/12/2004 17:12][--a------] C:\AUTOEXEC.BAT
[05/08/2004 05:00][-rahs----] C:\NTDETECT.COM
[07/11/2007 08:03][--a------] C:\install.exe
[31/10/2006 18:34][--ahs----] C:\BOOT.INI
[31/10/2006 18:34][--ahs----] C:\desktop.ini
[31/10/2006 18:34][--ahs----] C:\globdata.ini
[31/10/2006 18:34][--ahs----] C:\install.ini
[20/07/2008 22:11][--a------] C:\rapport.txt
[20/07/2008 22:11][--a------] C:\MaxPath.txt
[20/07/2008 22:11][--a------] C:\eula.2052.txt
[20/07/2008 22:11][--a------] C:\eula.1028.txt
[20/07/2008 22:11][--a------] C:\eula.1031.txt
[20/07/2008 22:11][--a------] C:\eula.1033.txt
[20/07/2008 22:11][--a------] C:\eula.3082.txt
[20/07/2008 22:11][--a------] C:\eula.1036.txt
[20/07/2008 22:11][--a------] C:\eula.1040.txt
[20/07/2008 22:11][--a------] C:\eula.1041.txt
[20/07/2008 22:11][--a------] C:\eula.1042.txt
[20/07/2008 22:11][--a------] C:\DirLook.txt
[20/07/2008 22:11][--a------] C:\UsbFix.txt
[20/07/2008 22:11][--a------] C:\graph.txt
[20/07/2008 22:11][--a------] C:\VRLServer.txt
[20/07/2008 22:11][--a------] C:\vraylog.txt
[29/12/2004 17:12][--a------] C:\CONFIG.SYS
[29/12/2004 17:12][--a------] C:\IO.SYS
[29/12/2004 17:12][--a------] C:\MSDOS.SYS
[29/12/2004 17:12][--a------] C:\pagefile.sys
[29/12/2004 17:12][--a------] C:\hiberfil.sys
[29/12/2004 17:12][--a------] C:\winstat.sys
[29/12/2004 17:12][--a------] C:\winpage.sys
[29/12/2004 17:12][--a------] C:\z0ejaw3o.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Lecteur F ] ----------------

F: - Lecteur fixe

+- Listing des fichiers présents :

[09/01/2008 17:34][---hs----] F:\RavMonE.exe
[11/01/2008 18:56][--ahs----] F:\AUTORUN.INF
[28/12/2005 10:24][--a------] F:\Call of Duty 2 serial.txt

--------------- [ Lecteur G ] ----------------

G: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
pdfSaver3="C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
AGRSMMSG=AGRSMMSG.exe
ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
EPM-DM=c:\acer\epm\epm-dm.exe
ePowerManagement=C:\Acer\ePM\ePM.exe boot
eRecoveryService=C:\Windows\System32\Check.exe
HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
LManager=C:\Program Files\Launch Manager\QtZgAcer.EXE
LaunchApp=Alaunch
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
Raccourci vers la page des propriétés de High Definition Audio=HDAudPropShortcut.exe
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
{0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Program Files\Google\Gmail Notifier\gnotify.exe
NotebookHardwareControl="C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
IntelZeroConfig="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
High Definition Audio Property Page Shortcut=HDAShCut.exe
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
SoundMan=SOUNDMAN.EXE
AlcWzrd=ALCWZRD.EXE
Alcmtr=ALCMTR.EXE
MMReminderService=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
Microsoft appswitch=C:\WINDOWS\system32\jwt32.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17643bbe-77f2-11dd-b225-00c09fa0d9df}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f85f892-3ee5-11dd-b1c8-00c09fa0d9df}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f85f892-3ee5-11dd-b1c8-00c09fa0d9df}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f85f892-3ee5-11dd-b1c8-00c09fa0d9df}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b428a2b8-ed4b-11dd-b35d-00c09fa0d9df}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b428a2b8-ed4b-11dd-b35d-00c09fa0d9df}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b428a2b8-ed4b-11dd-b35d-00c09fa0d9df}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb8d0020-83ce-11dd-b248-00c09fa0d9df}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [31/07/2004 18:50][--a------] C:\WINDOWS\system32\dumphive.exe
Supprimé ! - [02/07/2008 13:33][--a------] C:\WINDOWS\system32\IEDFix.C.exe
Supprimé ! - [27/04/2006 17:49][--a------] C:\WINDOWS\system32\SrchSTS.exe
Supprimé ! - [29/05/2008 09:35][--a------] C:\WINDOWS\system32\VACFix.exe
Supprimé ! - [06/09/2007 00:22][--a------] C:\WINDOWS\system32\VCCLSID.exe
Supprimé ! - [04/10/2007 00:36][--a------] C:\WINDOWS\system32\WS2Fix.exe
Supprimé ! - [07/11/2007 08:03][--a------] C:\install.exe
Supprimé ! - [09/01/2008 17:34][---hs----] F:\msvcr71.dll
Supprimé ! - [11/01/2008 18:56][--ahs----] F:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[29/12/2004 17:12][--a------] C:\AUTOEXEC.BAT
[05/08/2004 05:00][-rahs----] C:\NTDETECT.COM
[31/10/2006 18:34][--ahs----] C:\BOOT.INI
[31/10/2006 18:34][--ahs----] C:\desktop.ini
[31/10/2006 18:34][--ahs----] C:\globdata.ini
[31/10/2006 18:34][--ahs----] C:\install.ini
[09/01/2008 17:34][---hs----] F:\RavMonE.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
G:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 22 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu as aussi F:\RavMonE.exe.

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
F:\RavMonE.exe

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 23 / 46
clementtt Messages postés 44 Statut Membre
 
Voila voila :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
F:\RavMonE.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\clement\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\clement\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_021056

Files moved on Reboot...
C:\DOCUME~1\clement\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\DOCUME~1\clement\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
0
Réponse 24 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

---> Dans Antivir, choisis Outils puis Configuration.

---> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

---> Fais un scan complet et poste le rapport.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 46
clementtt Messages postés 44 Statut Membre
 
C'est parti. Ca risque d'être un peu long. Je post des que c'est fini.
a tt a l'heure
0
Réponse 26 / 46
clementtt Messages postés 44 Statut Membre
 
MAJ : j en suis a 4,7% apres 22 mn donc je crois que les resulats ne seront disponible que demain...
Je laisse tourner mon pc cette nuit donc pour l'instant ce sera avnt le post un grand grand merci et une tres bonne nuit à toi!
A demain,

Clément
0
Réponse 27 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Bonne nuit ;)
0
Réponse 28 / 46
clementtt Messages postés 44 Statut Membre
 
Salut Destrio5,
Si t es encore debout voici le rappoet antivir de tous mes disques... Ya surement une bonne partie de mon activité au sens large la dedans! C'est pas tres rassurant mais tant pis :

Avira AntiVir Personal
Report file date: dimanche 1 mars 2009 02:40

Scanning for 1271369 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name:

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:42
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:19:50
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:34:18
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 20/02/2009 11:44:24
ANTIVIR3.VDF : 7.1.2.96 190976 Bytes 28/02/2009 14:53:36
Engineversion : 8.2.0.98
AEVDF.DLL : 8.1.1.0 106868 Bytes 01/02/2009 16:47:56
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 27/02/2009 14:56:44
AESCN.DLL : 8.1.1.7 127347 Bytes 15/02/2009 19:34:22
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 15:43:58
AEPACK.DLL : 8.1.3.8 397684 Bytes 06/02/2009 12:35:36
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 14:55:54
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 26/02/2009 12:31:50
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 14:54:54
AEGEN.DLL : 8.1.1.22 336245 Bytes 26/02/2009 12:31:48
AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 19:37:24
AECORE.DLL : 8.1.6.6 176501 Bytes 19/02/2009 00:53:56
AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 19:37:22
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:52
AVREP.DLL : 8.0.0.2 98344 Bytes 09/08/2008 10:43:06
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 1 mars 2009 02:40

Starting search for hidden objects.
'67501' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'NDASSVC.EXE' - '1' Module(s) have been scanned
Scan process 'raysat_3dsmax8server.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'MSCORSVW.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'pdfSaver3.exe' - '1' Module(s) have been scanned
Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'MmReminderService.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'DAEMON.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'NHC.EXE' - '1' Module(s) have been scanned
Scan process 'GNOTIFY.EXE' - '1' Module(s) have been scanned
Scan process 'ACROTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
Scan process 'HPZTSB04.EXE' - '1' Module(s) have been scanned
Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SCARDSVR.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
67 processes with 67 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '55' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\03012009_021056\RavMonE.exe
[DETECTION] Contains detection pattern of the worm WORM/Rjump.B.14
[NOTE] The file was moved to '4a1ff2a3.qua'!
Begin scan in 'D:\' <ACERDATA>
D:\divers\Cradle.Software.CradleAlarm.v4.0.XScale.WM5.WM6.Incl.Keygen-SyMPDA\Cradle.Software.CradleAlarm.v4.0.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-2801.rar
[0] Archive type: RAR
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Renaz.143261
[NOTE] The file was moved to '4a16f4c1.qua'!
D:\divers\Cradle.Software.CradleAlarm.v4.0.XScale.WM5.WM6.Incl.Keygen-SyMPDA\Cradle.Software.CradleAlarm.v4.0.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-2801\Keygen.exe
[DETECTION] Is the Trojan horse TR/Renaz.143261
[NOTE] The file was moved to '4a22f4ad.qua'!
D:\divers\UVLayout\Crack\XF-UVLayout2-KG.exe
[DETECTION] Is the Trojan horse TR/Agent.34789.A
[NOTE] The file was moved to '49d6f4bc.qua'!
Begin scan in 'F:\' <media>
F:\bordel\proshow\ProShow.Producer.3.2.2047\ps3.2xx\Blacklistremovers\proshow.producer.3.x.x.x.blacklist.remover.exe
[DETECTION] Is the Trojan horse TR/Virtl.14960
[NOTE] The file was moved to '4a18f702.qua'!
F:\ds\20070731_imgview07\20070731_imgview07\misc\öjæ¦IPKâtâ@âCâïÅCò£âcü[âï.exe
[DETECTION] Is the Trojan horse TR/Dldr.TAI
[NOTE] The file was moved to '4a8ff864.qua'!
F:\emule 21 janvier\Bionatics - Easynat 300 Plant.rar
[0] Archive type: RAR
--> setup.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '4a18f93c.qua'!
F:\emule 21 janvier\CoolCamera 1.14.zip
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.ahn
[NOTE] The file was moved to '4a18f946.qua'!
F:\emule 21 janvier\Internet_Model_Optimizer_1.5.zip
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.aei
[NOTE] The file was moved to '4a1df945.qua'!
F:\emule 21 janvier\MatchWare Mediator Pro 9.0.121.0.zip
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.aic
[NOTE] The file was moved to '4a1df938.qua'!
F:\emule 21 janvier\Vray for Rhino 4 [+Crack Ok] updated-fixed 04-2008.rar
[0] Archive type: RAR
--> setup.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[NOTE] The file was moved to '4a0af996.qua'!
F:\emule 21 janvier\power nurbs\POWER_NURBS_PRO_AND_POWER_TRANSLATORS_PRO_V5.00_FOR_3DS_MAX_2009_64BIT-XFORCE.zip
[0] Archive type: ZIP
--> POWER_NURBS_PRO_AND_POWER_TRANSLATORS_PRO_V5.00_FOR_3DS_MAX_2009_64BIT-XFORCE/xfpn5mb1.zip
[1] Archive type: ZIP
--> xf-pn5200964.rar
[2] Archive type: RAR
--> Crack\XF-DCPFLICS15-KG.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.20509.A
[NOTE] The file was moved to '4a00f9a8.qua'!
F:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP968\A0200257.exe
[DETECTION] Contains detection pattern of the worm WORM/Rjump.B.14
[NOTE] The file was moved to '49dbfa64.qua'!
F:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP968\A0200291.exe
[DETECTION] Is the Trojan horse TR/Virtl.14960
[NOTE] The file was moved to '4850a285.qua'!
F:\System Volume Information\_restore{88E87CDA-AB8A-4111-AB0E-D0E9FAA2A29D}\RP968\A0200292.exe
[DETECTION] Is the Trojan horse TR/Dldr.TAI
[NOTE] The file was moved to '49dbfa66.qua'!
Begin scan in 'G:\'
G:\Power NURBS Pro and Power Translators Pro v2.82 for 3ds max9_Wave.Gm.08-27-2007.rar
[0] Archive type: RAR
--> Power NURBS Pro and Power Translators Pro v2.82 for 3ds max9_Wave.Gm\crack\DCPFLICS_Keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.20529
[NOTE] The file was moved to '4a20fad9.qua'!
G:\System Volume Information\_restore{84227FF9-8536-4C6C-99B0-6E1B2DFD5E51}\RP0\A0010233.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202.23
G:\System Volume Information\_restore{84227FF9-8536-4C6C-99B0-6E1B2DFD5E51}\RP0\A0010233.exe
[0] Archive type: CAB SFX (self extracting)
--> data\divx5\0\DivXPro502GAINBundle.exe
[DETECTION] Contains detection pattern of the dropper DR/Gator.3202.14
[NOTE] The file was moved to '49d9fc43.qua'!
G:\a graver 3\sauvegarde emule\virtools\[达索VIRTOOLS.V4.0].DASSAULT.SYSTEMES.VIRTOOLS.V4.0-EDGEISO\CRACK\keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.268800.C
[NOTE] The file was moved to '4a230199.qua'!
G:\a graver 3\sauvegarde emule\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com\Adobe Photoshop CS2 (9.0) Fr\crack\Keygen Photoshop CS2 Fr.exe
[DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl
[NOTE] The file was moved to '4a23019c.qua'!
G:\a graver 3\sauvegarde emule\office vista\Office 2007 Pro. FR {final v12 + serial - Windows 2003, XP & Vista}.rar
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\G:\a graver 3\sauvegarde emule\office vista\Office 2007 Pro. FR {final v12 + serial - Windows 2003, XP & Vista}.rar
Error description:ACCESS_VIOLATION
EAX = 062F3EE8 EBX = 0247CAA8
ECX = 062F3EC4 EDX = 00000331
ESI = 05E09C50 EDI = 0247caa4
EIP = 01431523 EBP = 0620007C
ESP = 019BED8C Flg = 00010287
CS = 00000023 SS = 0000001B
G:\Pixologic Zbrush 3.1 Incl Keygen\keygen\XF-ZBrush3-KG.exe
[DETECTION] Is the Trojan horse TR/Agent.67089.A
[NOTE] The file was moved to '49d70238.qua'!

End of the scan: dimanche 1 mars 2009 04:35
Used time: 1:55:29 min

The scan has been done completely.

18538 Scanning directories
950290 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
20 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
950269 Files not concerned
14814 Archives were scanned
4 Warnings
20 Notes
67501 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 29 / 46
clementtt Messages postés 44 Statut Membre
 
Salut Destrio5,
Si tu es debout, je viens suite à une manip incertaine de t envoyer un mail perso,
Je te remercie,

clément
0
Réponse 30 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Refais un scan RSIT et poste le rapport log.
0
Réponse 31 / 46
clementtt Messages postés 44 Statut Membre
 
ok
0
Réponse 32 / 46
clementtt Messages postés 44 Statut Membre
 
Rapport RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by clement at 2009-03-01 05:06:23
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 9 GB (20%) free of 46 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:06:24, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\clement\Bureau\RSIT.exe
C:\Program Files\trend micro\clement.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [Microsoft appswitch] C:\WINDOWS\system32\jwt32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.127.95.253:4001/activex/AMC.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O24 - Desktop Component 1: Google - http://www.google.fr/
0
Réponse 33 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ton PC va comment ?

---> Télécharge JavaRa.zip (de Paul 'Prm753' McLain et Fred de Vries) sur ton Bureau.
* Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.
0
Réponse 34 / 46
clementtt Messages postés 44 Statut Membre
 
Ba depuis ton intervention, mon pc marche au poil, sans soucis, ya plus de pub, ni intervention d'antivir pour un trojan.
Perso cela me va royal!
Dis moi ce que tu en pense mais je crois que c est un post resolu! non?
0
Réponse 35 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Fais JavaRa et je te donnerai une dernière procédure.
0
Réponse 36 / 46
clementtt Messages postés 44 Statut Membre
 
JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Mar 01 05:29:09 2009

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Mar 01 05:34:06 2009

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

------------------------------------

Finished reporting.
0
Réponse 37 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
1/

---> Désinstalle HijackThis et supprime JavaRa.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

---> Télécharge et installe CCleaner Slim.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

Sois plus vigilant(e) sur Internet ;)
0
Réponse 38 / 46
clementtt
 
je pense avoir suivi les 3 etapes voici en plus mon rapport :

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\UsbFix.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: trouvé !
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\clement\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\clement\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\clement\Bureau\Rsit.exe: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\UsbFix.txt: supprimé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\clement\Bureau\UsbFix.txt: supprimé !
C:\Documents and Settings\clement\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\clement\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\UsbFix: supprimé !
0
Réponse 39 / 46
clementtt Messages postés 44 Statut Membre
 
Dans le doute de mon message precedent :

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\UsbFix.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: trouvé !
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\clement\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\clement\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\clement\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\clement\Bureau\Rsit.exe: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\UsbFix.txt: supprimé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\clement\Bureau\UsbFix.txt: supprimé !
C:\Documents and Settings\clement\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\clement\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\clement\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\clement\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\UsbFix: supprimé !
0
Réponse 40 / 46
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu peux supprimer ToolsCleaner et passer à la suite.
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses