Avast Win32 non valide - mais aucun rapport d

Question

Bonjour,

J'ai besoin d'aide.
En téléchargant quelque chose sur emule, et en le lançant, avast a commencé a se désactiver. 
et maintenant je n'arrive plus a lancer avast, il y a un message d'erreur me disant que avast est non valide ou je ne sais pas. 
mon ordinateur est devenu très lent. 

J'ai télécharger un logiciel espagnole , mais je n'ai pas eu de rapport d'erreur je comprend pas.

merci d'avance pour ceux qui pourraient m'aider. 
cordialement

jlpjlp · Accepted Answer

slt,



Telecharge FindyKill sur ton bureau : 

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

bachiri78 · Answer

j'ai fait ce que vous m'avez dit , ca a recherché ya eu plein de "acces refusé" puis apres ça c'est fermé et rien ne s'est ouvert ...
je vous remercie pour votre aide.

mon ordi commence vraiment a ramer et s'est meme eteint 3 fois tout seul.
vous n'avez pas une solution svppp

jlpjlp · Answer

vire tes cracks

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

_____________________


scan avec 
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 
________________________



 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr














rq: pour avast il est foutu! il faudra par la suite le virer puis le remettre

bachiri78 · Answer

avec combofix: ComboFix 09-03-04.01 - Ismaïl 2009-03-06 16:01:29.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1013.398 [GMT 1:00] Lancé depuis: c:\users\Ismaïl\Desktop\antibagle.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . C:\InfoSat.txt C:\Muestras c:\muestras\WINUPGRO.EXE.Muestra EliBagle v12.30 c:\program files\PCHealthCenter c:\program files\PCHealthCenter\[u]0/u.gif c:\program files\PCHealthCenter\1.gif c:\program files\PCHealthCenter\1.ico c:\program files\PCHealthCenter\2.gif c:\program files\PCHealthCenter\2.ico c:\program files\PCHealthCenter\3.gif c:\program files\PCHealthCenter\5.exe c:\program files\PCHealthCenter\sc.html c:\users\Ismaïl\AppData\Local\fivmnuz.dat c:\users\Ismaïl\AppData\Local\fivmnuz_nav.dat c:\users\Ismaïl\AppData\Local\fivmnuz_navps.dat c:\users\Ismaïl\AppData\Roaming\Adobe\crc.dat c:\users\Ismaïl\AppData\Roaming\drivers\downld c:\users\Ismaïl\AppData\Roaming\drivers\downld\171507.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\172537.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\172552.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\185469.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\189931.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\190586.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\193909.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\201615.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\202114.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\212005.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\213487.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\218495.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\256902.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2687242.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2688458.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2688474.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2698146.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2698910.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2699222.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2712982.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2714760.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2715181.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2801699.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2802292.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2802308.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2837923.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2838921.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2841246.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2841870.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2841885.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2851308.exe.VIR c:\users\Ismaïl\AppData\Roaming\drivers\downld\2859732.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2860964.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2861807.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2913193.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2915315.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2916672.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2916750.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2929605.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2929620.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2939854.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2940447.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2940837.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2941461.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2943239.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2944206.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2944628.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2947607.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2948730.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2952334.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2954128.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2954159.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2955345.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2957326.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2957934.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\2981303.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3052206.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3053547.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3054452.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3054920.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3055201.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3055217.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3085746.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3087072.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3087088.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3089162.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3090442.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3090457.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3095543.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3101221.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3102516.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3102984.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3103686.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3126650.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3127554.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3131345.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3147897.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3149348.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3149706.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3151469.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3151672.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\3151688.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\335760.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\336338.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\336353.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\369535.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\370205.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\370221.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\372358.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\373060.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\373076.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\379098.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\385556.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\388130.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\389674.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\393075.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\394339.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\395618.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\424447.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\426116.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\426771.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\445367.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\446615.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\446958.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\448643.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\449719.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\449766.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\535738.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\539155.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\539966.exe c:\users\Ismaïl\AppData\Roaming\drivers\downld\540044.exe c:\users\Ismaïl\AppData\Roaming\drivers\srosa2.sys c:\users\Ismaïl\AppData\Roaming\drivers\winupgro.exe c:\users\Ismaïl\AppData\Roaming\m c:\users\Ismaïl\AppData\Roaming\m\data.oct c:\users\Ismaïl\AppData\Roaming\m\flec006.exe c:\users\Ismaïl\AppData\Roaming\m\list.oct c:\users\Ismaïl\AppData\Roaming\m\shared\Access Administrator Pro 4.82.czip c:\users\Ismaïl\AppData\Roaming\m\shared\Access Administrator Pro 4.82.zip c:\users\Ismaïl\AppData\Roaming\m\shared\AddressGrabber Standard 5.0 Key+Serial.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Advanced Disk Catalog 1.51.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Advanced Task Scheduler 1.5 build 0439.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Amazing dialer 1.80.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Atomic Time Zone - Server Edition 5.1.1.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Brooke Burke Sex-E Screensaver 3.zip c:\users\Ismaïl\AppData\Roaming\m\shared\CC PDF Converter 0.7.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Comment Client for WordPress 3.48.88.289.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Custom Geometry 1.3.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\DBF Manager 1.44 build 25 Serial.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Dependency Auditor 4.3.4.zip c:\users\Ismaïl\AppData\Roaming\m\shared\dirtyBeta Widget 1.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\DiskEncryptor 1.3.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Easter 3D Screensaver 1.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Error Fix 3.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\GetAnonymous 2.0 Pro.zip c:\users\Ismaïl\AppData\Roaming\m\shared\ImTOO MPEG to DVD Converter 3.0.39.1114.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Learn Visual Basic 2005 1.zip c:\users\Ismaïl\AppData\Roaming\m\shared\LingvoSoft Dictionary 2007 English - Hungarian 4.0.22 Crack.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Mouse Explorer 2005.zip c:\users\Ismaïl\AppData\Roaming\m\shared\NOD32.v2.51.26.FR.avec.Crack.zip c:\users\Ismaïl\AppData\Roaming\m\shared\OSS 3D for iTunes 1.1.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Panel Puzzle 1.10.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Picgl 1.95.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Pop-up Excel Calendar 1.3.3.zip c:\users\Ismaïl\AppData\Roaming\m\shared\ProfPDF Information Manager 1.1.zip c:\users\Ismaïl\AppData\Roaming\m\shared\RepairCost Estimator for Excel 4.01 (Crack).zip c:\users\Ismaïl\AppData\Roaming\m\shared\SBS Training Database 2.27.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Serial Receptor 1.4.2 (With Crack).zip c:\users\Ismaïl\AppData\Roaming\m\shared\SmartDirCopy 4.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Software Submission EXTREME 1.0 Serial.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Spell Helper 3.0 (Key).zip c:\users\Ismaïl\AppData\Roaming\m\shared\StarWind Windows iSCSI Target 3.5.3 Build 20080225.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Super Worms 1.62.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Textatize 1.0.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Type Booster 1.3 [Serial].zip c:\users\Ismaïl\AppData\Roaming\m\shared\Tyra 1.0.zip c:\users\Ismaïl\AppData\Roaming\m\shared\UK Threat Level 0.16.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Ultimate Racer 3.0 3.0.24.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Update Notifier 0.1.5.3.zip c:\users\Ismaïl\AppData\Roaming\m\shared\VSEPRplex 1.1.7.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Windows XP PowerPacker 1.0 RC9 Final.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Word Dance 1.zip c:\users\Ismaïl\AppData\Roaming\m\shared\Yahoo! Messenger Turkce Yama 9.0.zip c:\users\Ismaïl\AppData\Roaming\m\srvlist.oct c:\users\ISMAL~1\AppData\Roaming\drivers\wfsintwq.sys c:\windows\edpk.exe c:\windows\edrp.exe c:\windows\edwk.exe c:\windows\epfa.exe c:\windows\esab.exe c:\windows\hosts c:\windows\mgxfebsq.dll c:\windows\system32\1.ico c:\windows\system32\2.ico c:\windows\system32\atqqugsw.ini c:\windows\system32\ban_list.txt c:\windows\system32\bvplfrdu.ini c:\windows\system32\casino1.ico c:\windows\system32\casino2.ico c:\windows\system32\casino3.ico c:\windows\system32\Dvbpws.dll c:\windows\system32\fvpineam.ini c:\windows\system32\hQsrqtwa.ini c:\windows\System32\hQsrqtwa.ini2 c:\windows\system32\iffcbdjj.ini c:\windows\system32\jpjmwoic.ini c:\windows\system32\mdelk.exe c:\windows\System32\mopWGfhk.ini c:\windows\system32\mopWGfhk.ini2 c:\windows\System32\pAbacccf.ini c:\windows\system32\pAbacccf.ini2 c:\windows\system32\rmkkxtmf.ini c:\windows\system32\rqWwHRqr.ini c:\windows\System32\rqWwHRqr.ini2 c:\windows\system32\tdssinit.dll c:\windows\system32\tdsspopup.dll c:\windows\system32\tdsspopup1.url c:\windows\system32\tdsspopup2.url c:\windows\system32\tdsspopup3.url c:\windows\system32\tdssservers.dat c:\windows\system32\wintems.exe c:\windows\vmgspntbrnb.dll c:\windows\vmgspntbtng.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SK9OU0S -------\Legacy_SROSA -------\Service_sK9Ou0s -------\Service_srosa ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-06 au 2009-03-06 )))))))))))))))))))))))))))))))))))) . 2009-03-06 03:12 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2009-03-06 01:56 . 2009-03-06 01:56 dr------- c:\windows\System32\config\systemprofile\Pictures 2009-03-06 01:56 . 2009-03-06 01:56 dr------- c:\windows\System32\config\systemprofile\Documents 2009-03-06 01:53 . 2009-03-06 01:53 244 --ah----- C:\sqmnoopt08.sqm 2009-03-06 01:53 . 2009-03-06 01:53 232 --ah----- C:\sqmdata08.sqm 2009-03-05 23:30 . 2009-03-06 00:38 d-------- c:\program files\FindyKill 2009-03-05 21:04 . 2009-03-05 21:04 d-------- c:\users\Ismaïl\AppData\Roaming\STOPzilla! 2009-03-05 21:03 . 2009-03-05 21:03 d-------- c:\program files\STOPzilla! 2009-03-05 21:03 . 2009-03-06 16:17 d-------- c:\program files\Common Files\STOPzilla! 2009-03-05 20:52 . 2009-03-06 15:47 d--h----- c:\users\Ismaïl\AppData\Roaming\drivers 2009-03-05 19:20 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2009-03-05 19:20 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2009-03-05 19:20 . 2008-03-08 05:21 1,695,744 --a------ c:\windows\System32\gameux.dll 2009-03-05 19:20 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll 2009-03-05 19:20 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2009-03-05 19:19 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2009-03-05 19:19 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2009-03-05 19:19 . 2008-08-02 02:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys 2009-03-05 19:19 . 2008-06-26 04:29 565,248 --a------ c:\windows\System32\emdmgmt.dll 2009-03-05 19:19 . 2008-05-20 03:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys 2009-03-05 19:19 . 2008-06-26 04:29 45,056 --a------ c:\windows\System32\dataclen.dll 2009-03-05 19:19 . 2008-08-02 04:26 36,864 --a------ c:\windows\System32\cdd.dll 2009-03-05 19:18 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2009-03-05 19:16 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-03-05 19:16 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-03-05 19:16 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-03-01 15:45 . 2009-03-01 15:45 d-------- c:\users\All Users\Messenger Plus! 2009-03-01 15:45 . 2009-03-01 15:45 d-------- c:\progra~2\Messenger Plus! 2009-03-01 14:48 . 2009-03-01 14:48 d-------- c:\program files\Messenger Plus! Live 2009-02-28 01:52 . 2009-02-28 01:56 d-------- c:\program files\Windows Live 2009-02-28 01:48 . 2009-02-28 01:48 d-------- c:\program files\MSN Toolbar 2009-02-27 23:29 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2009-02-27 23:29 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2009-02-27 23:29 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2009-02-27 23:29 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2009-02-27 23:29 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2009-02-27 23:27 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2009-02-27 23:27 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2009-02-27 23:27 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2009-02-27 23:27 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2009-02-27 23:26 . 2009-02-28 01:45 d-------- c:\program files\Windows Live Toolbar 2009-02-23 17:55 . 2009-02-23 17:57 d-------- c:\program files\Veoh Networks 2009-02-16 01:59 . 2009-02-27 21:43 d-------- c:\program files\Joyland Casino 2009-02-16 01:48 . 2009-02-16 01:49 d-------- C:\Casino Riva . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 15:19 6,815,744 --sha-w c:\users\Ismaïl\ntuser.dat 2009-03-06 15:19 6,815,744 --sha-w c:\users\Ismaïl\ntuser.dat 2009-03-06 14:47 --------- d--h--w c:\users\Ismaïl\AppData\Roaming\drivers 2009-03-06 14:47 --------- d-----w c:\users\Ismaïl\AppData\Roaming\Adobe 2009-03-06 03:12 --------- d-----w c:\progra~2\Microsoft Help 2009-03-06 03:05 --------- d-s---w c:\users\Ismaïl\AppData\Roaming\Microsoft 2009-03-05 20:04 --------- d-----w c:\users\Ismaïl\AppData\Roaming\STOPzilla! 2009-03-05 16:59 --------- d-----w c:\program files\Avanquest update 2009-03-04 17:28 --------- d-----w c:\program files\TVAnts 2009-02-28 00:57 --------- d-----w c:\program files\MSN Messenger 2009-02-28 00:52 --------- d-----w c:\progra~2\WLInstaller 2009-02-27 23:48 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2009-02-27 20:50 --------- d-----w c:\program files\StuffPlug3 2009-02-27 20:37 --------- d-----w c:\progra~2\STOPzilla! 2009-02-27 17:40 --------- d-----w c:\progra~2\Ulead Systems 2009-02-27 17:16 --------- d-----w c:\progra~2\SITEguard 2009-02-25 22:24 --------- d-----w c:\program files\Windows Live Safety Center 2009-02-23 17:36 --------- d-----w c:\program files\DivX 2009-02-04 12:00 --------- d-----w c:\users\Ismaïl\AppData\Roaming\uTorrent 2009-02-03 23:36 --------- d-----w c:\users\Ismaïl\AppData\Roaming\FileZilla 2009-01-15 00:05 --------- d-----w c:\program files\HyCam2 2008-08-18 13:22 174 --sha-w c:\program files\desktop.ini 2007-10-30 09:43 18,164,640 ----a-w c:\users\Ismaïl\aaw2007.exe 2007-10-30 09:43 18,164,640 ----a-w c:\users\Ismaïl\aaw2007.exe 2007-10-23 17:39 17,012,488 ----a-w c:\users\Ismaïl\avast_avast_4.7.1043_francais_anglais_11113.exe 2007-10-23 17:39 17,012,488 ----a-w c:\users\Ismaïl\avast_avast_4.7.1043_francais_anglais_11113.exe 2007-09-12 15:11 92,889,307 ----a-w c:\users\Ismaïl\Acer OrbiCam (Logitech).zip 2007-09-12 15:11 92,889,307 ----a-w c:\users\Ismaïl\Acer OrbiCam (Logitech).zip 2009-01-06 23:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-06 23:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-06 23:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-06 23:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-06 23:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-01-10 20:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-10 20:15 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-10 20:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{52836EB0-631A-47B1-94A6-61F9D9112DAE}"= "c:\program files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll" [2009-02-03 404216] [HKEY_CLASSES_ROOT\clsid\{52836eb0-631a-47b1-94a6-61f9d9112dae}] [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendation.1] [HKEY_CLASSES_ROOT\TypeLib\{8A12A664-9694-4C5A-BB6E-269507393176}] [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendations] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-28 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664] "STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2005-06-03 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 618557] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalUserRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\STOPzilla] 2005-06-03 22:20 24576 c:\windows\System32\IS3WLHandler.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\rqRHwWqr [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-223507956-874800629-4062505872-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E0E08C24-18C7-4055-8C15-87F8CD6D4794}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{874CBB6B-8F7C-4D69-AC7B-EC6064F1BB6E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{EC81C063-6E53-4231-BB9C-647517999976}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{540A0FA4-8CA2-410F-9BEE-B66F8B678120}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{E9FC16FF-638B-440E-A4B3-3BFBB18AF387}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{69985774-1490-4A9C-BE01-8D49DA06CAA8}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{2D1EDF04-8B6D-4B43-B35D-EB776552041F}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{55085F16-4C38-4F8D-AABE-965F98D508EB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{34C837E0-7A02-43CE-BDE1-A0A41432078B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CCA36443-11EE-498A-BA25-E228F901D84F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{03BBE883-0458-4186-B156-9824AC840363}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B5D2585D-B27D-4C24-A196-5C7B6D99BC63}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{C625758C-159B-4FB0-A026-723C44DAD491}c:\program files\sopcast\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{C07C07CA-4583-458C-B6D5-80ED22439440}c:\program files\sopcast\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{B1737D7A-2A61-4BF8-BE0A-8602D8BD0B61}c:\users\ismaïl\appdata\roaming\sopcast\adv\sopadver.exe"= UDP:c:\users\ismaïl\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe "UDP Query User{E67CA718-3CDC-429C-BBC6-E2ACA0B226D9}c:\users\ismaïl\appdata\roaming\sopcast\adv\sopadver.exe"= TCP:c:\users\ismaïl\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe "TCP Query User{2E130F72-CB13-4E9B-8FBF-316236E93D46}c:\program files\veoh networks\veoh\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{900310A6-1CB0-4EE1-A5CA-D9664362F72F}c:\program files\veoh networks\veoh\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{B23D7F1B-5710-4BD2-8312-4136FD12D5EA}c:\program files\tvants\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts "UDP Query User{D3BE359D-37E5-492A-B9DE-D789DD32CBAC}c:\program files\tvants\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts "TCP Query User{E3A0DC86-6C6F-46AF-B000-150D930C835A}c:\program files\sopcast\adv\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{478F5A2F-CA1A-453F-AABF-31316684D8FC}c:\program files\sopcast\adv\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{D40DBC3D-FC39-4E6D-B2B7-6AA229F574D3}c:\program files\tvuplayer\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{B95592AA-F015-4837-AA54-3CC314E68D47}c:\program files\tvuplayer\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{91687FDC-AACD-4157-AD2B-B0C236F53D81}c:\program files\dmv\maxtv\maxtv.exe"= UDP:c:\program files\dmv\maxtv\maxtv.exe:MaxTV "UDP Query User{67339F86-F526-49E9-8775-15A18D738FE0}c:\program files\dmv\maxtv\maxtv.exe"= TCP:c:\program files\dmv\maxtv\maxtv.exe:MaxTV "TCP Query User{563A50EA-8B47-433F-BC96-F0DD8DD316CB}c:\program files\winfast\wfdtv\dvbtap.exe"= UDP:c:\program files\winfast\wfdtv\dvbtap.exe:WinFast DTV Application "UDP Query User{264445AB-E4A5-4A99-B2FD-4CE5BD05202B}c:\program files\winfast\wfdtv\dvbtap.exe"= TCP:c:\program files\winfast\wfdtv\dvbtap.exe:WinFast DTV Application "{EF58FEA6-863D-4130-ADCC-17F0B638BE5C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{12B81337-24BE-4C73-B705-7165D7C93423}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{A39D2BF6-3FF8-4749-9AF2-13D546D13161}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{3202B15C-E4A4-4DFE-8855-A0A490E6805F}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{DEDDC027-E479-41B5-BC24-34BCAB185EA7}c:\program files\f-irc\f-irc.exe"= UDP:c:\program files\f-irc\f-irc.exe:Client IRC "UDP Query User{A5C5EF2A-A266-4FF6-932E-A4F017655369}c:\program files\f-irc\f-irc.exe"= TCP:c:\program files\f-irc\f-irc.exe:Client IRC "TCP Query User{51F67CBB-14BB-405D-8C6A-C783EDFF2163}c:\program files\edonkey2000\edonkey2000.exe"= UDP:c:\program files\edonkey2000\edonkey2000.exe:edonkey2000 "UDP Query User{7A15AE76-8E4B-442B-8C81-088BB38842D0}c:\program files\edonkey2000\edonkey2000.exe"= TCP:c:\program files\edonkey2000\edonkey2000.exe:edonkey2000 "TCP Query User{BBAFEF2F-6524-41D4-A331-8C191C06BC1D}c:\program files\sony ericsson\update service\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{BB2AE264-C75E-4FC4-9EFD-7FFA5E7580B3}c:\program files\sony ericsson\update service\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{8E06FDDE-5808-4B25-BBF7-4AE7324A1C3F}c:\program files\maïdo production\izispot 4\izispot.exe"= UDP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot "UDP Query User{602EBA4E-724B-414F-8081-2E0FC1913A33}c:\program files\maïdo production\izispot 4\izispot.exe"= TCP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot "TCP Query User{37AD186E-5CA4-4BB3-870A-08415AF62738}c:\program files\uusee\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer "UDP Query User{7C86DAFF-68A9-4C94-B901-288D6354DF1B}c:\program files\uusee\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer "{BF45F317-BC04-47CC-922E-86BE03BC9F9C}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{BE4F11F0-BF0D-4EC7-B09C-8808A79AA1F9}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{0749FDC1-D4EF-4B27-B847-E43E90DB91B8}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{67A6782B-7E28-4765-ADC7-FE3651763497}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{C6C86BFC-6616-4196-A8F5-08B258763E57}c:\program files\shareaza\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "UDP Query User{427C51A3-CD32-45D6-BB92-3E2F3CB04C2D}c:\program files\shareaza\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "TCP Query User{B4E8E4E6-44B4-45CD-B29F-BA4BE16C8EF2}c:\program files\tmnationsforever\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{C1A8CD7E-D702-4B9F-ADC0-6F336910BCAC}c:\program files\tmnationsforever\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "{9FB395B5-CDA9-438C-A878-79660E0F72F7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{1098A857-E973-404D-811F-11B68AAB6FD0}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{8FC0EA03-DF38-44FD-AC78-0156D33C4EBC}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{CF1E8758-0D59-4774-A4E5-A9B585FAE5A0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{6222529F-F43E-47D1-999D-593F3869FAA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{B9EA2F68-AE98-4735-AAAD-8825745BBF5B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{5FDF7FE4-580F-4FD2-9DD1-34FD2442BED2}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{28D882F3-90EF-453A-890A-C9C5472EDB47}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{467CDD35-8867-4C9A-8077-1A77CECC740C}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{4A15578C-5420-41C9-B74D-1B9E12BE65C1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{06DCF6B7-4907-4FA3-A718-23EBC7713B2C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\Program Files\uusee\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\System32\drivers\fbxusb32.sys [2004-10-20 21344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f45373-a81a-11dd-a98f-b9b86a340232}] \shell\AutoRun\command - E:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cca2c6b-4e45-11dc-ad27-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cca2c7f-4e45-11dc-ad27-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8bf566-515a-11dc-a9f5-0016d4d0af92}] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d0e94a8-5250-11dd-8241-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d0e94a9-5250-11dd-8241-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d52cf3-4b7e-11dd-96d8-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c5948a0-e7a7-11dd-b78d-f26680466732}] \shell\AutoRun\command - E:\qwmvma.exe \shell\explore\Command - E:\qwmvma.exe \shell\open\Command - E:\qwmvma.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ea2181d-5022-11dd-b628-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ea2181e-5022-11dd-b628-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaba39a5-4b84-11dd-a485-806e6f6e6963}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d48998-4f20-11dd-ba16-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e337a5bd-e6fd-11dd-b0f5-b3c22ec57436}] \shell\AutoRun\command - E:\ensurb.exe \shell\explore\Command - E:\ensurb.exe \shell\open\Command - E:\ensurb.exe . - - - - ORPHELINS SUPPRIMES - - - - BHO-{9283AF87-7444-47E2-9EF6-79951422A6E8} - c:\windows\system32\rqRHwWqr.dll Toolbar-SITEguard - (no file) HKCU-Run-\YURAAEA.exe - c:\windows\system32\YURAAEA.exe HKCU-Run-\YURBCA6.exe - c:\windows\system32\YURBCA6.exe HKCU-Run-\YUR165D.exe - c:\windows\system32\YUR165D.exe HKCU-Run-\YUR9636.exe - c:\windows\system32\YUR9636.exe HKCU-Run-\YURC1C8.exe - c:\windows\system32\YURC1C8.exe HKCU-Run-\YURDB50.exe - c:\windows\system32\YURDB50.exe HKCU-Run-\YURDA57.exe - c:\windows\system32\YURDA57.exe HKCU-Run-\YUR143B.exe - c:\windows\system32\YUR143B.exe HKCU-Run-\YUR5EC2.exe - c:\windows\system32\YUR5EC2.exe HKCU-Run-\YURF2F9.exe - c:\windows\system32\YURF2F9.exe HKCU-Run-\YURD9BB.exe - c:\windows\system32\YURD9BB.exe HKCU-Run-\YUR50DD.exe - c:\windows\system32\YUR50DD.exe HKCU-Run-\YUR6D14.exe - c:\windows\system32\YUR6D14.exe HKCU-Run-\YUR43F2.exe - c:\windows\system32\YUR43F2.exe HKCU-Run-\YUR400B.exe - c:\windows\system32\YUR400B.exe HKCU-Run-\YUR47E8.exe - c:\windows\system32\YUR47E8.exe HKCU-Run-\YUR4FE3.exe - c:\windows\system32\YUR4FE3.exe HKCU-Run-\YURC947.exe - c:\windows\system32\YURC947.exe HKCU-Run-\YUR889F.exe - c:\windows\system32\YUR889F.exe HKLM-Run-\YURA030.exe - c:\windows\system32\YURA030.exe HKLM-Run-\YURA54F.exe - c:\windows\system32\YURA54F.exe HKLM-Run-\YURAAEA.exe - c:\windows\system32\YURAAEA.exe HKLM-Run-\YURBCA6.exe - c:\windows\system32\YURBCA6.exe HKLM-Run-\YUREF6C.exe - c:\windows\system32\YUREF6C.exe HKLM-Run-\YURF1AD.exe - c:\windows\system32\YURF1AD.exe HKLM-Run-\YURD078.exe - c:\windows\system32\YURD078.exe HKLM-Run-\YUR5BB9.exe - c:\windows\system32\YUR5BB9.exe HKLM-Run-\YUR5FFD.exe - c:\windows\system32\YUR5FFD.exe HKLM-Run-\YURDCED.exe - c:\windows\system32\YURDCED.exe HKLM-Run-\YUREC51.exe - c:\windows\system32\YUREC51.exe HKLM-Run-\YUR25C8.exe - c:\windows\system32\YUR25C8.exe HKLM-Run-\YUR6D90.exe - c:\windows\system32\YUR6D90.exe HKLM-Run-\YUR889F.exe - c:\windows\system32\YUR889F.exe HKLM-Run-\YUR1016.exe - c:\windows\system32\YUR1016.exe HKLM-Run-1afa8ec4 - c:\windows\system32\wsguqqta.dll HKLM-Run-ANTIVIRUS - c:\program files\MS Antivirus\MSA.exe SSODL-dtseqrxk-{8848E207-9CE9-42CD-A77D-1E186E71B141} - c:\windows\dtseqrxk.dll . ------- Examen supplémentaire ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: ebay.fr\signin Trusted Zone: localhost TCP: {266E4490-6631-4853-A120-76D34C790286} = 192.168.0.1 DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\users\ISMAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihjfob.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\users\Ismaïl\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihjfob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\users\Ismaïl\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihjfob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-06 16:19:11 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(1460) c:\program files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll c:\program files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Common Files\STOPzilla!\SZServer.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\Slave.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\UI0Detect.exe c:\windows\System32\conime.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe c:\antibagle\hidec.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe c:\antibagle\Catchme.tmp . ************************************************************************** . Heure de fin: 2009-03-06 16:26:36 - La machine a redémarré [Ismaïl] ComboFix-quarantined-files.txt 2009-03-06 15:25:11 Avant-CF: 69,549,518,848 octets libres Après-CF: 69,375,496,192 octets libres 582 --- E O F --- 2009-03-06 03:13:22

bachiri78 · Answer

avec malwerbytes : 

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1824
Windows 6.0.6001 Service Pack 1

06/03/2009 17:40:39
mbam-log-2009-03-06 (17-40-39).txt

Type de recherche: Examen rapide
Eléments examinés: 71770
Temps écoulé: 5 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.begb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bldx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.boft (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bqms (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MS Antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\awtqrsQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\asooobxn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcAtsPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcBQhHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\dfngmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

jlpjlp · Answer

ok


pour t'aider et aider les autres  fais ceci svp:


telecharge ce fichier : http://sd-1.archive-host.com/membres/up/116615172019703188/Fdc.zip

sur le bureau , dezippe le et double clic sur FDC.reg , et enfin accepte la fusion avec le registre 

_______________


Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK


______________

Telecharge 7 zip 

http://ovh.dl.sourceforge.net/sourceforge/sevenzip/7z465.exe


et enregistre le sur le bureau , ensuite double clic sur 7z465.exe et instal 7 zip. 

ensuite fais un clic droit sur ces fichiers : "le fichier voulu"   (donc avec les 3 fichiers)

E:\qwmvma.exe
E:\AutoRun.exe
E:\ensurb.exe 


choisi 7 z et add to archive (et dans le format change l'archive format 7z  et choisi ZIP) et remome l archive exemple en  chiki

ensuite fais moi parvenir cette archive par ce biais : http://www.cijoint.fr/ 
(envoiis le fichier sur ce lien qui te donnera un lien où l'archive est stockée: donne moi ce lien)

Ceci permettra aux créateurs d outils de faire leurs mises a jours .. blabla ;) 






une fois que tu m'auras donné ces 3 lien on poursuivra

merci

bachiri78 · Answer

rebonsoir,
merci beaucoup pour ton aide et ta patience

je n'ai pas compris la dernière etape,
j'ai téléchargé et installé 7 Zip , mais ensuite de quelles fichiers tu parles? J'ai cherché autorun.exe etc mais j'ai rien trouvé.

jlpjlp · Answer

ces fichiers mais pour cela il faut que tu branche ton disque E


E:\qwmvma.exe
E:\AutoRun.exe
E:\ensurb.exe




tu as bien affiché les dossier cachés?

bachiri78 · Answer

mon dique E:/ c'est la carte memoire de mon téléphone portable
je l'ai branché, le disque E etait donc afficher dans le poste de travail, maisss aucune trace de autorun et les autres

mes fichiers cachés sont bien affichés

je pense peut etre que c'est parce que j'ai lancé une recherche avec malwere et que j'ai suprimmer les fichiers infectés. parce que quand je recherche les nom des fichiers que tu me dit, je recois comme seul reponse un log.Txt dans lequel il y a marqué ce fichier. 

C cA?

jlpjlp · Answer

ok pas grave ________________ Télécharge RavAntivirus d'Evosla : http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Doucle-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain . # Retire tes disques amovibles et redémarrez votre ordinateur. # Poste le rapport, si infection! 2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe Double-clique sur l’icône. Les icônes vont disparaître. C’est normal. Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite Redémarre ensuite le PC. _________________ 3/ Pour fusionner: http://img.photobucket.com/albums/v666/sUBs/CFScript.gif _______________ telecharge combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Sauvegarde le sur ton bureau et pas ailleurs ! _________________ Ferme tous tes navigateurs (donc copie ou imprime les instructions avant) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : File:: E:\qwmvma.exe E:\ensurb.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c5948a0-e7a7-11dd-b78d-f26680466732}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e337a5bd-e6fd-11dd-b0f5-b3c22ec57436}] Enregistre ce fichier sous le nom CFscript Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer. Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. Une fois le scan achevé, un rapport va s'afficher: poste son contenu. Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt __________________ ________________________ colle le rapport d'un scan en ligne avec un des suivants: bitdefender en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html Panda en ligne : http://pandasoftware.fr Kaspersky en ligne https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

bachiri78 · Answer

ComboFix 09-03-04.01 - Ismaïl 2009-03-06 21:44:12.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1013.381 [GMT 1:00] Lancé depuis: c:\users\Ismaïl\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Ismaïl\Desktop\CFscript.txt * Un nouveau point de restauration a été créé FILE :: E:\ensurb.exe E:\qwmvma.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-06 au 2009-03-06 )))))))))))))))))))))))))))))))))))) . 2009-03-06 21:36 . 2009-03-06 21:35 410,984 --a------ c:\windows\System32\deploytk.dll 2009-03-06 19:55 . 2009-03-06 19:55 d-------- c:\program files\7-Zip 2009-03-06 16:38 . 2009-03-06 16:38 d-------- c:\users\Ismaïl\AppData\Roaming\Malwarebytes 2009-03-06 16:38 . 2009-03-06 16:38 d-------- c:\users\All Users\Malwarebytes 2009-03-06 16:38 . 2009-03-06 16:38 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-06 16:38 . 2009-03-06 16:38 d-------- c:\progra~2\Malwarebytes 2009-03-06 16:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-06 16:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-06 15:59 . 2009-03-06 16:26 d-------- C:\antibagle 2009-03-06 03:12 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32 zres.dll 2009-03-06 01:56 . 2009-03-06 01:56 dr------- c:\windows\System32\config\systemprofile\Pictures 2009-03-06 01:56 . 2009-03-06 01:56 dr------- c:\windows\System32\config\systemprofile\Documents 2009-03-06 01:53 . 2009-03-06 01:53 244 --ah----- C:\sqmnoopt08.sqm 2009-03-06 01:53 . 2009-03-06 01:53 232 --ah----- C:\sqmdata08.sqm 2009-03-05 23:30 . 2009-03-06 00:38 d-------- c:\program files\FindyKill 2009-03-05 21:04 . 2009-03-05 21:04 d-------- c:\users\Ismaïl\AppData\Roaming\STOPzilla! 2009-03-05 21:03 . 2009-03-05 21:03 d-------- c:\program files\STOPzilla! 2009-03-05 21:03 . 2009-03-06 21:54 d-------- c:\program files\Common Files\STOPzilla! 2009-03-05 20:52 . 2009-03-06 15:47 d--h----- c:\users\Ismaïl\AppData\Roaming\drivers 2009-03-05 19:20 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2009-03-05 19:20 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2009-03-05 19:20 . 2008-03-08 05:21 1,695,744 --a------ c:\windows\System32\gameux.dll 2009-03-05 19:20 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll 2009-03-05 19:20 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2009-03-05 19:19 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2009-03-05 19:19 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2009-03-05 19:19 . 2008-08-02 02:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys 2009-03-05 19:19 . 2008-06-26 04:29 565,248 --a------ c:\windows\System32\emdmgmt.dll 2009-03-05 19:19 . 2008-05-20 03:07 148,480 --a------ c:\windows\System32\drivers wifi.sys 2009-03-05 19:19 . 2008-06-26 04:29 45,056 --a------ c:\windows\System32\dataclen.dll 2009-03-05 19:19 . 2008-08-02 04:26 36,864 --a------ c:\windows\System32\cdd.dll 2009-03-05 19:18 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2009-03-05 19:16 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-03-05 19:16 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-03-05 19:16 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-03-01 15:45 . 2009-03-01 15:45 d-------- c:\users\All Users\Messenger Plus! 2009-03-01 15:45 . 2009-03-01 15:45 d-------- c:\progra~2\Messenger Plus! 2009-03-01 14:48 . 2009-03-01 14:48 d-------- c:\program files\Messenger Plus! Live 2009-02-28 01:52 . 2009-02-28 01:56 d-------- c:\program files\Windows Live 2009-02-28 01:48 . 2009-02-28 01:48 d-------- c:\program files\MSN Toolbar 2009-02-27 23:29 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2009-02-27 23:29 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2009-02-27 23:29 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2009-02-27 23:29 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2009-02-27 23:29 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2009-02-27 23:27 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2009-02-27 23:27 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2009-02-27 23:27 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2009-02-27 23:27 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2009-02-27 23:26 . 2009-02-28 01:45 d-------- c:\program files\Windows Live Toolbar 2009-02-23 17:55 . 2009-02-23 17:57 d-------- c:\program files\Veoh Networks 2009-02-16 01:59 . 2009-02-27 21:43 d-------- c:\program files\Joyland Casino 2009-02-16 01:48 . 2009-02-16 01:49 d-------- C:\Casino Riva . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 20:55 7,077,888 --sha-w c:\users\Ismaïl tuser.dat 2009-03-06 20:55 7,077,888 --sha-w c:\users\Ismaïl tuser.dat 2009-03-06 20:35 --------- d-----w c:\program files\Java 2009-03-06 16:40 --------- d-----w c:\program files\MSA 2009-03-06 15:38 --------- d-----w c:\users\Ismaïl\AppData\Roaming\Malwarebytes 2009-03-06 14:47 --------- d--h--w c:\users\Ismaïl\AppData\Roaming\drivers 2009-03-06 14:47 --------- d-----w c:\users\Ismaïl\AppData\Roaming\Adobe 2009-03-06 03:12 --------- d-----w c:\progra~2\Microsoft Help 2009-03-06 03:05 --------- d-s---w c:\users\Ismaïl\AppData\Roaming\Microsoft 2009-03-05 20:04 --------- d-----w c:\users\Ismaïl\AppData\Roaming\STOPzilla! 2009-03-05 16:59 --------- d-----w c:\program files\Avanquest update 2009-03-04 17:28 --------- d-----w c:\program files\TVAnts 2009-02-28 00:57 --------- d-----w c:\program files\MSN Messenger 2009-02-28 00:52 --------- d-----w c:\progra~2\WLInstaller 2009-02-27 23:48 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2009-02-27 20:50 --------- d-----w c:\program files\StuffPlug3 2009-02-27 20:37 --------- d-----w c:\progra~2\STOPzilla! 2009-02-27 17:40 --------- d-----w c:\progra~2\Ulead Systems 2009-02-27 17:16 --------- d-----w c:\progra~2\SITEguard 2009-02-25 22:24 --------- d-----w c:\program files\Windows Live Safety Center 2009-02-23 17:36 --------- d-----w c:\program files\DivX 2009-02-04 12:00 --------- d-----w c:\users\Ismaïl\AppData\Roaming\uTorrent 2009-02-03 23:36 --------- d-----w c:\users\Ismaïl\AppData\Roaming\FileZilla 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2009-01-15 00:05 --------- d-----w c:\program files\HyCam2 2008-08-18 13:22 174 --sha-w c:\program files\desktop.ini 2007-10-30 09:43 18,164,640 ----a-w c:\users\Ismaïl\aaw2007.exe 2007-10-30 09:43 18,164,640 ----a-w c:\users\Ismaïl\aaw2007.exe 2007-10-23 17:39 17,012,488 ----a-w c:\users\Ismaïl\avast_avast_4.7.1043_francais_anglais_11113.exe 2007-10-23 17:39 17,012,488 ----a-w c:\users\Ismaïl\avast_avast_4.7.1043_francais_anglais_11113.exe 2007-09-12 15:11 92,889,307 ----a-w c:\users\Ismaïl\Acer OrbiCam (Logitech).zip 2007-09-12 15:11 92,889,307 ----a-w c:\users\Ismaïl\Acer OrbiCam (Logitech).zip 2009-01-06 23:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-06 23:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-06 23:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-06 23:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-06 23:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-01-10 20:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-10 20:15 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-10 20:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{52836EB0-631A-47B1-94A6-61F9D9112DAE}"= "c:\program files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll" [2009-02-03 404216] [HKEY_CLASSES_ROOT\clsid\{52836eb0-631a-47b1-94a6-61f9d9112dae}] [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendation.1] [HKEY_CLASSES_ROOT\TypeLib\{8A12A664-9694-4C5A-BB6E-269507393176}] [HKEY_CLASSES_ROOT\SearchRecsPlugin.SearchRecommendations] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB ealsched.exe" [2007-11-28 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664] "STOPzilla"="c:\program files\STOPzilla!\STOPzilla.exe" [2005-06-03 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 618557] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalUserRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\STOPzilla] 2005-06-03 22:20 24576 c:\windows\System32\IS3WLHandler.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32 qRHwWqr [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-223507956-874800629-4062505872-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E0E08C24-18C7-4055-8C15-87F8CD6D4794}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{874CBB6B-8F7C-4D69-AC7B-EC6064F1BB6E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{EC81C063-6E53-4231-BB9C-647517999976}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{540A0FA4-8CA2-410F-9BEE-B66F8B678120}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{E9FC16FF-638B-440E-A4B3-3BFBB18AF387}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{69985774-1490-4A9C-BE01-8D49DA06CAA8}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{2D1EDF04-8B6D-4B43-B35D-EB776552041F}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{55085F16-4C38-4F8D-AABE-965F98D508EB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{34C837E0-7A02-43CE-BDE1-A0A41432078B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CCA36443-11EE-498A-BA25-E228F901D84F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{03BBE883-0458-4186-B156-9824AC840363}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B5D2585D-B27D-4C24-A196-5C7B6D99BC63}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{C625758C-159B-4FB0-A026-723C44DAD491}c:\program files\sopcast\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{C07C07CA-4583-458C-B6D5-80ED22439440}c:\program files\sopcast\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{B1737D7A-2A61-4BF8-BE0A-8602D8BD0B61}c:\users\ismaïl\appdata\roaming\sopcast\adv\sopadver.exe"= UDP:c:\users\ismaïl\appdata oaming\sopcast\adv\sopadver.exe:sopadver.exe "UDP Query User{E67CA718-3CDC-429C-BBC6-E2ACA0B226D9}c:\users\ismaïl\appdata\roaming\sopcast\adv\sopadver.exe"= TCP:c:\users\ismaïl\appdata oaming\sopcast\adv\sopadver.exe:sopadver.exe "TCP Query User{2E130F72-CB13-4E9B-8FBF-316236E93D46}c:\program files\veoh networks\veoh\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{900310A6-1CB0-4EE1-A5CA-D9664362F72F}c:\program files\veoh networks\veoh\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{B23D7F1B-5710-4BD2-8312-4136FD12D5EA}c:\program files\tvants\tvants.exe"= UDP:c:\program files vants vants.exe:TVAnts "UDP Query User{D3BE359D-37E5-492A-B9DE-D789DD32CBAC}c:\program files\tvants\tvants.exe"= TCP:c:\program files vants vants.exe:TVAnts "TCP Query User{E3A0DC86-6C6F-46AF-B000-150D930C835A}c:\program files\sopcast\adv\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{478F5A2F-CA1A-453F-AABF-31316684D8FC}c:\program files\sopcast\adv\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{D40DBC3D-FC39-4E6D-B2B7-6AA229F574D3}c:\program files\tvuplayer\tvuplayer.exe"= UDP:c:\program files vuplayer vuplayer.exe:TVUPlayer Component "UDP Query User{B95592AA-F015-4837-AA54-3CC314E68D47}c:\program files\tvuplayer\tvuplayer.exe"= TCP:c:\program files vuplayer vuplayer.exe:TVUPlayer Component "TCP Query User{91687FDC-AACD-4157-AD2B-B0C236F53D81}c:\program files\dmv\maxtv\maxtv.exe"= UDP:c:\program files\dmv\maxtv\maxtv.exe:MaxTV "UDP Query User{67339F86-F526-49E9-8775-15A18D738FE0}c:\program files\dmv\maxtv\maxtv.exe"= TCP:c:\program files\dmv\maxtv\maxtv.exe:MaxTV "TCP Query User{563A50EA-8B47-433F-BC96-F0DD8DD316CB}c:\program files\winfast\wfdtv\dvbtap.exe"= UDP:c:\program files\winfast\wfdtv\dvbtap.exe:WinFast DTV Application "UDP Query User{264445AB-E4A5-4A99-B2FD-4CE5BD05202B}c:\program files\winfast\wfdtv\dvbtap.exe"= TCP:c:\program files\winfast\wfdtv\dvbtap.exe:WinFast DTV Application "{EF58FEA6-863D-4130-ADCC-17F0B638BE5C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{12B81337-24BE-4C73-B705-7165D7C93423}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{A39D2BF6-3FF8-4749-9AF2-13D546D13161}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{3202B15C-E4A4-4DFE-8855-A0A490E6805F}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{DEDDC027-E479-41B5-BC24-34BCAB185EA7}c:\program files\f-irc\f-irc.exe"= UDP:c:\program files\f-irc\f-irc.exe:Client IRC "UDP Query User{A5C5EF2A-A266-4FF6-932E-A4F017655369}c:\program files\f-irc\f-irc.exe"= TCP:c:\program files\f-irc\f-irc.exe:Client IRC "TCP Query User{51F67CBB-14BB-405D-8C6A-C783EDFF2163}c:\program files\edonkey2000\edonkey2000.exe"= UDP:c:\program files\edonkey2000\edonkey2000.exe:edonkey2000 "UDP Query User{7A15AE76-8E4B-442B-8C81-088BB38842D0}c:\program files\edonkey2000\edonkey2000.exe"= TCP:c:\program files\edonkey2000\edonkey2000.exe:edonkey2000 "TCP Query User{BBAFEF2F-6524-41D4-A331-8C191C06BC1D}c:\program files\sony ericsson\update service\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{BB2AE264-C75E-4FC4-9EFD-7FFA5E7580B3}c:\program files\sony ericsson\update service\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{8E06FDDE-5808-4B25-BBF7-4AE7324A1C3F}c:\program files\maïdo production\izispot 4\izispot.exe"= UDP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot "UDP Query User{602EBA4E-724B-414F-8081-2E0FC1913A33}c:\program files\maïdo production\izispot 4\izispot.exe"= TCP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot "TCP Query User{37AD186E-5CA4-4BB3-870A-08415AF62738}c:\program files\uusee\uuseeplayer.exe"= UDP:c:\program files\uusee\uuseeplayer.exe:UUPlayer "UDP Query User{7C86DAFF-68A9-4C94-B901-288D6354DF1B}c:\program files\uusee\uuseeplayer.exe"= TCP:c:\program files\uusee\uuseeplayer.exe:UUPlayer "{BF45F317-BC04-47CC-922E-86BE03BC9F9C}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{BE4F11F0-BF0D-4EC7-B09C-8808A79AA1F9}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{0749FDC1-D4EF-4B27-B847-E43E90DB91B8}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{67A6782B-7E28-4765-ADC7-FE3651763497}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{C6C86BFC-6616-4196-A8F5-08B258763E57}c:\program files\shareaza\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "UDP Query User{427C51A3-CD32-45D6-BB92-3E2F3CB04C2D}c:\program files\shareaza\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "TCP Query User{B4E8E4E6-44B4-45CD-B29F-BA4BE16C8EF2}c:\program files\tmnationsforever\tmforever.exe"= UDP:c:\program files mnationsforever mforever.exe:TmForever "UDP Query User{C1A8CD7E-D702-4B9F-ADC0-6F336910BCAC}c:\program files\tmnationsforever\tmforever.exe"= TCP:c:\program files mnationsforever mforever.exe:TmForever "{9FB395B5-CDA9-438C-A878-79660E0F72F7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{1098A857-E973-404D-811F-11B68AAB6FD0}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{8FC0EA03-DF38-44FD-AC78-0156D33C4EBC}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{CF1E8758-0D59-4774-A4E5-A9B585FAE5A0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{6222529F-F43E-47D1-999D-593F3869FAA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{B9EA2F68-AE98-4735-AAAD-8825745BBF5B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{5FDF7FE4-580F-4FD2-9DD1-34FD2442BED2}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{28D882F3-90EF-453A-890A-C9C5472EDB47}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{467CDD35-8867-4C9A-8077-1A77CECC740C}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{4A15578C-5420-41C9-B74D-1B9E12BE65C1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{06DCF6B7-4907-4FA3-A718-23EBC7713B2C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\Program Files\uusee\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\System32\drivers\fbxusb32.sys [2004-10-20 21344] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f45373-a81a-11dd-a98f-b9b86a340232}] \shell\AutoRun\command - E:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cca2c6b-4e45-11dc-ad27-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cca2c7f-4e45-11dc-ad27-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8bf566-515a-11dc-a9f5-0016d4d0af92}] \shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d0e94a8-5250-11dd-8241-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d0e94a9-5250-11dd-8241-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d52cf3-4b7e-11dd-96d8-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ea2181d-5022-11dd-b628-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ea2181e-5022-11dd-b628-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaba39a5-4b84-11dd-a485-806e6f6e6963}] \shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d48998-4f20-11dd-ba16-0016d4d0af92}] \shell\AutoRun\command - E:\AutoRun.exe . . ------- Examen supplémentaire ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: ebay.fr\signin Trusted Zone: localhost TCP: {266E4490-6631-4853-A120-76D34C790286} = 192.168.0.1 DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\users\ISMAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihjfob.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions alkback@mozilla.org\components\qfaservices.dll FF - component: c:\users\Ismaïl\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihjfob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\users\Ismaïl\AppData\Roaming\Mozilla\Firefox\Profiles\i5ihjfob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-06 21:55:33 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Common Files\STOPzilla!\SZServer.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\Slave.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\UI0Detect.exe c:\windows\System32\conime.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2009-03-06 22:03:13 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-06 21:03:08 ComboFix2.txt 2009-03-06 15:26:38 Avant-CF: 69 385 441 280 octets libres Après-CF: 69,086,851,072 octets libres 314 --- E O F --- 2009-03-06 03:13:22 Est-ce normal que ma barre de tache a disparu??? et aufaite, impossible de faire un scan avec les 3 sites que tu m'as donné, il me demande d'installer le control activ x, je clique sur la barre jaune pour l'installer. mais rien ne se passe.

bachiri78 · Answer

ma barre de tche est réapparu
l'ordi m'a l'air d'aller beaucoup mieu déja, mais il y a quand meme 2-3 bugs encore : 

- Wifi ne fonctionne plus
- Ecriture chinoise sur internet explorer
- et windows me demande une autorisation pour tout ce que je fais
- internet se deconnecte de temps en temps tout seul

jlpjlp · Answer

analyse ces deux fichiers sur virus total et colle les rapports:  https://www.virustotal.com/gui/
c:\windows\Slave.exe
c:\windows\servicing\TrustedInstaller.exe 
_______________

Telecharge FindyKill sur ton bureau :

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

bachiri78 · Answer

Pour Slave.exe 

MD5: 570d88f7eb72face6c42d92dc94d68b6 
First received: 2007.07.11 10:26:03 (CET) 
Date 2007.11.29 07:29:43 (CET) [>464D] 
Résultats 10/32 
Permalink: analisis/7a062cf4f73c375e7d747cc047789973 


Fichier Slave.exe reçu le 2007.11.29 07:29:43 (CET)
Situation actuelle: terminé 

Résultat: 10/32 (31.25%)
 Formaté Impression des résultats  
Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 - - - 
AntiVir - - - 
Authentium - - - 
Avast - - - 
AVG - - - 
BitDefender - - - 
CAT-QuickHeal - - (Suspicious) - DNAScan 
ClamAV - - - 
DrWeb - - - 
eSafe - - suspicious Trojan/Worm 
eTrust-Vet - - - 
Ewido - - - 
F-Prot - - - 
F-Secure - - - 
FileAdvisor - - - 
Fortinet - - RAT/Remoteanythng 
Ikarus - - not-a-virus:RemoteAdmin.Win32.RA.52622 
Kaspersky - - - 
McAfee - - potentially unwanted program RemAdm-RemoteAnythng 
Microsoft - - - 
NOD32v2 - - a variant of Win32/RemoteAnything 
Norman - - - 
Panda - - Application/RemoteAnything 
Prevx1 - - TROJAN.PWDSTEALER.GEN 
Rising - - - 
Sophos - - Remote-Anything 
Sunbelt - - VIPRE.Suspicious 
Symantec - - - 
TheHacker - - - 
VBA32 - - - 
VirusBuster - - - 
Webwasher-Gateway - - - 
Information additionnelle 
MD5: 570d88f7eb72face6c42d92dc94d68b6 
SHA1: 7e9c304f619bdc10f1cff4971638ac2f734d240d 
SHA256: 6784cad61103dfc7eb1161694ab365e6851a0e16c64f7c0a8f46c80e8fb25192 
SHA512: f3454319845726dc8b9f378244070e0d0e6b8b52a9aac7f17b46fb2d5d2837af3588cbb15044aa52c48bea5b33ed5d8cc37f81839b56882d79fa0c00fb26aca6 



POUR Trustedinstalle.exe

MD5: 16613a1bad034d4ecf957af18b7c2ff5 
First received: - 
Date 2009.02.28 18:57:59 (CET) [>6D] 
Résultats 0/39 
Permalink: analisis/8d5e1b99e8ad80f5d7f3d40025774015 


Fichier TrustedInstaller.exe reçu le 2009.02.28 18:49:11 (CET)
Situation actuelle: terminé 

Résultat: 0/39 (0.00%)
 Formaté Impression des résultats  
Antivirus Version Dernière mise à jour Résultat 
a-squared 4.0.0.101 2009.02.28 - 
AhnLab-V3 5.0.0.2 2009.02.27 - 
AntiVir 7.9.0.98 2009.02.28 - 
Authentium 5.1.0.4 2009.02.28 - 
Avast 4.8.1335.0 2009.02.27 - 
AVG 8.0.0.237 2009.02.27 - 
BitDefender 7.2 2009.02.28 - 
CAT-QuickHeal 10.00 2009.02.28 - 
ClamAV 0.94.1 2009.02.28 - 
Comodo 986 2009.02.20 - 
DrWeb 4.44.0.09170 2009.02.28 - 
eSafe 7.0.17.0 2009.02.26 - 
eTrust-Vet 31.6.6376 2009.02.27 - 
F-Prot 4.4.4.56 2009.02.26 - 
F-Secure 8.0.14470.0 2009.02.27 - 
Fortinet 3.117.0.0 2009.02.28 - 
GData 19 2009.02.28 - 
Ikarus T3.1.1.45.0 2009.02.28 - 
K7AntiVirus 7.10.649 2009.02.27 - 
Kaspersky 7.0.0.125 2009.02.28 - 
McAfee 5539 2009.02.28 - 
McAfee+Artemis 5539 2009.02.28 - 
Microsoft 1.4306 2009.02.28 - 
NOD32 3896 2009.02.28 - 
Norman 6.00.06 2009.02.27 - 
nProtect 2009.1.8.0 2009.02.28 - 
Panda 10.0.0.10 2009.02.28 - 
PCTools 4.4.2.0 2009.02.28 - 
Prevx1 V2 2009.02.28 - 
Rising 21.18.52.00 2009.02.28 - 
SecureWeb-Gateway 6.7.6 2009.02.28 - 
Sophos 4.39.0 2009.02.28 - 
Sunbelt 3.2.1858.2 2009.02.28 - 
Symantec 10 2009.02.28 - 
TheHacker 6.3.2.6.267 2009.02.28 - 
TrendMicro 8.700.0.1004 2009.02.27 - 
VBA32 3.12.10.1 2009.02.26 - 
ViRobot 2009.2.28.1628 2009.02.28 - 
VirusBuster 4.5.11.0 2009.02.28 - 
Information additionnelle 
File size: 39424 bytes 
MD5...: 16613a1bad034d4ecf957af18b7c2ff5 
SHA1..: e3810d0bddafd1345efaabca5c26c5ce4bf4320a 
SHA256: 75499618187ed4385984f608d134bb298a4ccb339f70b31e4a8b2cf3e3558396 
SHA512: ea57846721c7bfd689511030ac92c0100615d2b171349f9b1b5bde458466bc50
9cbe10453a9f8813bd0c777af50c98b763d1fc9e5984ff730fe9a87906f8d604 
ssdeep: 384:hgeI6e2R5eDfcns5mymbGxQg7B6Cd/WjdnzXBmY/msuapxJh2JYCzx1FJ82/
ROCS:6eokmfd5cbEuFrAYVpIaCD8MndTNdY
 
PEiD..: - 
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1ca9
timedatestamp.....: 0x47918bff (Sat Jan 19 05:34:55 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7e41 0x8000 6.25 3e0f1a8b3bc20dbfc0a28484415cafc8
.data 0x9000 0x5fc 0x400 0.65 d4f3effa739cfa7d8475eeb5a825f1fe
.rsrc 0xa000 0x548 0x600 3.04 2edf723523bf891a4870df38312479ae
.reloc 0xb000 0xa2c 0xc00 6.25 2da2a8b6203a09816619bb0517d11a28

( 4 imports ) 
> ADVAPI32.dll: TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, SetServiceStatus, RegCloseKey, RegOpenKeyExW, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, RegOpenKeyW, RegCreateKeyExW, RegDeleteKeyW, CloseServiceHandle, CreateRestrictedToken, ConvertStringSidToSidW, OpenProcessToken, CreateProcessAsUserW, InitiateShutdownW, ChangeServiceConfigW, QueryServiceConfigW, OpenSCManagerW, OpenServiceW, RegEnumValueW, RegSetValueExW, RegQueryValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges
> KERNEL32.dll: GetExitCodeProcess, TerminateProcess, GetFileAttributesW, GetWindowsDirectoryW, GetCurrentProcess, GetFullPathNameW, lstrlenW, GetVersionExW, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedCompareExchange, InterlockedExchange, LocalFree, GetModuleFileNameW, LoadLibraryW, GetProcAddress, FreeLibrary, InterlockedDecrement, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, lstrcmpW, ExitProcess, HeapSetInformation, CreateEventW, Sleep, GetLastError, CreateThread, WaitForMultipleObjects, WaitForSingleObject, GetExitCodeThread, CloseHandle, SetEvent, ExpandEnvironmentStringsW
> msvcrt.dll: __2@YAPAXI@Z, wcstoul, _controlfp, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, memset, memcpy, malloc, memmove, __3@YAXPAX@Z, free, _terminate@@YAXXZ
> ole32.dll: CoGetMalloc, CoInitializeEx, CoInitializeSecurity, CoUninitialize, CoCreateInstance, CoRevokeClassObject, CoDisconnectContext, CoRegisterClassObject, CoResumeClassObjects, CoSuspendClassObjects

( 0 exports ) 
 
ThreatExpert info: https://www.broadcom.com/

bachiri78 · Answer

je ne trouve pas le log pour findykill :s :s :s

svppp il me faut de l'aide la mon ordinateur fait des trucs bizzard

wifi ne fonctionne toujours pas et impossibl de le faire fonctionner, j'ai pourtant reinstaller les drivers. il me dit service windows wifi non activé , je l'active mais sa marche toujours pas.
ya tout le temps un message de confirmation dés que j'entreprends quelques chose, faut que je clique sur continuer
windows me demande des update tout le temps mais ne les installe jamais jusq'au bout
sur internet explorer, impossible d'installer les controle Activex


bref je comprends plus rien je pete un cable.

Je te remercie beaucoup pour ton aide, ça c'est beaucoup améliorer mais apparement ya toujours des problèmes. ou du moins il faut que je retablisse les choses comme avant? 

que faire???

jlpjlp · Answer

télécharge OTMoveIt 
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved. 
(attention bien mettre :files)

:files
c:\windows\Slave.exe 
:commands
[purity]
[emptytemp]
[start explorer]



clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


____________________

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

bachiri78 · Answer

voila : 

========== FILES ==========
c:\windows\Slave.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\ISMAL~1\AppData\Local\Temp\~DF881B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ISMAL~1\AppData\Local\Temp\~DF885E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ISMAL~1\AppData\Local\Temp\~DF9665.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ISMAL~1\AppData\Local\Temp\~DF966C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows	emp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows	emp\ASPNETSetup_00000.log scheduled to be deleted on reboot.
File delete failed. C:\Windows	emp\MpCmdRun.log scheduled to be deleted on reboot.
File delete failed. C:\Windows	emp\MpSigStub.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03082009_144708

bachiri78 · Answer

Il est impossible pour moi de faire un scan en ligne Car il y a ce message lorsque je veux installer le controle activ x : 

vos paramètres de sécurité ne vous permettent pas aux sites web d'utiliser les controles active x installés sur cet ordinateurs ......

jlpjlp · Answer

utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo 
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html


___________________


Télécharge FindyKill sur ton bureau :

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque


____________________






rq: pour le wifi: 
erreur 1068 - Suite à infection virale de votre ordinateur avec un virus du type "bagle" ou "beagle" ... 

Vous n'arrivez plus a vous connecter avec votre wifi. Si vous allez dans les outils administration sur la page "services" pour activer "configuration automatique sans fil" vous avez l'erreur 1068. 

Si c'est votre cas et que vous vous etes arraché les cheveux, voici la solution: 

Vous devez aller dans la base de registre avec regedit ou autre. 

1. Demarrer > executer > Tapez : "regedit" en ok 

2. Allez sur HKEY Local Machine > system > CurrentControlSet > Services > Ndisuio 

Dans cette clé il y a une entrée nommée "START", double cliquez dessus. Cette entrée doit être 3 pour que le protocole NDIS E/S demarre correctement. 

Un virus comme "bagle / Beagle" change cette entrée et la met sur 4 (disable) et cause le probleme que vous avez. 

Reboutez ensuite votre PC et tout devrait rentrer dans l'ordre.

Avast Win32 non valide - mais aucun rapport d

19 réponses

Discussions similaires

Newsletters