win32:junkpoly ; win32:AuCrypt ; HTML:Iframe-

Question

Bonjour,
je suis infecté par une saleté de virus également. windowsXP SP3. Un scan Avast au démarrage a supprimé moulte fichiers infectés par win32:junkpoly ; win32:AuCrypt ; et HTML:Iframe-. 
malgré cela, Firefox plante toujours, et avast me signale des vers dès que j'ouvre une page internet sur ie. 
voici le log Hijack : 

Logfile of HijackThis v1.99.1
Scan saved at 08:52:50, on 12/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Vtune\TBPanel.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe


pourriez - vous me rappeler la marche à suivre ensuite ?? 
mille merci pour votre excellent job ! ;)
++

jlpjlp · Answer

Slt,


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

jlpjlp · Answer

ok tu as une infection par disque externe (clé usb ..) alors branche les   (surtout le disque K)

puis


Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
K:\qjatw9aj.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07082580-1cef-11dd-9ba3-001d9232877f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9027a7a2-0b10-11de-9da4-001d9232877f}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
______________


# Téléchargez ce tool de sUBs : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfec­tor.exe
# Double-cliquez dessus et laissez-vous guider.

______________


mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

Mettre a jour java:

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.
__________________

mettre a jour internet explorer

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
________________

colle un scan en ligne avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

guiocacho · Answer

slt jpljpl !

bon c'était un peu galère parce que mon internet explorer rame carrément :
et puis ça m'étonne que ça vienne du lecteur K: parce j'utilise rarement une clé USB
et même si un pote est venu avec la sienne, les pbs sont apparus plus tard,
suite au téléchargement d'un film ...

bon.
alors ......
reprenons .......

voici le post de ComboFix :

ComboFix 09-03-10.03 - 007 2009-03-12 21:32:19.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1531 [GMT 1:00]
Lancé depuis: c:\documents and settings\[u]0[/u]07\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\[u]0[/u]07\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
K:\qjatw9aj.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]

[COLOR=RED] c:\windows\system32\spoolsv.exe . . . est infecté!![/COLOR]

[COLOR=RED] c:\windows\explorer.exe . . . est infecté!![/COLOR]

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-12 au 2009-03-12 ))))))))))))))))))))))))))))))))))))
.

2009-03-12 20:38 . 2009-03-12 20:38 244 --ah----- C:\sqmnoopt07.sqm
2009-03-12 20:38 . 2009-03-12 20:38 232 --ah----- C:\sqmdata07.sqm
2009-03-12 20:36 . 2009-03-12 20:36 819 --a------ c:\windows\wininit.ini
2009-03-12 19:59 . 2009-03-12 20:19 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-12 19:59 . 2009-03-12 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-12 19:29 . 2009-03-12 19:29 244 --ah----- C:\sqmnoopt06.sqm
2009-03-12 19:29 . 2009-03-12 19:29 232 --ah----- C:\sqmdata06.sqm
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\program files\Anti-Malware
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 19:24 . 2009-03-12 19:24 <REP> d-------- c:\documents and settings\[u]0[/u]07\Application Data\Malwarebytes
2009-03-12 19:24 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 19:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-12 19:19 . 2009-03-12 19:20 <REP> d-------- C:\rsit
2009-03-12 19:19 . 2009-03-12 19:39 <REP> d-------- c:\program files\trend micro
2009-03-12 19:18 . 2009-03-12 19:18 244 --ah----- C:\sqmnoopt05.sqm
2009-03-12 19:18 . 2009-03-12 19:18 232 --ah----- C:\sqmdata05.sqm
2009-03-12 10:17 . 2009-03-12 10:17 244 --ah----- C:\sqmnoopt04.sqm
2009-03-12 10:17 . 2009-03-12 10:17 232 --ah----- C:\sqmdata04.sqm
2009-03-12 09:51 . 2009-03-12 09:51 <REP> d-------- c:\program files\RegistryFix7
2009-03-12 09:47 . 2009-03-12 09:47 244 --ah----- C:\sqmnoopt03.sqm
2009-03-12 09:47 . 2009-03-12 09:47 232 --ah----- C:\sqmdata03.sqm
2009-03-12 08:40 . 2009-03-12 08:40 244 --ah----- C:\sqmnoopt02.sqm
2009-03-12 08:40 . 2009-03-12 08:40 232 --ah----- C:\sqmdata02.sqm
2009-03-12 08:39 . 2009-03-12 08:39 244 --ah----- C:\sqmnoopt01.sqm
2009-03-12 08:39 . 2009-03-12 08:39 232 --ah----- C:\sqmdata01.sqm
2009-03-11 18:08 . 2009-03-11 18:08 <REP> d-------- c:\documents and settings\[u]0[/u]07\Application Data\vlc
2009-03-11 17:57 . 2009-03-11 17:57 <REP> d-------- c:\program files\VideoLAN
2009-03-11 17:56 . 2009-03-12 08:52 <REP> d-------- c:\program files\Hijackthis Version Française
2009-03-11 10:23 . 2009-03-11 10:27 <REP> d-------- c:\program files\MSECache
2009-03-06 19:58 . 2009-03-06 19:58 <REP> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-21 20:27 . 2009-02-21 20:27 <REP> d--h----- c:\windows\PIF
2009-02-19 20:50 . 2009-02-19 20:50 <REP> d-------- c:\program files\Mp3 Converter
2009-02-19 20:50 . 2009-02-19 20:50 <REP> d-------- c:\program files\Fichiers communs\DVDVIDEOSOFT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 19:23 --------- d-----w c:\program files\PKR
2009-03-12 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-12 07:31 --------- d-----w c:\program files\Avast4
2009-03-11 19:06 --------- d-----w c:\program files\Vtune
2009-03-11 19:05 --------- d-----w c:\program files\QuickTime
2009-03-11 18:54 --------- d-----w c:\documents and settings\[u]0[/u]07\Application Data\Camfrog
2009-03-11 17:08 --------- d-----w c:\documents and settings\[u]0[/u]07\Application Data\dvdcss
2009-03-11 16:11 --------- d-----w c:\documents and settings\[u]0[/u]07\Application Data\uTorrent
2009-03-11 15:39 --------- d-----w c:\program files\DVD Shrink
2009-03-07 19:26 --------- d-----w c:\documents and settings\[u]0[/u]07\Application Data\U3
2009-03-06 18:58 --------- d-----w c:\program files\HP
2009-03-06 18:58 --------- d-----w c:\program files\Hewlett-Packard
2009-03-02 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-02 13:07 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-08 15:06 --------- d-----w c:\documents and settings\[u]0[/u]07\Application Data\Skype
.

------- Sigcheck -------

2008-04-14 03:34 1055232 a07e766b1bc2fab4dcb1556af308a619 c:\windows\explorer.exe
2007-06-13 14:10 1054720 d8e0a47e803ae9499df540eb83d90865 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 1054720 2541e65fcf04ada040025aed7933032b c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-20 00:09 1054208 7c89f799139194f330a59a419b9ecd22 c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 1055744 ec023ba40dd03933d78b261a9f4d12b0 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-20 00:09 32768 1bc3928a1c07f624ac2628d1194a451f c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 32768 10849e43f8e996b6bd15de7d318d87be c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 32768 7cd68c8ccc1ff03c5810f43e7abc01d7 c:\windows\system32\ctfmon.exe

2005-06-11 00:53 75264 ee2a6f46778be4b663e6238459b9240c c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-11 01:17 75264 4e48ed8100df377374afd66dfbd9ebc9 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:53 75264 3d35526c16ecaa5329b4a200c6dc5934 c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-20 00:10 75264 059d2e9f7761519cb69c9c4f3366b3fd c:\windows\$NtUninstallKB896423$\spoolsv.exe
2003-04-24 13:00 68608 faed1f81c90e4c4747c85840602b2dc0 c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
2008-04-14 03:34 75264 27011459039312d8ec851e55ce177965 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:34 75264 0f94069c8f94ffa4d310428efac333a3 c:\windows\system32\spoolsv.exe

2004-08-20 00:10 42496 62bf0dc0d9d3eb1c7931ed6be7086317 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:34 44032 5e8f06fbd5e3a61abef595da41aa55e1 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 44544 be5ae70943a41eb97da63d8fbed393c2 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32768]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1712640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2007-06-26 2179072]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 434176]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-12 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"e:\\GTAIV\\RockStarSC\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\GTAIV\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\GTAIV\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1262:UDP"= 1262:UDP:Windows Media Format SDK (firefox.exe)
"1263:UDP"= 1263:UDP:Windows Media Format SDK (firefox.exe)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-22 20560]
S1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys --> c:\windows\system32\drivers\DCxxMJPG.sys [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-07-18 215040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3142216a-b6ec-11dd-9cf9-001d9232877f}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9027a7a1-0b10-11de-9da4-001d9232877f}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-RunOnce-<NO NAME> - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
FF - ProfilePath - c:\documents and settings\[u]0[/u]07\Application Data\Mozilla\Firefox\Profiles\tfaimdn6.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 21:34:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1275210071-790525478-839522115-1002\Software\SecuROM\License information*]
"datasecu"=hex:d0,99,5f,5a,2b,90,4b,5b,ff,b4,13,8e,5d,de,40,b9,0b,24,d7,c9,bf,
af,1e,aa,f5,d5,ac,74,62,3d,d4,7f,76,bf,9b,4b,a1,8c,1e,4c,e9,70,dd,25,a0,38,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Bonjour\mdnsNSP.dll
.
Heure de fin: 2009-03-12 21:35:04
ComboFix-quarantined-files.txt 2009-03-12 20:35:00

Avant-CF: 63 978 876 928 octets libres
Après-CF: 64,127,909,888 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
207 --- E O F --- 2009-03-11 16:15:09

puis, le rapport JAva :

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Mar 12 22:44:32 2009

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

et enfin le rapport de l'analyse en ligne bitdefender :

(ah oui j'avais oublié de préciser que j'ai tenté un point de restauration antérieur d'une semaine à la suite de l'apparition des problèmes qui n'a absolument rien changé ... )

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Mar 12 22:44:32 2009

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

et enfin le rapport de l'analyse en ligne BitDefender :

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Thu, Mar 12, 2009 - 23:40:51

--------------------------------------------------------------------------------

Info d'analyse

Fichiers scannés
100296

Infectés Fichiers
12

Virus Détectés

Gen:Trojan.Heur.P30B04F1F1F
2

Gen:Trojan.Heur.P1000FFAFAF
1

GenPack:Win32.Generic.5263
2

Trojan.Generic.1539828
2

Win32.Mydoom.ABS
1

Trojan.Kobcka.HN
2

Trojan.Agent.AGSP
1

Trojan.Generic.1248794
1

--------------------------------------------------------------------------------

Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.

voilà !!! au rapport doc ! alors, quelles peuvent bien être les futures consignes après ces tous ces scans et mises à jours ... ??? un diagnostic ??? une bonne nouvelle ???
en tous cas merci pour ton aide, je crois avoir démoulé la mouise, c'est un bon début ! :-p
à ++

jlpjlp · Answer

ok c'est mieux

mais la mauvaise nouvelle c'est que pour le scan en ligne il me faut un rapport complet avec les fichiers infectés et les actions effectuée... refais en un svp pour voir

puis remet un rapport RSIT et dis si encore des soucis avec ton pc

guiocacho · Answer

bon ,  me suis réveillé ce matin après un scan en ligne avec PandaSoftware ... 
mais mon ordi ne reconnaît plus ma carte ethernet :-/ donc plus du tout accès à un scan en ligne, 
ni à une quelconque page internet... alors que les voyants derrière la tour de la carte ethernet sont bien allumés, 
elle n'a donc pas complètement grillé, et que mon modem reconnaît bien la présence de l'ordi .... 
Je suis donc sur ce pb actuellement, déjà, et à deux doigts de sauvegarder les archives du lecteur C: 
pour le formater et réinstaller Windows et tout ce qui s'en suit ....  
je te tiens au courant .... 
++

jlpjlp · Answer

réinstalle le pilote de la carte ethernet depuis ton cd de depart

ou en cherchant le pilote sur le net



sinon en attendant connecte toi en usb ou wifi

guiocacho · Answer

j'ai bien tenté de réinstaller le pilote depuis le CD de départ mais rien n'y fait ! 
alors que je débranche et rebranche mon modem, et il trouve bien l'ordi ! 
les voyants derrière la tour sont toujours allumés .... c'est donc effectivement un pb de 
reconnaissance de la carte par l'ordi je pense ... 
et finalement je n'arrive même pas à formater le disque C: il me dit que certains pgms y ont encore accès, malgré que je ferme tous les pgms dans la barre des tâches et que je termine les processus dans le gestionnaire des tâches ... voilà on s'ouvre une bouteille de rosé et on va tout lui mettre à cet ordi !! 
je te tiens au courant ! 
++

guiocacho · Answer

et bien une réinstallation de windows a réglé tous les pbs ... 
la bouteille de rosé a eu raison du PC et de mon pôvre crâne, 
merci encore jpljpl 
bon WE

jlpjlp · Answer

pour protéger gratos ton ordi
https://www.commentcamarche.net/telecharger/ 4 securite

mettre un antivirus
ANTIVIR ou AVG 8     ou ((avast))
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

Win32:junkpoly ; win32:AuCrypt ; HTML:Iframe-

9 réponses

Votre réponse

Discussions similaires

Newsletters