Sujet Précédent Sujet Suivant

Avast et spybot application win32 non valid

Giny_2 Messages postés 33 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

un message s'affiche quand je veux lancer avast.. après visite sur le site j'ai téléchargé comme conseillé dans plusieurs message findykill, je l'ai exécuter.. et récupéré le rapport (ci-joint) mais je n'y comprends rien maintenant je fais quoi???
merci toute aide et la bienvenue, mon pc rame comme jamais...

############################## [ FindyKill V4.721 ]

# User : alex (Administrateurs) # ALEX-C1DB4965DD
# Update on 29/03/09 by Chiquitine29
# Start at: 11:49:47 | 01/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) processor
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 14,62 Go (5,37 Go free) [WinXP] # NTFS
# D:\ # Disque fixe local # 37,31 Go (35,78 Go free) [40Go] # NTFS
# E:\ # Disque fixe local # 14 Go (8,99 Go free) # FAT32
# F:\ # Disque CD-ROM # 701,67 Mo (0 Mo free) [My Disc] # CDFS
# G:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\alex\Application Data\m\flec006.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe" (1556)
"C:\Documents and Settings\alex\Application Data\m\flec006.exe" (2792)
"C:\WINDOWS\system32\wintems.exe" (1072)

################## [ Fichiers / Dossiers infectieux C:\ ]

################## [ C:\WINDOWS & C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\15143635.EXE-3467C9EC.pf
Found ! - C:\WINDOWS\prefetch\15224972.EXE-0DFEBA18.pf
Found ! - C:\WINDOWS\prefetch\15266762.EXE-32F3E424.pf
Found ! - C:\WINDOWS\prefetch\15270858.EXE-3760776C.pf
Found ! - C:\WINDOWS\prefetch\15277317.EXE-23B99462.pf
Found ! - C:\WINDOWS\prefetch\15545142.EXE-04D70746.pf
Found ! - C:\WINDOWS\prefetch\216821.EXE-01D6B646.pf
Found ! - C:\WINDOWS\prefetch\292961.EXE-36C6C023.pf
Found ! - C:\WINDOWS\prefetch\294633.EXE-10CB8606.pf
Found ! - C:\WINDOWS\prefetch\30001830.EXE-008072C0.pf
Found ! - C:\WINDOWS\prefetch\30126770.EXE-1D5B7483.pf
Found ! - C:\WINDOWS\prefetch\30131707.EXE-1C97074A.pf
Found ! - C:\WINDOWS\prefetch\30141120.EXE-223B37EC.pf
Found ! - C:\WINDOWS\prefetch\30362539.EXE-020B05C2.pf
Found ! - C:\WINDOWS\prefetch\340379.EXE-1DE31047.pf
Found ! - C:\WINDOWS\prefetch\347960.EXE-1C76815C.pf
Found ! - C:\WINDOWS\prefetch\356242.EXE-2F295B53.pf
Found ! - C:\WINDOWS\prefetch\374137.EXE-2F943715.pf
Found ! - C:\WINDOWS\prefetch\44814359.EXE-1C08BFB3.pf
Found ! - C:\WINDOWS\prefetch\44890689.EXE-281E7188.pf
Found ! - C:\WINDOWS\prefetch\44931187.EXE-18E2330E.pf
Found ! - C:\WINDOWS\prefetch\44937256.EXE-251986E1.pf
Found ! - C:\WINDOWS\prefetch\44942854.EXE-10F69710.pf
Found ! - C:\WINDOWS\prefetch\45084908.EXE-07AEC097.pf
Found ! - C:\WINDOWS\prefetch\59539753.EXE-2E63FFC6.pf
Found ! - C:\WINDOWS\prefetch\59611797.EXE-36F391DE.pf
Found ! - C:\WINDOWS\prefetch\59745729.EXE-07A05419.pf
Found ! - C:\WINDOWS\prefetch\59752119.EXE-323CB84A.pf
Found ! - C:\WINDOWS\prefetch\59759219.EXE-1EB76298.pf
Found ! - C:\WINDOWS\prefetch\59905329.EXE-05F6BA86.pf
Found ! - C:\WINDOWS\prefetch\606722.EXE-184C3699.pf
Found ! - C:\WINDOWS\prefetch\78009261.EXE-03C6BEAF.pf
Found ! - C:\WINDOWS\prefetch\78089907.EXE-02223D4A.pf
Found ! - C:\WINDOWS\prefetch\78128633.EXE-2D3F936A.pf
Found ! - C:\WINDOWS\prefetch\78137756.EXE-05FF40D6.pf
Found ! - C:\WINDOWS\prefetch\78146969.EXE-06700E0A.pf
Found ! - C:\WINDOWS\prefetch\78298767.EXE-1737E3F6.pf
Found ! - C:\WINDOWS\prefetch\CRAC.EXE-00066BFE.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-256D8097.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Found ! - C:\WINDOWS\system32\mdelk.exe
Found ! - C:\WINDOWS\system32\wintems.exe
Found ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Found ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\.. Application Data ... ]

Found ! - "C:\Documents and Settings\alex\Application Data\m\flec006.exe"
Found ! - "C:\Documents and Settings\alex\Application Data\m\list.oct"
Found ! - "C:\Documents and Settings\alex\Application Data\m\data.oct"
Found ! - "C:\Documents and Settings\alex\Application Data\m\srvlist.oct"
Found ! - "C:\Documents and Settings\alex\Application Data\m\shared"
Found ! - "C:\Documents and Settings\alex\Application Data\m"
Found ! - "C:\Documents and Settings\alex\Application Data\drivers"
Found ! - "C:\Documents and Settings\alex\Application Data\drivers\srosa2.sys"
Found ! - "C:\Documents and Settings\alex\Application Data\drivers\wfsintwq.sys"
Found ! - "C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe"
Found ! - "C:\Documents and Settings\alex\Application Data\drivers\downld"

################## [ C:\Users...\Temp Files... ]

Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\A8RT4YKS\b64[1].jpg
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\A8RT4YKS\b64_1[1].jpg
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\A8RT4YKS\b64_6[1].jpg
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\A8RT4YKS\file[1].txt
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\PY86OYGJ\b64_3[1].jpg
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\PY86OYGJ\b64_3[2].jpg
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\XGVARYKS\b64_2[1].jpg
Found ! - C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\XGVARYKS\servernames[1].htm

################## [ Registre / Clés infectieuses ]

Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Recherche dans supports amovibles]

# Présence des fichiers :

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.721 ! ]
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
Utilisateur anonyme
 
bon supprime Malwarebytes de ton ordinateur on va reprendre a zero : lis bien

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharges :
Malwarebytes ou :
Malwarebytes

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

* Potasses le Tuto pour te familiariser avec le prg :

( cela dis, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

2
giny_2
 
ok mais j'ai déjà tout fais... on recommence pas de souci.. :)
0
Réponse 2 / 25
Utilisateur anonyme
 
non laisse tomber c'est tout decalé le topic j y ai plus rien compris

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
2
giny_2
 
bon alors je poste les deux rapport ....

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-04-04 14:56:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (38%) free of 15 GB
Total RAM: 383 MB (55% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [2007-08-09 528384]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-04-01 81000]
"Hiyo"=C:\Program Files\HiYo\bin\HiYo.exe [2009-03-19 197936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe /AUTO []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-04-01 2144088]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage
Notification de cadeaux MSN.lnk - C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\^^^^^.exe"="C:\WINDOWS\system32\^^^^^.exe:*:Enabled:Flash Media"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\alex\wfhwyr.exe"="C:\Documents and Settings\alex\wfhwyr.exe:*:Enabled:Nvidia"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\CaffeLatte\CafeClient\CafeProtocol.exe"="D:\CaffeLatte\CafeClient\CafeProtocol.exe:*:Enabled:Cafe.com URL Protocol host"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61c60e30-af18-11dc-83c1-0050fc7324d0}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80c2c2f0-0eb8-11dd-84b0-0050fc7324d0}]
shell\AutoRun\command - I:\ClickMe.exe


======List of files/folders created in the last 2 months======

2009-04-04 14:56:30 ----D---- C:\Program Files\trend micro
2009-04-04 14:56:28 ----DC---- C:\rsit
2009-04-03 11:21:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-03 11:10:52 ----D---- C:\WINDOWS\ie8updates
2009-04-03 11:04:51 ----HDC---- C:\WINDOWS\ie8
2009-04-02 23:11:06 ----D---- C:\Documents and Settings\alex\Application Data\HiYo
2009-04-02 23:10:27 ----D---- C:\Program Files\HiYo
2009-04-02 23:10:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\HiYo
2009-04-02 19:36:11 ----AC---- C:\FindyKill.txt
2009-04-01 13:31:49 ----D---- C:\Documents and Settings\alex\Application Data\Malwarebytes
2009-04-01 13:31:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-01 12:08:53 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-01 11:53:04 ----AC---- C:\FindyKill rapport 1.txt
2009-04-01 11:46:39 ----DC---- C:\FindyKill
2009-04-01 11:36:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-30 22:00:57 ----D---- C:\Program Files\QuickTime
2009-03-30 21:52:36 ----D---- C:\Program Files\Apple Software Update
2009-03-30 21:52:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2009-03-29 04:04:27 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-03-29 02:35:52 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2009-03-29 02:35:52 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2009-03-29 02:35:52 ----RA---- C:\WINDOWS\system32\lvcoinst.dll
2009-03-29 02:35:51 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2009-03-29 02:35:51 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2009-03-29 02:23:05 ----A---- C:\WINDOWS\system32\Lvkrn12n.dll
2009-03-29 02:23:05 ----A---- C:\WINDOWS\system32\LCamCpl.dll
2009-03-29 02:22:56 ----A---- C:\WINDOWS\system32\QCUI2.dll
2009-03-29 02:22:56 ----A---- C:\WINDOWS\system32\Ltwvc12n.dll
2009-03-29 02:22:56 ----A---- C:\WINDOWS\system32\ltkrn12n.dll
2009-03-29 02:22:55 ----A---- C:\WINDOWS\system32\ltimg12n.dll
2009-03-29 02:22:55 ----A---- C:\WINDOWS\system32\ltfil12n.DLL
2009-03-29 02:22:55 ----A---- C:\WINDOWS\system32\ltefx12n.dll
2009-03-29 02:22:55 ----A---- C:\WINDOWS\system32\LTDIS12n.dll
2009-03-29 02:22:54 ----A---- C:\WINDOWS\system32\lftif12n.dll
2009-03-29 02:22:54 ----A---- C:\WINDOWS\system32\lffax12n.dll
2009-03-29 02:22:54 ----A---- C:\WINDOWS\system32\LFCMP12n.DLL
2009-03-29 02:22:54 ----A---- C:\WINDOWS\system32\lfbmp12n.dll
2009-03-29 02:22:51 ----A---- C:\WINDOWS\system32\LQCUI2.dll
2009-03-29 02:22:11 ----A---- C:\WINDOWS\warhead.ini
2009-03-25 17:55:47 ----N---- C:\WINDOWS\system32\00023841.tmp
2009-03-25 17:31:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2009-03-25 17:31:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2009-03-25 17:30:47 ----D---- C:\Program Files\NortonInstaller
2009-03-25 17:30:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-03-23 18:17:59 ----D---- C:\Program Files\QUAD Utilities
2009-03-17 20:20:11 ----RA---- C:\WINDOWS\system32\InstMed.exe
2009-03-17 19:41:48 ----D---- C:\Program Files\Fichiers communs\LogiShrd
2009-03-17 19:36:04 ----D---- C:\Program Files\Labtec
2009-03-16 20:47:39 ----A---- C:\WINDOWS\imsins.BAK
2009-03-12 01:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 01:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-12 01:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-12 01:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 14:17:46 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:17:30 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:16:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:15:48 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-03-07 04:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-12 04:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 2 months======

2009-04-04 14:56:30 ----RD---- C:\Program Files
2009-04-04 14:56:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-04 11:46:31 ----D---- C:\Program Files\Mozilla Firefox
2009-04-04 11:37:52 ----D---- C:\WINDOWS\Temp
2009-04-04 11:34:44 ----HD---- C:\WINDOWS\system32\drivers
2009-04-04 11:34:44 ----D---- C:\WINDOWS\system32
2009-04-04 11:34:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-03 16:40:07 ----D---- C:\WINDOWS\Prefetch
2009-04-03 11:13:35 ----D---- C:\WINDOWS
2009-04-03 11:12:55 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-03 11:12:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-03 11:12:54 ----HD---- C:\WINDOWS\inf
2009-04-03 11:12:54 ----D---- C:\WINDOWS\Media
2009-04-03 11:12:54 ----D---- C:\WINDOWS\Help
2009-04-03 11:12:54 ----D---- C:\Program Files\Internet Explorer
2009-04-03 11:11:11 ----HD---- C:\WINDOWS\msdownld.tmp
2009-04-03 11:09:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-03 11:06:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-03 11:02:36 ----D---- C:\WINDOWS\Debug
2009-04-03 11:01:30 ----SD---- C:\Documents and Settings\alex\Application Data\Microsoft
2009-04-02 23:10:39 ----SHD---- C:\WINDOWS\Installer
2009-04-02 23:10:31 ----SHD---- C:\Config.Msi
2009-04-01 12:59:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-01 11:36:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-03-30 22:00:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2009-03-30 21:53:10 ----SD---- C:\WINDOWS\Tasks
2009-03-30 19:34:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-30 12:26:29 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-03-29 02:22:25 ----D---- C:\Program Files\Logitech
2009-03-29 02:11:29 ----D---- C:\Program Files\ABBYY FineReader 4.0 Sprint
2009-03-17 22:54:30 ----D---- C:\WINDOWS\twain_32
2009-03-17 20:19:36 ----D---- C:\Program Files\Fichiers communs\Logitech
2009-03-17 20:02:35 ----D---- C:\WINDOWS\WinSxS
2009-03-17 19:41:48 ----D---- C:\Program Files\Fichiers communs
2009-03-16 23:48:28 ----D---- C:\Documents and Settings
2009-03-16 21:07:20 ----AC---- C:\WINDOWS\_delis32.ini
2009-03-16 20:29:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-16 20:23:28 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-03-16 20:21:19 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-16 20:19:28 ----D---- C:\Program Files\Iomega
2009-03-16 18:30:06 ----D---- C:\Program Files\CCleaner
2009-03-08 14:18:02 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:16:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-03-07 04:01:46 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-02-25 13:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-13 04:01:51 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-19 701440]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S3 bDMusicb;bDMusicb; \??\C:\DOCUME~1\alex\LOCALS~1\Temp\bDMusicb.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\alex\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-05 47360]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM); C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 52416]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys []
S4 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys []
S4 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys []
S4 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe []
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-07-04 172216]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-07-04 1224896]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-04-01 18752]
S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-04-01 138680]
S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-04-01 254040]
S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-04-01 352920]

-----------------EOF-----------------




et

info.txt logfile of random's system information tool 1.06 2009-04-04 14:56:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Cryptext (Remove Only)-->rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\ShellExt\Cryptext.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FindyKill-->C:\FindyKill\Uninstal.exe
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
HiYo -->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"
HiYo-->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
Installation de Microsoft Works Suite 2002-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe G:\
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Iomega Product Registration-->MsiExec.exe /X{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pharaon-->C:\WINDOWS\IsUn040c.exe -fd:\pharaon\SIERRA\Pharaon\Uninst.isu
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serif DrawPlus 3.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SiSoftware Sandra Lite XI.SP4a-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
USB Storage Driver-->DelUIDrv.exe
VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======System event log======

Computer Name: ALEX-C1DB4965DD
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 25683
Source Name: Service Control Manager
Time Written: 20090316193033.000000+060
Event Type: Informations
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 25682
Source Name: Service Control Manager
Time Written: 20090316193033.000000+060
Event Type: Informations
User: ALEX-C1DB4965DD\alex

Computer Name: ALEX-C1DB4965DD
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 25681
Source Name: Service Control Manager
Time Written: 20090316193033.000000+060
Event Type: erreur
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 25680
Source Name: Service Control Manager
Time Written: 20090316193033.000000+060
Event Type: Informations
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 25679
Source Name: Service Control Manager
Time Written: 20090316193033.000000+060
Event Type: Informations
User: ALEX-C1DB4965DD\alex

=====Application event log=====

Computer Name: ALEX-C1DB4965DD
Event Code: 102
Message: msnmsgr (2948) \\.\C:\Documents and Settings\alex\Local Settings\Application Data\Microsoft\Messenger\giny_2@hotmail.fr\SharingMetadata\Working\database_60EC_E74C_ECE7_1AD4\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 5846
Source Name: ESENT
Time Written: 20080929082204.000000+120
Event Type: Informations
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 100
Message: msnmsgr (2948) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 5845
Source Name: ESENT
Time Written: 20080929082204.000000+120
Event Type: Informations
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 101
Message: msnmsgr (2948) Le moteur de base de données est arrêté.

Record Number: 5844
Source Name: ESENT
Time Written: 20080929082038.000000+120
Event Type: Informations
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 103
Message: msnmsgr (2948) \\.\C:\Documents and Settings\alex\Local Settings\Application Data\Microsoft\Messenger\chrisetnoah@hotmail.fr\SharingMetadata\Working\database_60EC_E74C_ECE7_1AD4\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 5843
Source Name: ESENT
Time Written: 20080929082038.000000+120
Event Type: Informations
User:

Computer Name: ALEX-C1DB4965DD
Event Code: 102
Message: msnmsgr (2948) \\.\C:\Documents and Settings\alex\Local Settings\Application Data\Microsoft\Messenger\chrisetnoah@hotmail.fr\SharingMetadata\Working\database_60EC_E74C_ECE7_1AD4\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 5842
Source Name: ESENT
Time Written: 20080929074310.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------


voila....
0
Réponse 3 / 25
Utilisateur anonyme
 
bonjour superbe post !! lol

*****************************************************
************* Option 2 (Suppression) *************
*****************************************************

! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

* Le pc va redémarrer automatiquement ...

--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

Aides en images ( Suppression )
1
giny_2
 
je veux bien mais je le poste où????? mdr je suis un peu blonde faut pas m'en vouloir.... lol
0
giny_2
 
voila...


############################## [ FindyKill V4.721 ]

# User : alex (Administrateurs) # ALEX-C1DB4965DD
# Update on 29/03/09 by Chiquitine29
# Start at: 12:54:25 | 01/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) processor
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 14,62 Go (5,52 Go free) [WinXP] # NTFS
# D:\ # Disque fixe local # 37,31 Go (35,78 Go free) [40Go] # NTFS
# E:\ # Disque fixe local # 14 Go (8,99 Go free) # FAT32
# F:\ # Disque CD-ROM # 701,67 Mo (0 Mo free) [My Disc] # CDFS
# G:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\alex\Application Data\m\flec006.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe" (1676)
"C:\Documents and Settings\alex\Application Data\m\flec006.exe" (2844)
"C:\WINDOWS\system32\wintems.exe" (2852)

################## [ Infected Files / Folders C:\ ]


################## [ C:\WINDOWS & C:\WINDOWS\prefetch ]

Deleted ! - C:\WINDOWS\prefetch\15143635.EXE-3467C9EC.pf
Deleted ! - C:\WINDOWS\prefetch\15224972.EXE-0DFEBA18.pf
Deleted ! - C:\WINDOWS\prefetch\15266762.EXE-32F3E424.pf
Deleted ! - C:\WINDOWS\prefetch\15270858.EXE-3760776C.pf
Deleted ! - C:\WINDOWS\prefetch\15277317.EXE-23B99462.pf
Deleted ! - C:\WINDOWS\prefetch\15545142.EXE-04D70746.pf
Deleted ! - C:\WINDOWS\prefetch\216821.EXE-01D6B646.pf
Deleted ! - C:\WINDOWS\prefetch\292961.EXE-36C6C023.pf
Deleted ! - C:\WINDOWS\prefetch\294633.EXE-10CB8606.pf
Deleted ! - C:\WINDOWS\prefetch\30001830.EXE-008072C0.pf
Deleted ! - C:\WINDOWS\prefetch\30126770.EXE-1D5B7483.pf
Deleted ! - C:\WINDOWS\prefetch\30131707.EXE-1C97074A.pf
Deleted ! - C:\WINDOWS\prefetch\30141120.EXE-223B37EC.pf
Deleted ! - C:\WINDOWS\prefetch\30362539.EXE-020B05C2.pf
Deleted ! - C:\WINDOWS\prefetch\340379.EXE-1DE31047.pf
Deleted ! - C:\WINDOWS\prefetch\347960.EXE-1C76815C.pf
Deleted ! - C:\WINDOWS\prefetch\356242.EXE-2F295B53.pf
Deleted ! - C:\WINDOWS\prefetch\374137.EXE-2F943715.pf
Deleted ! - C:\WINDOWS\prefetch\44814359.EXE-1C08BFB3.pf
Deleted ! - C:\WINDOWS\prefetch\44890689.EXE-281E7188.pf
Deleted ! - C:\WINDOWS\prefetch\44931187.EXE-18E2330E.pf
Deleted ! - C:\WINDOWS\prefetch\44937256.EXE-251986E1.pf
Deleted ! - C:\WINDOWS\prefetch\44942854.EXE-10F69710.pf
Deleted ! - C:\WINDOWS\prefetch\45084908.EXE-07AEC097.pf
Deleted ! - C:\WINDOWS\prefetch\59539753.EXE-2E63FFC6.pf
Deleted ! - C:\WINDOWS\prefetch\59611797.EXE-36F391DE.pf
Deleted ! - C:\WINDOWS\prefetch\59745729.EXE-07A05419.pf
Deleted ! - C:\WINDOWS\prefetch\59752119.EXE-323CB84A.pf
Deleted ! - C:\WINDOWS\prefetch\59759219.EXE-1EB76298.pf
Deleted ! - C:\WINDOWS\prefetch\59905329.EXE-05F6BA86.pf
Deleted ! - C:\WINDOWS\prefetch\606722.EXE-184C3699.pf
Deleted ! - C:\WINDOWS\prefetch\78009261.EXE-03C6BEAF.pf
Deleted ! - C:\WINDOWS\prefetch\78089907.EXE-02223D4A.pf
Deleted ! - C:\WINDOWS\prefetch\78128633.EXE-2D3F936A.pf
Deleted ! - C:\WINDOWS\prefetch\78137756.EXE-05FF40D6.pf
Deleted ! - C:\WINDOWS\prefetch\78146969.EXE-06700E0A.pf
Deleted ! - C:\WINDOWS\prefetch\78298767.EXE-1737E3F6.pf
Deleted ! - C:\WINDOWS\prefetch\CRAC.EXE-00066BFE.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-256D8097.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\System32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\System32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\.. Application Data ... ]

Deleted ! - "C:\Documents and Settings\alex\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\alex\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\alex\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\alex\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\alex\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\alex\Application Data\m"
Deleted ! - "C:\Documents and Settings\alex\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\alex\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\alex\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\alex\Application Data\drivers"

################## [ C:\Documents and Settings\alex\.....\Temp Files... ]


################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-606747145-1708537768-854245398-1004\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

################## [ Cleaning Removable drives ]

# Deleting Files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\alex\Application Data\drivers\winupgro.exe
CRC32 .. : c640c8a3
MD5 .... : e676fac25f2c42b4f7c2626c01fd70ab

# -> Nothing found.

################## [ PEH Corrupted ]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
C:\Program Files\Alwil Software\Avast4\ashQuick.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
C:\Program Files\Alwil Software\Avast4\ashUpd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\sched.exe
C:\Program Files\Alwil Software\Avast4\VisthLic.exe
C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\Update.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Iomega\Registration\Register.exe
C:\Program Files\Labtec\WebCamWebInstall\Drivers\Bin\Update.exe
C:\Program Files\Logitech\QuickCamWebInstall\Drivers\Bin\Update.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911164\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB929969\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\update.exe

################## [ ! End of Report # FindyKill V4.721 ! ]
0
giny_2
 
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1933
Windows 5.1.2600 Service Pack 3

03/04/2009 06:27:16
mbam-log-2009-04-03 (06-27-16).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 154203
Temps écoulé: 40 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 35

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP962\A0231687.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP963\A0232103.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP964\A0232265.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232487.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232653.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232660.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232680.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232689.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232704.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232729.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0233724.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0233739.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234739.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234765.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234829.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234857.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0235874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236874.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236886.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236893.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236909.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP966\A0237245.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP968\A0237462.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP969\A0237529.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP969\A0237565.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP969\A0237589.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0237641.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238654.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238685.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238704.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238728.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238747.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238749.exe (Trojan.Packed) -> Quarantined and deleted successfully.
0
Réponse 4 / 25
Utilisateur anonyme
 
Télécharge HostXpert sur ton Bureau :

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

s'il est fermé , clique dessus :)

ensuite :

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe

:services
bDMusicb

:files
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
C:\WINDOWS\system32\^^^^^.exe
I:\ClickMe.exe
C:\WINDOWS\system32\00023841.tmp
C:\WINDOWS\_delis32.ini
C:\DOCUME~1\alex\LOCALS~1\Temp\bDMusicb.sys

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=-
"QuickTime Task"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=-
"updateMgr"=-
"LogitechSoftwareUpdate"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\^^^^^.exe"="C:\WINDOWS\system32\^^^^^.exe:*:Disabled:Flash Media"
"C:\WINDOWS\system32\^^^^^.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61c60e30-af18-11dc-83c1-0050fc7324d0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80c2c2f0-0eb8-11dd-84b0-0050fc7324d0}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
1
giny_2
 
voilà donc le rapport..

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver bDMusicb deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk moved successfully.
File/Folder C:\WINDOWS\system32\^^^^^.exe not found.
File/Folder I:\ClickMe.exe not found.
C:\WINDOWS\system32\00023841.tmp moved successfully.
C:\WINDOWS\_delis32.ini moved successfully.
File/Folder C:\DOCUME~1\alex\LOCALS~1\Temp\bDMusicb.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LVCOMSX deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LogitechSoftwareUpdate deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\^^^^^.exe"|"C:\WINDOWS\system32\^^^^^.exe:*:Disabled:Flash Media" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\^^^^^.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61c60e30-af18-11dc-83c1-0050fc7324d0}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80c2c2f0-0eb8-11dd-84b0-0050fc7324d0}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\+aWs2F2FRhjGTYIJpe66+F7J0U0C4= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\32F4wNR2FBF6Z32FFM23Wv2AK6rBb8= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\4BqaMVaGuuuDy8r8Ej2HDTJvxLE= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\4D5AH0Ux2FTgQhVq+MQd+4M9gCnY= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\8NvhMtSOP0ObHER7mtCZggLyrQY= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\Ay4em8hE6J6hBnTYdgQwSV4qiko= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\c9PVvAB5gd89BG+P2p1n2w26fs0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\cl8RlIpBkuAs720FyfjNL+JaZOA= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\DZ6JJnADqz3HYJQShcnpBncJOzM= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\JSe6ZEz8fy7ZgFyNnbq84n8bY+0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\Op44BoLdMxOB94nvNqJKhtkWbw0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\QN0GbQdJ5n4IlQuE2FgoT59I9KAs= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\qQzvntEteELnuRp2XcwYFd0yyJ0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\TO1GR2fV2FFWjs3Uw3pOV2FG2kSHA= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\UDUOtGmPNhZUdYI2S2FiCgk1arUM= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\uvgYbYQ3Xbp9i0di6EXbANZdQt8= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\Wd0qH8o9PHQZpt0vN2+yDeLDD0Y= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\alex\LOCALS~1\Temp\etilqs_zo0TdyL3ZJqZYvoX5Scj scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\XGVARYKS\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\XGVARYKS\ADSAdClient31[2].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04042009_204350

Files moved on Reboot...
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\+aWs2F2FRhjGTYIJpe66+F7J0U0C4= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\32F4wNR2FBF6Z32FFM23Wv2AK6rBb8= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\4BqaMVaGuuuDy8r8Ej2HDTJvxLE= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\4D5AH0Ux2FTgQhVq+MQd+4M9gCnY= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\8NvhMtSOP0ObHER7mtCZggLyrQY= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\Ay4em8hE6J6hBnTYdgQwSV4qiko= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\c9PVvAB5gd89BG+P2p1n2w26fs0= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\cl8RlIpBkuAs720FyfjNL+JaZOA= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\DZ6JJnADqz3HYJQShcnpBncJOzM= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\JSe6ZEz8fy7ZgFyNnbq84n8bY+0= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\Op44BoLdMxOB94nvNqJKhtkWbw0= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\QN0GbQdJ5n4IlQuE2FgoT59I9KAs= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\qQzvntEteELnuRp2XcwYFd0yyJ0= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\TO1GR2fV2FFWjs3Uw3pOV2FG2kSHA= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\UDUOtGmPNhZUdYI2S2FiCgk1arUM= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\uvgYbYQ3Xbp9i0di6EXbANZdQt8= moved successfully.
C:\DOCUME~1\alex\LOCALS~1\Temp\MessengerCache\Wd0qH8o9PHQZpt0vN2+yDeLDD0Y= moved successfully.
File C:\DOCUME~1\alex\LOCALS~1\Temp\etilqs_zo0TdyL3ZJqZYvoX5Scj not found!
C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\XGVARYKS\01[1].htm moved successfully.
C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\XGVARYKS\ADSAdClient31[2].txt moved successfully.
C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\fk3lj74m.default\XUL.mfl moved successfully.


je fais quoi maintenant???? lol
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Utilisateur anonyme
 
ok formidable

Télécharge HostXpert sur ton Bureau :

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

s'il est fermé , clique dessus :)

ensuite :

relances rsit et envoie nous le log.txt stp
1
giny_2
 
je doit relancer hostXpert ??? la j'ai fais que rsit je poste le rapport...

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-04-04 21:00:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (38%) free of 15 GB
Total RAM: 383 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:21, on 04/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alex\Bureau\RSIT.exe
C:\Program Files\trend micro\alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1238434471410
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) - http://www.logic-immo.com/locations/' + OAS_url + '1/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '
0
Réponse 6 / 25
Utilisateur anonyme
 
Passer de Avast à AntiVir :

Désinstalle via Ajout/Suppression de Programmes (si présents) :

* Avast!

Télécharge et exécute le Désinstalleur d'Avast!.:

Ceci effacera la majorité des traces du produit Avast! d'Alwil Software.

Télécharge Ccleaner sur ton Bureau. :

* Clique sur "download the latest version"
* Installe-le en laissant seulement les options suivantes cochées :

- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

* Lance le Nettoyage
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

plus de precision sur la configuration de ccleaner te seront donnees plus tard

tuto : Comment utiliser CCleaner.
***************

Télécharge Antivir en Francais ou :Antivir en Francais sur ton Bureau.:

* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* À la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !
* Dans l'onglet Protection Locale, choisis Contrôler.
* Active la recherche de rootkits via le + de Recherche de Rootkits, puis dans Sélection manuelle, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Aperçu, puis choisis Rapports, tu trouveras son rapport..
* Sélectionne le rapport et clique sur l'icône "Afficher le fichier de rapport du rapport sélectionné.

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? :Avast Vs Antivir

Tuto Antivir: Comment installer et utiliser AntiVir.

Configuration de Antivir (Merci Nico) :

clic droit sur son icone dans la barre des taches et séléctionner Configurer Antivir.

cocher la case : Mode Expert.

=> Cliquer sur Scanner dans le volet de gauche :

> Dans "Fichiers" séléctionner Tous les fichiers.

> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" séléctionner Elevé.

> Dans "Autres réglages" cocher toutes les cases.

NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !

=> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.

=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification ELEVE !

=> Dans le volet de gauche, dérouler "Guard" puis dérouler "Recherche" :

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'identification ELEVE !

1
giny_2
 
voila, Ccleaner et antivir sont installé es que je dois garder otmoveit3, rsit et malwarebytes ou es que je peux les supprimer maintenant???
0
giny_2
 
je te remercie pour ton aide... j'espère ne plus avoir de soucis maintenant!!!! lol
0
Giny_2 Messages postés 33 Statut Membre 3
 
voila...

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 04/05/2009 at 03:20 PM

Application Version : 4.26.1000

Core Rules Database Version : 3829
Trace Rules Database Version: 1785

Scan type : Complete Scan
Total Scan Time : 02:10:18

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 4768
Registry threats detected : 1
File items scanned : 60280
File threats detected : 22

Adware.Tracking Cookie
C:\Documents and Settings\alex\Cookies\alex@atdmt[2].txt
.xiti.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
.wysistat.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
.wysistat.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
.wysistat.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
stats.searchtrack.net [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
.yourmedia.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
tracking.lsfinteractive.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
www.cibleclick.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\6rwb9akb.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\c8525ksu.default\cookies.txt ]
.yourmedia.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\c8525ksu.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Profiles\default\bodq77bf.slt\cookies.txt ]
.yourmedia.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Profiles\default\bodq77bf.slt\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Profiles\default\bodq77bf.slt\cookies.txt ]
.mediatop.biz [ C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Profiles\default\bodq77bf.slt\cookies.txt ]

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-606747145-1708537768-854245398-1004\SOFTWARE\FunWebProducts
0
Giny_2 Messages postés 33 Statut Membre 3
 
la rapport Rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-04-05 18:39:11
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (38%) free of 15 GB
Total RAM: 383 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:58, on 05/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alex\Bureau\RSIT.exe
C:\Program Files\trend micro\alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1238434471410
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) - http://www.logic-immo.com/locations/' + OAS_url + '1/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '
0
Réponse 7 / 25
Utilisateur anonyme
 
comme tu as fait pour le premier
0
Giny_2 Messages postés 33 Statut Membre 3
 
heu .... ça marche toujours po ... snif
0
Réponse 8 / 25
Utilisateur anonyme
 
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharges :
Malwarebytes ou :
Malwarebytes

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

* Potasses le Tuto pour te familiariser avec le prg :

( cela dis, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Giny_2 Messages postés 33 Statut Membre 3
 
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1927
Windows 5.1.2600 Service Pack 3

02/04/2009 09:50:54
mbam-log-2009-04-02 (09-50-45).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 154029
Temps écoulé: 7 hour(s), 55 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 35

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP962\A0231687.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP963\A0232103.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP964\A0232265.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232487.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232653.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232660.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232680.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232689.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232704.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0232729.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0233724.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0233739.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234739.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234765.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234829.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234857.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0234874.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0235874.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236874.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236886.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236893.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP965\A0236909.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP966\A0237245.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP968\A0237462.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP969\A0237529.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP969\A0237565.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP969\A0237589.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0237641.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238654.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238685.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238704.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238728.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238747.exe (Rootkit.Dropper) -> No action taken.
C:\System Volume Information\_restore{2D197F9F-881B-4A44-8CE0-0DDBFEF069BB}\RP972\A0238749.exe (Trojan.Packed) -> No action taken.
0
Réponse 9 / 25
Utilisateur anonyme
 
je peux avoir le rapport de Malwarebytes apres suppression stp ?
0
Réponse 10 / 25
Giny_2 Messages postés 33 Statut Membre 3
 
heu .... je pensai que c'est ce qu'il m'as affiché après la deuxième étape... donc ce que j'ai mis ce matin ...je vais le chercher où ce rapport?????
0
Réponse 11 / 25
Utilisateur anonyme
 
lol

ouvres malwarebytes
onglet rapport/log
le drenier en date
0
Giny_2 Messages postés 33 Statut Membre 3
 
ya rien .................... je crise lol ................. bon je recommence et je vous dis ça demain, ça à pris 8h hier alors je ferai ça cette nuit... ;)
0
Réponse 12 / 25
Utilisateur anonyme
 
ok a la fin il faut "supprimer la selection"
0
Réponse 13 / 25
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Bonjour,

Les auteurs des malwares continuent de mettre des cracks... Arrêtez de télécharger des cracks! regardez ici les dangers : les dangers des cracks

Et après à la place de mettre avast!, il faudrait avg8 ou antivir9 --> test = https://forum.malekal.com/viewtopic.php?f=45&t=11659
0
Giny_2 Messages postés 33 Statut Membre 3
 
c'est quoi un crack?
0
Réponse 14 / 25
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Re,

Regardez ici : https://forum.malekal.com/viewtopic.php?f=33&t=893 les dangers sont immenses.
0
Giny_2 Messages postés 33 Statut Membre 3
 
pour l'instant je n'ai po d'antivirus je vais po sur un site que je ne connais pas mais j'irai voir des que mon problème sera reglé
0
Réponse 15 / 25
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Re,

Bagle est une infection qui se propage par des cracks sur peer to peer (Emule etc).
0
Giny_2 Messages postés 33 Statut Membre 3
 
ha oki ben plus de souci je l'ai viré...
0
Réponse 16 / 25
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Re,

De Malekal_Morte
0
Réponse 17 / 25
Utilisateur anonyme
 
heu ca dérange personne si on continue normalement ?????

Gini_2

sinon rejette un coup d'oeil a la fin de ceci
0
giny_2
 
j'ai pas compris... je dois regarder quoi?? c'est encore pire qu'avant.. et mon compte sur comment ça marche ne veux plus s'ouvrir...
0
Réponse 18 / 25
Utilisateur anonyme
 
clique sur le mot "ceci" au dessus
0
giny_2
 
ça j'avais compris ça me mène au tutoriel... je l'ai déjà lu et j'ai fais tout comme ils disent!!!! ou c'est le truc au dessus qu'il faut que je prenne??? lol
0
Réponse 19 / 25
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Oui
0
Réponse 20 / 25
nihat42 Messages postés 307 Date d'inscription   Statut Membre Dernière intervention   42
 
Re,

Avira a sortie la v9 : http://dlce.antivir.com/package/wks_avira/win32/en/pecl/avira_antivir_personal_en.exe
Il intègre l'antispyware. Antivir v9 est seulement en anglais et allemand.
0

Discussions similaires

Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
arnaque de avast prelevement sans autorisation
petit -
Petittoune -

15 réponses
Arnaque installation Avast Premium security
Eldanield -
bazfile -

9 réponses