Sujet Précédent Sujet Suivant

Virus , impossible d'ouvrir certain dossier

Fist -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonsoir,
Voilà en fait j'ai un gros problème quand je veux ouvrir mon disque dur ou mon lecteur mp3 via le poste de travail j'ai une alerte antivir qui me dit que j'ai le virus W32/Perlovga.A.1 ainsi qu'un message "windows ne trouve pas copy.exe verifier que vous avez entré le nom correctement"
Merci de m'aider
A++
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Recherche).

--> Laisse travailler l'outil.

--> Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
0
Réponse 2 / 22
Fist
 
############################## [ UsbFix V3.010 ]

# User : Nicolas (Administrateurs) # JONATHAN
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 23:25:44 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

#
#
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicolas\Bureau\wlsetup-custom.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
HKCU_Main: "Start Page"="https://www.orange.fr/portail"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Nicolas"
HKLM_logon: "AltDefaultUserName"="Nicolas"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM_Run: ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: BigDogPath=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Steam="c:\valve\steam\steam.exe" -silent
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Informations ]

# Contenu de l'autorun C:\autorun.inf
[autorun]
Shellexecute=copy.exe

# Contenu de l'autorun E:\autorun.inf
[autorun]
Shellexecute=copy.exe

# Contenu de l'autorun F:\autorun.inf
[autorun]
Shellexecute=copy.exe

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\autorun.inf
Found ! C:\autorun.inf
Found ! E:\autorun.inf
Found ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{2581f7d6-0f1d-11da-b311-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{4ea5e6de-778f-11da-b3de-0060b3b0b476}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{566c2410-0a51-11de-b87e-00123f714128}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e3791b74-78ad-11dc-b6e0-0060b3b0b476}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.010 ! ]
0
Réponse 3 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix présent sur ton Bureau.

--> Choisis l'option 2 (Suppression).

--> Ton Bureau disparaîtra et le PC redémarrera.

--> Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

--> Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
0
Réponse 4 / 22
Fist
 
############################## [ UsbFix V3.010 ]

# User : Nicolas (Administrateurs) # JONATHAN
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 16:28:05 | 22/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

#
#
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\autorun.inf
Deleted ! C:\autorun.inf
Deleted ! E:\autorun.inf
Deleted ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Nicolas"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM_Run: ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: BigDogPath=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Steam="c:\valve\steam\steam.exe" -silent
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{566c2410-0a51-11de-b87e-00123f714128}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\StubInstaller.exe
C:\boot.ini
E:\by xlned.com]
E:\pmp_usb.ini

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.010 ! ]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
--> Désinstalle UsbFix.

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 6 / 22
Fist
 
Bonjour,
Merci pour votre réponse, voici les deux rapports :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nicolas at 2009-04-23 14:05:35
WIN_XP Service Pack 3
System drive C: has 3 GB (4%) free of 73 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:57, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\Nicolas\Bureau\RSIT.exe
C:\Program Files\trend micro\Nicolas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
0
Réponse 7 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 8 / 22
Fist
 
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2032
Windows 5.1.2600 Service Pack 3

23/04/2009 19:25:13
mbam-log-2009-04-23 (19-25-13).txt

Type de recherche: Examen rapide
Eléments examinés: 76514
Temps écoulé: 4 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41070-b2b1-21d1-b5c1-0305f4055515} (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 9 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
cel90xbe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{566c2410-0a51-11de-b87e-00123f714128}]

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 10 / 22
Fist
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver cel90xbe deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{566c2410-0a51-11de-b87e-00123f714128}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\burnlib.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\dsp_sps.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_aacplus.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_lame.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_wav.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_wma.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_crasher.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_ff.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_hotkeys.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_ml.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_tray.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_cdda.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_dshow.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_linein.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_midi.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_mod.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_mp3.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_mp4.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_nsv.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_wm.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_autotag.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_bookmarks.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_dash.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_disc.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_history.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_local.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_nowplaying.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_online.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_orb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_playlists.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_plg.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_pmp.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_rg.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_transcode.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_wire.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\out_disk.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\out_ds.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\out_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_activesync.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_ipod.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_njb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_p4s.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_usb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\tagz.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\vis_milk.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\vis_nsfs.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\winamp.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\etilqs_Mdk3IqtFeiGeXrAjAIka scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DF2B99.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DF2E83.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DFAF6D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DFBEF3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\IU87H0UO\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\IU87H0UO\ADSAdClient31[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\1596 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_212040

Files moved on Reboot...
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\burnlib.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\dsp_sps.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_aacplus.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_flac.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_lame.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_vorbis.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_wav.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\enc_wma.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_crasher.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_ff.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_hotkeys.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_ml.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\gen_tray.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_cdda.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_dshow.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_flac.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_linein.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_midi.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_mod.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_mp3.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_mp4.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_nsv.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_vorbis.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_wave.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\in_wm.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_autotag.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_bookmarks.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_dash.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_disc.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_history.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_local.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_nowplaying.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_online.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_orb.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_playlists.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_plg.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_pmp.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_rg.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_transcode.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\ml_wire.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\out_disk.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\out_ds.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\out_wave.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_activesync.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_ipod.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_njb.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_p4s.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\pmp_usb.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\tagz.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\vis_milk.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\vis_nsfs.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZEBB5.tmp\winamp.lng moved successfully.
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\etilqs_Mdk3IqtFeiGeXrAjAIka not found!
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DF2B99.tmp not found!
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DF2E83.tmp not found!
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DFAF6D.tmp not found!
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\~DFBEF3.tmp not found!
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\IU87H0UO\01[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\IU87H0UO\ADSAdClient31[3].htm moved successfully.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\1596 not found!
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\XUL.mfl moved successfully.
0
Réponse 11 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Désinstalle les programmes suivants :
- Java 6 Update 5
- Java 6 Update 7

---> Mets à jour Java.

---> Mets à jour Adobe Reader.

---> Refais un scan RSIT et poste le rapport log.
0
Réponse 12 / 22
Fist
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nicolas at 2009-04-23 23:05:46
WIN_XP Service Pack 3
System drive C: has 3 GB (4%) free of 73 GB
Total RAM: 1022 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:06, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicolas\Bureau\RSIT.exe
C:\Program Files\trend micro\Nicolas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
0
Réponse 13 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
1/

---> Lance ce fichier : C:\Program Files\trend micro\Nicolas.exe

---> Choisis Do a system scan only.

---> Coche les cases qui sont devant les lignes suivantes :

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O18 - Filter hijack: text/html - (no CLSID) - (no file)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Ferme HijackThis.

2/

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_CLASSES_ROOT\Protocols\Filter\text/html]

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 14 / 22
Fist
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\Protocols\Filter\text/html\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\burnlib.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\dsp_sps.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_aacplus.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_lame.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_wav.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_wma.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_crasher.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_ff.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_hotkeys.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_ml.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_tray.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_cdda.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_dshow.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_linein.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_midi.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_mod.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_mp3.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_mp4.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_nsv.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_wm.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_autotag.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_bookmarks.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_dash.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_disc.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_history.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_local.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_nowplaying.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_online.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_orb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_playlists.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_plg.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_pmp.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_rg.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_transcode.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_wire.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\out_disk.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\out_ds.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\out_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_activesync.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_ipod.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_njb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_p4s.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_usb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\tagz.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\vis_milk.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\vis_nsfs.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\winamp.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nicolas\LOCALS~1\Temp\etilqs_yjYbmVX7JGAZUgvXZIaQ scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\220 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_520.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04242009_135059

Files moved on Reboot...
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\burnlib.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\dsp_sps.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_aacplus.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_flac.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_lame.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_vorbis.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_wav.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\enc_wma.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_crasher.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_ff.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_hotkeys.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_ml.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\gen_tray.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_cdda.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_dshow.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_flac.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_linein.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_midi.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_mod.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_mp3.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_mp4.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_nsv.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_vorbis.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_wave.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\in_wm.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_autotag.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_bookmarks.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_dash.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_disc.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_history.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_local.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_nowplaying.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_online.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_orb.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_playlists.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_plg.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_pmp.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_rg.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_transcode.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\ml_wire.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\out_disk.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\out_ds.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\out_wave.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_activesync.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_ipod.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_njb.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_p4s.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\pmp_usb.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\tagz.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\vis_milk.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\vis_nsfs.lng moved successfully.
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\WLZ5AC8.tmp\winamp.lng moved successfully.
File C:\DOCUME~1\Nicolas\LOCALS~1\Temp\etilqs_yjYbmVX7JGAZUgvXZIaQ not found!
File C:\WINDOWS\temp\hsperfdata_SYSTEM\220 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_520.dat not found!
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\grauiegu.default\XUL.mfl moved successfully.
0
Réponse 15 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Ton PC va bien ?

--> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

--> Dans Antivir, choisis Outils puis Configuration.

--> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

--> Fais un scan complet et poste le rapport.

Tutoriel sur Antivir
0
Réponse 16 / 22
Fist
 
Oui cava à part un message quand j'ouvre ma session ; j'ai un message windows " Windows ne trouve pas 'C:/WINDOWS/svchost.exe' vérifiez que vous avez entré le nom correctement et essayez à nouveau.Pour rechercher un fichier, cliquez sur le menu Démarrer, puis sur Rechercher. "
et un message du bureau " Impossible de charger ou d'éxécuter 'C:/WINDOWS/svchost.exe' spécifié dans le Registre. Vérifiez que le fichier existe sur votre ordinateur ou supprimez la référence dans le Registre. "
0
Réponse 17 / 22
Fist
 
Voici le rapport Antivir :

Avira AntiVir Personal
Report file date: samedi 25 avril 2009 18:16

Scanning for 1364969 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JONATHAN

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 28/11/2008 18:09:32
AVSCAN.DLL : 8.1.4.0 40705 Bytes 19/07/2008 17:32:56
LUKE.DLL : 8.1.4.5 164097 Bytes 19/07/2008 17:32:56
LUKERES.DLL : 8.1.4.0 12033 Bytes 19/07/2008 17:32:56
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:18:50
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:14:00
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 17:38:14
ANTIVIR3.VDF : 7.1.3.109 144896 Bytes 25/04/2009 16:15:15
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 18:07:15
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 23/04/2009 17:35:29
AESCN.DLL : 8.1.1.10 127348 Bytes 03/04/2009 17:18:08
AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 18:05:49
AEPACK.DLL : 8.1.3.14 397685 Bytes 17/04/2009 17:38:39
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:22:07
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 24/04/2009 17:35:08
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:21:57
AEGEN.DLL : 8.1.1.39 348532 Bytes 23/04/2009 17:35:08
AEEMU.DLL : 8.1.0.9 393588 Bytes 17/10/2008 17:20:07
AECORE.DLL : 8.1.6.9 176500 Bytes 17/04/2009 17:38:21
AEBB.DLL : 8.1.0.3 53618 Bytes 17/10/2008 17:20:03
AVWINLL.DLL : 1.0.0.12 15105 Bytes 19/07/2008 17:32:56
AVPREF.DLL : 8.0.2.0 38657 Bytes 19/07/2008 17:32:56
AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 17:34:38
AVREG.DLL : 8.0.0.1 33537 Bytes 19/07/2008 17:32:56
AVARKT.DLL : 1.0.0.23 307457 Bytes 25/04/2008 11:03:41
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 19/07/2008 17:32:56
SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/04/2008 11:03:42
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 19/07/2008 17:32:56
NETNT.DLL : 8.0.0.1 7937 Bytes 25/04/2008 11:03:42
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 19/07/2008 17:32:53
RCTEXT.DLL : 8.0.52.0 86273 Bytes 19/07/2008 17:32:53

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 25 avril 2009 18:16

Starting search for hidden objects.
'78770' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'DivXsm.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'winamp.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'VM_STI.EXE' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MioNet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MioNetManager.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Nicolas\Bureau\SSWv4.5\S S Wall v4.5.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Nicolas\Bureau\[cshacked.info] Super Simple Wall v4.7\SSWv4.7.dll
[DETECTION] Contains recognition pattern of the WORM/Agent.5120.1 worm
[WARNING] The file was ignored!
C:\Documents and Settings\Nicolas\Bureau\[cshacked.info] Super Simple Wall v4.7\SSWv4.7.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[WARNING] The file was ignored!

End of the scan: samedi 25 avril 2009 19:40
Used time: 1:23:53 Hour(s)

The scan has been done completely.

8325 Scanning directories
287696 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
287691 Files not concerned
8918 Archives were scanned
5 Warnings
0 Notes
78770 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 18 / 22
Fist
 
Svp aidez moi
merci
0
Réponse 19 / 22
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Refais un scan RSIT et poste le rapport log.
0
Réponse 20 / 22
Fist
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nicolas at 2009-04-27 17:34:19
WIN_XP Service Pack 3
System drive C: has 470 MB (1%) free of 73 GB
Total RAM: 1022 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:43, on 27/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Nicolas\Bureau\RSIT.exe
C:\Program Files\Trend Micro\Nicolas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1224144030-2122411731-1119918817-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
0