Infection par "antivirus xppro 2009"Résolu/Fermé

Question

Bonjour,

J'ai  l'impression d'avoir été infecté par "antivirus xppro 2009" 
Mon fond d'écran est devenu noir avec un message d'alerte.
Je possède Malwarebyte ou encore CC cleaner.
Quelqu'un peut t'il m'indiquer la démarche à suivre?

Merci d'avance.

crapoulou · Answer

Salut, Désactive l’UAC (User Account Control) le temps de la désinfection. Démarrer > Panneau de configuration > Comptes d’utilisateurs > Désactiver le contrôle des comptes d’utilisateur. (Manipulation inverse pour le remettre en fin de désinfection). (Cela va permettre aux outils de désinfection de travailler correctement). ********* - Télécharge HijackThis Version 2.02 : = = = = >>> En cliquant ici <<< = = = = - Enregistre HJTInstall.exe sur ton bureau. - Clique droit sur HJTInstall.exe puis sélectionne ‘Exécuter en tant qu’administrateur’ afin de lancer l’installation - Clique sur Install, ensuite sur ‘I Accept’ - Clique sur ‘Do a scan system and save log file’ - Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

rere92 · Answer

Merci pour ta réponse.
Voilà le fichier log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:13, on 17/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\NETGEAR GA511 Adapter\GA511.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coramail.net/r5.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1f2f2305-a639-4953-b76c-f38ed8e0a28b} - C:\WINDOWS\system32\winusime.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] D:\Nathaniel\Texte Word\CorelIOMonitor.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32
et.net"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [bowiwoguju] Rundll32.exe "C:\WINDOWS\system32\jodilose.dll",s
O4 - HKLM\..\Run: [CPM47c27b92] Rundll32.exe "c:\windows\system32
ojepake.dll",a
O4 - HKLM\..\Run: [44f1480e] rundll32.exe "C:\WINDOWS\system32\zupejaku.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32
et.net"
O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Nathaniel\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows	emp
tdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows	emp
tdll64.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32	ovebogi.dll c:\windows\system32
ojepake.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32
ojepake.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32
ojepake.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

crapoulou · Answer

- Mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes 
- Double-clique sur l’icône de malwarebytes  pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre. 
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse. 
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher. 
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller 

Si tu as besoin d’aide regarde ce tutorial ICI

rere92 · Answer

Re,

J'ai effectué les étapes.
A la fin de l'analyse de Malwarebytes, j'ai" supprimé la sélection". Il m'a répondu qu'il fallait redémarrer mon ordinateur pour certains fichier. Je l'ai fais. Je te copie le rapport:

Remarque: je n'ai plus le fond d'écran moche, ni les affichages dans la barre de lancement rapide.





Rapport log:


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2145
Windows 5.1.2600 Service Pack 3

17/05/2009 19:46:09
mbam-log-2009-05-17 (19-46-09).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 236580
Temps écoulé: 48 minute(s), 36 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 11
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 259

Processus mémoire infecté(s):
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\zupejaku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32	ovebogi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\winusime.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Temp
tdll64.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f2f2305-a639-4953-b76c-f38ed8e0a28b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f2f2305-a639-4953-b76c-f38ed8e0a28b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f2f2305-a639-4953-b76c-f38ed8e0a28b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b26caa68-6ebf-4a30-a0f0-0a0bfe3da5dd} (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
et (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44f1480e (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bowiwoguju (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm47c27b92 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
et (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
et (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32	ovebogi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32	ovebogi.dll  -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Nathaniel\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\ProgramData\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\ProgramData\RD Platinum v5.0\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\zupejaku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ukajepuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winusime.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32	ovebogi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Temp
tdll64.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32
et.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\7JCNN95S\Setup%20Registry%20Defender[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\TZU087UI\Setup%20Registry%20Defender[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\UQFUU0FA\lsp[2].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\UQFUU0FA\Setup%20Registry%20Defender[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\UQFUU0FA\Setup%20Registry%20Defender[2].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\UQFUU0FA\Setup%20Registry%20Defender[3].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\ZK540CSC\lsp[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Local Settings\Temporary Internet Files\Content.IE5\ZK540CSC\Setup%20Registry%20Defender[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Mes documents\ANTIVIRUS DEFENDER\Setup Registry Defender.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nathaniel\Local Settings\Temp\aewcmnsxor.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\Uninstall.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\Updater.exe (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
tdll64.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yeruduki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7IJCBYS9\lsp[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\userinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mousehook.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\Customer Support.url (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\INSTALL.LOG (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\install.sss (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe.manifest (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\User Guide.url (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-1.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-10.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-11.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-12.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-13.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-14.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-15.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-16.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-17.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-18.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-19.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-2.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-20.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-21.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-22.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-23.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-24.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-25.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-26.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-27.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-28.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-29.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-3.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-30.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-31.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-32.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-33.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-34.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-35.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-36.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-37.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-38.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-39.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-4.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-40.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-41.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-42.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-43.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-44.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-45.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-46.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-47.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-48.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-49.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-5.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-50.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-6.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-7.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-8.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\scanner-repair-9.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0epair-bar\Thumbs.db (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-0.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-1.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-10.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-100.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-11.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-12.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-13.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-14.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-15.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-16.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-17.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-18.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-19.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-2.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-20.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-21.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-22.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-23.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-24.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-25.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-26.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-27.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-28.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-29.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-3.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-30.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-31.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-32.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-33.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-34.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-35.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-36.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-37.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-38.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-39.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-4.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-40.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-41.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-42.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-43.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-44.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-45.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-46.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-47.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-48.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-49.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-5.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-50.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-51.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-52.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-53.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-54.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-55.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-56.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-57.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-58.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-59.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-6.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-60.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-61.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-62.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-63.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-64.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-65.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-66.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-67.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-68.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-69.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-7.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-70.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-71.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-72.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-73.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-74.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-75.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-76.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-77.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-78.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-79.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-8.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-80.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-81.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-82.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-83.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-84.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-85.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-86.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-87.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-88.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-89.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-9.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-90.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-91.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-92.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-93.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-94.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-95.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-96.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-97.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-98.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\scanner100-99.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100\Thumbs.db (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-0.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-1.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-10.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-11.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-12.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-13.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-14.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-15.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-16.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-17.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-18.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-19.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-2.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-20.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-21.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-22.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-23.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-24.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-25.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-26.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-27.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-28.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-29.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-3.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-30.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-31.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-32.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-33.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-34.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-35.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-36.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-37.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-38.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-39.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-4.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-40.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-41.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-42.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-43.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-44.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-45.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-46.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-47.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-48.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-49.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-5.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-50.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-51.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-52.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-53.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-54.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-55.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-56.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-57.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-58.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-59.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-6.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-60.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-61.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-62.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-63.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-64.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-65.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-7.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-8.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\scannerpulse-9.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse\Thumbs.db (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Isabelle\Bureau\Registry-Defender v5.lnk (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nathaniel\Bureau\Registry-Defender v5.lnk (Rogue.RegistryDefender5) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ak1.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afnoinkdsfe.dll (Trojan.Ertfor) -> Delete on reboot.

crapoulou · Answer

As-tu redémarré ton PC ?
Si non, Ne le redémarre pas !
Ne l'éteint pas non plus !
Attends mes instructions stp.

rere92 · Answer

Oui je l'avais remédarré quand malwarebyte me l'a proposé.

crapoulou · Answer

Ah ok, pas de souci au redémarrage ?? Télécharge Dr Web CureIt sur ton Bureau : = = = = =>>> En cliquant ici <<<= = = = = - Double clique sur "drweb-cureit.exe" et ensuite clique sur "Analyse". - Clique sur "Ok" à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton "Oui". Note : Une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant sur la croix. - Lorsque le scan rapide est terminé, clique sur le menu "Options puis "Changer la configuration" ; Choisis l'onglet "Scanner, et décoche "Analyse heuristique". Clique ensuite sur "Ok". - De retour à la fenêtre principale, clique pour activer sur "Analyse complète" - Clique le bouton avec flèche verte sur la droite, et le scan débutera. - Clique sur Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter". - Lorsque le scan sera complété, regarde si tu peux cliquer sur l'icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant>, au dessous, et choisis "Déplacer en quarantaine l'objet indésirable. - Dans le menu principal de l'outil, en haut à gauche, clique sur le menu "Fichier et choisis "Enregistrer le rapport. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv - Ferme Dr.Web Cureit. - Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage). - Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.

crapoulou · Answer

Oui, fais non pour le moment.

crapoulou · Answer

N'éteins pas ton PC !!!!
Télécharge ceci :
http://destrio5.free.fr/Telechargement_CCM/userinit.exe
Mets le dans C:\Windows\system32

Assure toi de bien faire cette manipulation sous peine de ne plus avoir accès à la session de ton PC ...!!!

crapoulou · Answer

ok. Est-ce qu'il t'a demandé de remplacer un autre fichier ?!
Bizarre cette histoire.
Ton PC est instable (grosse infection ! Sauvegarde tes données hyper importantes au cas où il y ait soucis comme les photos) : pas de crack ni de fichier exécutable !!!

Mets à jour Malwarebytes' Anti Malware.
Refais un scan complet avec et poste moi le rapport.

crapoulou · Answer

Oui oui, refais un scan complet comme demandé ici :
http://www.commentcamarche.net/forum/affich 12496686 infection par antivirus xppro 2009?#15
Remets le à jour avant.

crapoulou · Answer

En plus de virut, un joli rootkit, lol

"No action taken." => supprime ce qu'il a trouvé !
Après on passe à la suite.

crapoulou · Answer

Il faut suivre la procédure donnée ici :
http://www.commentcamarche.net/forum/affich 12496686 infection par antivirus xppro 2009?#3
Supprimer ce que l'outil a détecté. Là, il n'a rien supprimé.

crapoulou · Answer

Oui oui ;-).

crapoulou · Answer

Peux-tu m'envoyer le dernier rapport généré par MBAM (Malwarebytes') : onglet rapport/logs.

crapoulou · Answer

On va utiliser ComboFix (Avec l'accord de Lyonnais92).

Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

rere92 · Answer

Ah non, c'est bon j'ai trouvé.

crapoulou · Answer

Sorry :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

rere92 · Answer

Je pense que je continuerai mercredi parce que je suis tres en retard dans mon travail. Je ne me servirai pas de mon pc d'ici la.
En tout cas. Je te remercie deja pour la precieuse aide que tu m'a donné et je te posterai les resultats lorsque je continuerai

crapoulou · Answer

Ok, bosse bien.
Le lien est là ;-).
http://www.commentcamarche.net/forum/affich 12496686 infection par antivirus xppro 2009?#31
A+ tard.

rere92 · Answer

Bon finalement j'ai craqué et j'ai fait ce que tu ma demandé de faire
Voici le rapport:



ComboFix 09-05-17.08 - Nathaniel 18/05/2009 19:55.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1022.609 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nathaniel\Bureau\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Isabelle\new.txt
c:\documents and settings\Nathaniel\Local Settings\Temporary Internet Files\fbk.sts
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1003\INFO2
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc10.jpg
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc11.mp3
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc12.url
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc3\[u]0/u2\[u]0/u6\[u]0/u5\C3FF3B0B6917F9FD-33CE02721AC65562.itc
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc3\[u]0/u3\[u]0/u6\[u]0/u5\C3FF3B0B6917F9FD-33CE02721AC65563.itc
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc3\[u]0/u4\[u]0/u3\[u]0/u5\C3FF3B0B6917F9FD-33CE02721AC65534.itc
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc4.log
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc6.url
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc7.lnk
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc8.w3x
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dc9.w3x
c:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\INFO2
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1003\INFO2
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd1.htm
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd10.jpg
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd11.jpg
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd12.jpg
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd13.jpg
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd2.exe
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[cover] SpatzAttack - Project 5.jpg
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u1 - Do you feel funky.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u2 - Project 5.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u3 - Spring waltz.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u4 - Week-end in Bassorah.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u5 - Hildegarde.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u6 - Hypnotising.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u7 - Latin Cover.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u8 - Sesame ouvre-toi.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\[u]0/u9 - Le groove de decembre.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\10 - Acid-jazz.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\11 - Desire.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\12 - Dream on.mp3
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\License.txt
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd3\Readme - www.jamendo.com .txt
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd4.zip
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd5
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd7\setup.exe
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd8.htm
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\Dd9.jpg
d:\recycler\S-1-5-21-1482476501-1614895754-839522115-1006\INFO2
f:\$recycle.bin\$I0D9VCY
f:\$recycle.bin\$I0IC9F6
f:\$recycle.bin\$I4KP2QH.avi
f:\$recycle.bin\$IBPTRQ2
f:\$recycle.bin\$IDMH0T8

crapoulou · Answer

Ton rapport est incomplet ...

crapoulou · Answer

Ok, pas besoin de Smitfraudfix.

Installe Antivir d’Avira, préférable à Avast.
http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal
Configure selon la façon donnée sur cette vidéo :
https://www.youtube.com/watch?v=7tBiBl54EX8

Une fois cette configuration faite, on va changer quelque chose et c'est super important !!!

- Lance Antivir (Par "Tous les programmes" ou par double clic sur le parapluie rouge en bas à droite).
- Clique sue Configuration
- Déroule l'arborescence : 
Scanner > Recherche > Action en cas de résultat positif :
- Sélectionne automatique et Action principale => Ignorer (il risque de supprimer des fichiers légitimes sinon ; à cause de ton infection particulière).

De même que si une alerte s'affiche, sélectionne ignorer.

Mets ensuite l'antivirus à jour et fais un scan complet de ton PC en ignorant les alertes : le but est pour moi de localiser les infections (ce peut être des fichiers légitimes !)
Poste le rapport une fois terminé.

crapoulou · Answer

Lance Firefox.
Outils > Effacer mes traces.
Laisse la case "Cache" de cochée puis => Effacer mes traces maintenant.

Comment va le PC ?

rere92 · Answer

Ba écoutes, la il marche parfaitement, il est même plus rapide au demarrage qu'avant . Alors, tu pense que c'est fini?? Je suis pas sur mais il détectait des menaces lorsque je faisait mes scans

crapoulou · Answer

Ce qu'il détectait était dans la restauration du système, dans la quarantaine de DoctorWeb et l'outil Smitfraudfix.
Pas de soucis.

Refais un scan rapide de Malwarebytes Anti Malware stp.

rere92 · Answer

Ok. Faudra t'il que je supprime des anti-virus? Autre question: comment je fait pour réactiver Mcafee? l'icone montre qu'il est désacrivé et je ne peux pas cliquer sur "activer l'analyse lors de l'acces"

Voici le rapport de malwarebytes

Malwarebytes' Anti-Malware 1.36
Database version: 2147
Windows 5.1.2600 Service Pack 3

19/05/2009 21:27:11
mbam-log-2009-05-19 (21-27-00).txt

Scan type: Quick Scan
Objects scanned: 100697
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

crapoulou · Answer

"No action taken. " => Supprime ce qu'il trouve cette fois-ci.

rere92 · Answer

c'est fait. Voila, bon ba, si j'ai bien compris, mon probleme de virus est résolu alors? Je te remercie énormément pour ton aide précieuse qui m'a permis de résoudre mon problème. Derniere question: Faudra t'il que je supprime des anti-virus? Comment je fait pour réactiver Mcafee? l'icone montre qu'il est désactivé et je ne peux pas cliquer sur "activer l'analyse lors de l'acces"

crapoulou · Answer

Tu as Antivir.
Il faut supprimer Mac Afee (par l'ajout / suppression de programmes).
Poste un dernier rapport Hijackthis pour terminer proprement la désinfection.

rere92 · Answer

Voici le rapport Hijackthis. J'attend ta confirmation pour mettre cet article en "résolu". Merci encore!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:25, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NETGEAR GA511 Adapter\GA511.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coramail.net/r5.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

crapoulou · Answer

Relance Hijackthis.
Clic sur "Do a system scan only".
Coche ces lignes :
 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
 O4 - Global Startup: GA511 Smart Wizard Utility.lnk = ?  
 O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

Clic ensuite sur fix checked.

******

Piste un nouveau rapport hijackthjis ensuite (on finit bientôt :D)

crapoulou · Answer

Refais aussi un examen complet avec Malwarebytes Anti malware.
Supprime ce qu'il trouve et poste moi le rapport.

rere92 · Answer

Ca, c'est le rapport hijackthis. J'attend ton autorisation pour lancer le rapport Malwarebytes Anti malware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:40, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\NETGEAR GA511 Adapter\GA511.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coramail.net/r5.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

crapoulou · Answer

Ca, c'est le rapport hijackthis. J'attend ton autorisation pour lancer le rapport Malwarebytes Anti malware
Vas-y.

rere92 · Answer

Voici le rapport, je pense qu'il est assez bon :D. Néamoins, pendant l'analyse, avira se lancais quelquefois m'avertissant quil y avait une menace. Et je faisait "ignorer" ou"metre en quarantaine"

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2147
Windows 5.1.2600 Service Pack 3

24/05/2009 20:15:34
mbam-log-2009-05-24 (20-15-34).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 239407
Temps écoulé: 4 hour(s), 32 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

crapoulou · Answer

Le PC va mieux ?
On passe à la fin de désinfection ?

rere92 · Answer

Bonsoir,
Désolé pour le retard.
J'attends la suite des instructions.
Merci d'avance.

crapoulou · Answer

Relance Hijackthis. Clic sur "Do a system scan only". Coche cette ligne : O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe Clic ensuite sur fix checked. ******** Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques : Télécharge toolscleaner sur ton Bureau = = = =>>> En cliquant ici <<<= = = = * Double-clique sur ToolsCleaner2.exe et laisse le travailler * Clique sur Recherche et laisse le scan se terminer. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options facultatives. * Clique sur Quitter, pour que le rapport puisse se créer. * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse. ******* Tu peux garder Malwarebytes anti malware en tant qu’anti malware, il est très efficace. (Même s’il ne résout pas tous les problèmes, bien entendu … !) Par contre, il n’a pas de scan résident en mode gratuit ! Il faut donc pour l’utiliser le lancer, faire les mises à jour et faire un scan complet après. ******* * Télécharge Ccleaner Slim : = = = = >>> En cliquant ici <<< = = = = * Installe le. * Choisis l’onglet Nettoyeur Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui. Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant. * Choisis l’onglet Registre - Clique sur Chercher des erreurs - Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça) - Au message Voulez-vous sauvegarder les changements faits dans le registre, réponds Oui et enregistre le fichier au format « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue. - A la fenêtre qui s’ouvre ensuite, clique sur Corriger toutes les erreurs sélectionnées puis OK - Recommence jusqu’à ce qu’aucune erreur n’apparaisse (ou une seule récurrente). - Ferme Ccleaner. * Tutoriel en images ICI si besoin. Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-)

rere92 · Answer

Voici le rapport Toolcleaner

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Nathaniel\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Nathaniel\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Nathaniel\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Nathaniel\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Nathaniel\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Nathaniel\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

crapoulou · Answer

Supprime Toolscleaner et passe à la suite si ce n'est pas déjà fait.

rere92 · Answer

Je le trouve ni dans panneau de configuration ni dans C:/ program files
J'ai juste supprimé l'icone sur le bureau mais je ne pense pas que ce soit suffisant.

crapoulou · Answer

Oui c'est suffisant : ce n'est pas un logiciel installé mais juste un exécutable.

rere92 · Answer

D'accord. J'attend les nouvelles instructions alors.

crapoulou · Answer

Installe un pare feu car celui de Windows n’est pas suffisant. ZoneAlarm : = = = = >>> En cliquant ici <<< = = = = Un tutorial pour le configurer = = = = >>> En cliquant ici <<< = = = = A part ça, c'est bon.

rere92 · Answer

Je l'ai telechargé a partir de 01.net mais je ne sais absolument pas ou il se trouve car le telechargement s'est fait automatiquement et je n'ai pas eu a l'enregistrer. Je ne peut donc pas le lancer. J'ai effectué une recherche sur le pc mais il ne l'a pas trouvé. Sinon je peut aussi le telecharger a partir du site ou il y avait les instructions.

crapoulou · Answer

Si tu le trouve dans la liste des programmes, désinstalle le.
Dans le cas contraire, installe le depuis mon lien.

rere92 · Answer

D'accord. Je n'ai donc pas besoin d'activer le pare feu windows en fait?
En tout cas, merci pour l'aide que tu m'a apporté!!!!!

crapoulou · Answer

Si tu peux le laisser en complément ;-).
A ton service.

Infection par "antivirus xppro 2009"

49 réponses

Discussions similaires

Newsletters