Bonjour, j'ai voulu retirer mon antivirus " antivir" personnal free edition avira avec le logiciel "revo uninstaller "pour en mettre un autre.( avg antivirus free ) mais finalement je voulais revenir a antivir mais je n'arrive plus à l'installer !! soit j'ai cette fenétre; " CCPLG.XML: unable to find file ( c:/programfiles/avira/antivir personnaledition classic/ccplg.xml " soit cette autre fenetre : "un produit de avira gmbh est déjà installé sur votre systéme,souhaitez vous desinstaller pour installer le nouveau ?............pour cela il faut redémarrer " j'ai pourtant tout retirer d'antivir ou avira avant de refaire l'installation , j'ai fait aussi un nettoyage du registre avec ccleaner mais pas moyen d'installer "antivir " !!! merci pour vos aides

Impossible de remettre antivivir free edition

Réponse 21 / 162

Utilisateur anonyme
3 juin 2009 à 19:04

ca a pas marché

Réponse 22 / 162

jorandall62
3 juin 2009 à 19:07

je fais la manoeuvre avec combo ??

Réponse 23 / 162

Utilisateur anonyme
3 juin 2009 à 19:07

oui

Réponse 24 / 162

jorandall62
3 juin 2009 à 19:35

ComboFix 09-06-01.03 - jorandall62 2009-06-03 19:19.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1187 [GMT 2:00]
Lancé depuis: c:\users\jorandall62\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\jorandall62\AppData\Roaming\Platrium
c:\users\jorandall62\AppData\Roaming\Platrium\Weather\Weather_XML\General
c:\users\jorandall62\AppData\Roaming\Platrium\Weather\WeatherStartup.xml
c:\users\jorandall62\AppData\Roaming\PlatriumWeather
c:\windows\161491561.dll
c:\windows\161491562.dll
c:\windows\161692561.dll
c:\windows\161692562.dll
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\mpg4c32.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-03 au 2009-06-03 ))))))))))))))))))))))))))))))))))))
.

2009-06-03 17:28 . 2009-06-03 17:28 -------- d-----w- c:\users\jorandall62\AppData\Local\temp
2009-06-03 17:28 . 2009-06-03 17:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-06-03 13:44 . 2009-06-03 14:36 -------- d-----w- C:\UsbFix
2009-06-03 13:10 . 2009-06-03 13:10 -------- d-----w- C:\rsit
2009-06-02 22:46 . 2009-06-02 23:32 -------- d-----w- c:\program files\RegCleaner
2009-05-29 13:55 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-05-29 13:50 . 2009-06-03 00:52 -------- d-----w- c:\program files\eRightSoft
2009-05-28 14:58 . 2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2009-05-28 14:58 . 2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2009-05-26 22:13 . 2009-05-28 10:53 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Software Informer
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Software Informer
2009-05-26 22:13 . 2009-05-28 10:59 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Free Download Manager
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Free Download Manager
2009-05-26 18:15 . 2009-05-28 10:48 -------- d-----w- c:\program files\VDOWNLOADER
2009-05-26 14:29 . 2009-05-26 14:37 -------- d-----w- C:\My Videos
2009-05-26 14:24 . 2009-05-26 14:24 -------- d-----w- c:\programdata\Apowersoft
2009-05-22 15:31 . 2009-05-22 15:31 -------- d-----w- c:\program files\Magicbit
2009-05-20 20:28 . 2009-05-20 21:19 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Broad Intelligence
2009-05-20 20:25 . 2009-05-21 18:17 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenCandy
2009-05-19 18:43 . 2009-05-19 18:43 -------- d-----w- C:\ConverterOutput
2009-05-19 18:42 . 2009-05-19 18:42 -------- d-----w- c:\program files\Cucusoft
2009-05-17 18:24 . 2009-06-03 00:52 -------- d-----w- c:\program files\Common Files\SNP2UVC
2009-05-17 18:24 . 2007-09-11 14:10 303104 ----a-w- c:\windows\system32\vsnp2uvc.dll
2009-05-17 18:24 . 2007-08-10 16:41 180224 ----a-w- c:\windows\system32\rsnp2uvc.dll
2009-05-17 18:24 . 2007-07-11 16:18 237568 ----a-w- c:\windows\tsnp2uvc.exe
2009-05-17 18:24 . 2007-07-11 13:31 569344 ----a-w- c:\windows\vsnp2uvc.exe
2009-05-17 18:24 . 2007-07-04 15:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2009-05-17 10:28 . 2009-05-17 10:40 -------- d-----w- c:\program files\PurFlirt
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w- c:\program files\Fritivi
2009-05-12 17:51 . 2009-05-15 09:25 -------- d-----w- c:\program files\PC
2009-05-07 14:55 . 2009-06-03 00:52 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-07 13:35 . 2009-05-07 13:35 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple Computer
2009-05-07 13:14 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple Computer
2009-05-07 13:13 . 2009-05-07 13:13 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\program files\Apple Software Update
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple
2009-05-07 11:51 . 2009-05-08 06:40 -------- d-----w- c:\program files\Reganam
2009-05-07 08:50 . 2009-05-07 09:34 -------- d-----w- c:\program files\Daniusoft
2009-05-06 16:44 . 2009-05-06 16:44 -------- d-----w- c:\program files\IVT Corporation

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 16:44 . 2009-04-03 18:04 117760 ----a-w- c:\users\jorandall62\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-03 15:20 . 2007-12-14 16:32 -------- d-----w- c:\programdata\WholeSecurity
2009-06-03 15:19 . 2007-12-15 21:45 -------- d-----w- c:\program files\Trend Micro
2009-06-03 00:59 . 2007-09-16 17:37 -------- d-----w- c:\programdata\Google Updater
2009-06-03 00:54 . 2007-01-02 15:47 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-02 19:26 . 2009-04-02 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-02 19:24 . 2007-12-12 22:39 -------- d-----w- c:\programdata\PC Tools
2009-06-01 11:50 . 2008-03-31 20:24 -------- d-----w- c:\users\jorandall62\AppData\Roaming\dvdcss
2009-05-29 20:37 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-29 20:37 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 11:45 . 2008-06-20 22:23 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 11:20 . 2008-12-31 15:28 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-06-20 22:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 16:35 . 2007-12-14 22:39 -------- d-----w- c:\program files\AVS4YOU
2009-05-19 10:20 . 2009-04-22 10:04 -------- d-----w- c:\programdata\Bluetooth
2009-05-12 14:20 . 2008-03-02 22:12 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Vso
2009-05-10 13:50 . 2009-04-02 01:47 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Azureus
2009-05-09 15:50 . 2008-12-03 22:07 -------- d-----w- c:\users\jorandall62\AppData\Roaming\ArcSoft
2009-05-07 14:54 . 2007-12-22 20:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-07 11:05 . 2009-04-11 22:44 -------- d-----w- c:\program files\SoftPepper Video Converter 2.0
2009-05-06 16:46 . 2009-04-22 20:57 836 ----a-w- c:\windows\bthservsdp.dat
2009-04-30 09:22 . 2009-04-30 09:22 -------- d-----w- c:\program files\Secret Maryo Chronicles
2009-04-27 16:57 . 2008-09-01 22:15 1 ----a-w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-27 16:57 . 2008-09-01 22:13 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2
2009-04-22 20:56 . 2009-04-22 20:34 -------- d-----w- c:\program files\Common Files\SmartCom
2009-04-22 20:55 . 2009-04-21 16:04 -------- d-----w- c:\program files\younan.info
2009-04-22 20:55 . 2008-04-22 17:08 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-04-22 20:35 . 2009-04-22 20:35 143 ----a-w- c:\users\jorandall62\AppData\Local\FSCache.dat
2009-04-22 20:33 . 2009-04-22 20:33 -------- d-----w- c:\program files\SmartCom
2009-04-21 15:57 . 2009-04-21 15:55 -------- d-----w- c:\program files\SMStoB
2009-04-21 15:45 . 2009-04-21 15:43 290816 ------w- c:\windows\Setup1.exe
2009-04-21 15:45 . 2009-04-21 15:43 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-04-21 11:34 . 2009-04-21 11:21 -------- d-----w- c:\program files\BarreMagique
2009-04-19 10:40 . 2009-04-19 10:40 5004 ----a-w- c:\users\jorandall62\nodes.dat
2009-04-18 09:33 . 2009-04-17 07:39 181 ----a-w- c:\users\jorandall62\AppData\Roaming\Azureus\restart.bat
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\program files\vghd
2009-04-13 18:38 . 2009-04-13 18:38 152904 ----a-w- c:\windows\system32\vghd.scr
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\users\jorandall62\AppData\Roaming\vghd
2009-04-12 12:31 . 2008-01-03 23:16 -------- d-----w- c:\users\jorandall62\AppData\Roaming\XnView
2009-04-10 22:51 . 2009-04-10 22:51 -------- d-----w- c:\programdata\Soulseek
2009-04-10 21:36 . 2009-04-01 23:28 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Shareaza
2009-04-07 15:55 . 2008-12-27 11:37 86576 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-07 15:55 . 2008-12-27 11:37 132672 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-07 15:55 . 2008-12-27 11:37 392728 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-07 11:29 . 2007-09-20 13:04 680 ----a-w- c:\users\jorandall62\AppData\Local\d3d9caps.dat
2009-04-07 11:07 . 2009-04-07 11:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-06 14:06 . 2009-04-06 14:06 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-04-06 10:25 . 2008-08-18 14:02 -------- d-----w- c:\programdata\NOS
2009-04-05 10:28 . 2008-12-03 22:05 -------- d-----w- c:\programdata\ArcSoft
2009-03-17 03:38 . 2009-04-15 10:34 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:34 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-13 16:06 . 2009-03-13 16:03 53248 ----a-w- c:\windows\PSEXESVC.EXE
2009-03-09 03:19 . 2008-12-27 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 16:42 . 2009-03-08 16:42 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2005-05-18 11:27 . 2008-08-01 13:55 1564 ----a-w- c:\program files\Readme.txt
2008-08-03 20:34 . 2008-08-03 20:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-16 07:06 . 2007-09-16 17:38 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 07:06 . 2007-09-16 17:38 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 07:06 . 2007-09-16 17:38 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 07:06 . 2007-09-16 17:38 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 07:07 . 2007-09-16 17:38 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-05-28 14:58 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-05-29 13:55 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-05-28 14:58 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-27 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-07 413696]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 0
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0CEABE2-9804-4FD3-9DA5-56CD7BB65874}"= Disabled:UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{56D49FDB-819E-47C1-A527-98BA0606717F}"= Disabled:TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"TCP Query User{3CCE7B96-E0DE-4AF5-A832-6DEA6555977F}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{68B54872-872B-45E7-AFD2-99643E4B5202}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{E966C56B-2CE0-4B56-9659-1DD541843AEE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{21492215-4B7A-43A9-8657-72A138524CEA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{99A3AD36-B1EF-410C-B50C-B2DCE7E6679A}"= Disabled:UDP:6346:shareaza
"{EF2A56C3-8835-4F56-A9CA-4F186798B5B6}"= Disabled:TCP:6346:shareaza
"TCP Query User{766C9D47-BD9A-4622-B596-B425DDE6D00C}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{60AD0065-D2A9-4BA4-879D-2213F97F935D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{F4FE2058-5F71-4FD0-B8EA-0646BF2BE33B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2C4AE294-C12D-4F59-9E3F-5CA527C987B9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{48A787A1-B89B-4044-875A-C6021447B114}"= Disabled:UDP:c:\program files\Omemo\Omemo.exe:Omemo
"{4D0CE41B-53A5-4582-BA24-2C299D1255F3}"= Disabled:TCP:c:\program files\Omemo\Omemo.exe:Omemo
"TCP Query User{AEAD9F9A-0649-48C3-BD08-0EB04AFC9161}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E6E38BB7-775F-48F3-B3A0-7291A06D8C40}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"6850a7ed-18ea-4859-be34-3f018205ea2b"= UDP:45550:emuletcp2
"85afbcb4-58f1-4d9c-9868-fa960b8691b8"= TCP:45560:emuleudp2
"{01F006D0-AED2-4987-8F0E-C11AA11DB7C2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C9AC9B0F-2F9C-45D4-8D22-55424321C18D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7AEEFB85-936E-45B6-BA2B-4F455A382926}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C4D61FD9-AF4E-4515-9913-99B4948365AD}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2008-07-29 20632]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2008-07-29 56984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2008-07-29 230912]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-01-03 13976]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-09 1136600]
S3 EC168BDA;EC168BDA service;c:\windows\System32\drivers\EC168BDA.sys [2007-09-11 87296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-28 1527900]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-04-09 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-04-06 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-09-16 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\System32\VNICPKT5.sys [2008-07-29 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-16 16:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
SafeBoot-procexp90.Sys
SafeBoot-svcWRSSSDK

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {512AC375-977B-4769-997F-290DCF6E5904} = 89.2.0.1,89.2.0.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 19:28
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP0000005A44811A8B8826137B 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7AC858C-5DFC-36D6-1766-51AAB3C5BA2A}*]
"bbdknjbpjbcngmlipcndijdnipfcindmejpf"=hex:61,61,00,00
"abdknjbpjbcngmlipcielknkeopfdompbo"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-06-03 19:30
ComboFix-quarantined-files.txt 2009-06-03 17:30
ComboFix2.txt 2009-03-14 23:44
ComboFix3.txt 2009-03-13 16:06
ComboFix4.txt 2009-03-09 16:18
ComboFix5.txt 2009-06-03 17:18

Avant-CF: 2,417,508,352 octets libres
Après-CF: 2,406,318,080 octets libres

302 --- E O F --- 2009-06-03 01:04

Réponse 25 / 162

Utilisateur anonyme
3 juin 2009 à 20:09

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\Windows\system32\DRIVERS\EC168BDA.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Réponse 26 / 162

jorandall62
3 juin 2009 à 20:30

Fichier EC168BDA.sys reçu le 2009.06.03 18:26:27 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.03 -
AhnLab-V3 5.0.0.2 2009.06.03 -
AntiVir 7.9.0.180 2009.06.03 -
Antiy-AVL 2.0.3.1 2009.06.03 -
Authentium 5.1.2.4 2009.06.03 -
Avast 4.8.1335.0 2009.06.03 -
AVG 8.5.0.339 2009.06.03 -
BitDefender 7.2 2009.06.03 -
CAT-QuickHeal 10.00 2009.06.03 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1248 2009.06.03 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.03 -
eTrust-Vet 31.6.6537 2009.06.03 -
F-Prot 4.4.4.56 2009.06.03 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 -
Ikarus T3.1.1.59.0 2009.06.03 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5635 2009.06.03 -
McAfee+Artemis 5635 2009.06.03 -
McAfee-GW-Edition 6.7.6 2009.06.03 -
Microsoft 1.4701 2009.06.03 -
NOD32 4128 2009.06.03 -
Norman 6.01.09 2009.06.03 -
nProtect 2009.1.8.0 2009.06.03 -
Panda 10.0.0.14 2009.06.03 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.24.00 2009.06.03 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.03 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.338 2009.06.03 -
TrendMicro 8.950.0.1092 2009.06.03 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.3.1767 2009.06.03 -

Information additionnelle
File size: 87296 bytes
MD5...: 53660d1a4068109c9c1fb97ce83bee35
SHA1..: ffdd3c64a1e937cf65b668732ce3009f628fd9f9
SHA256: f36fa8e969945401c025dda459c8fa1ed5623afd37bd4a3bc994356528ca7d76
ssdeep: - 
PEiD..: -
TrID..: File type identification Win32 Executable Generic (51.1%) Win16/32 Executable Delphi generic (12.4%) Clipper DOS Executable (12.1%) Generic Win/DOS Executable (12.0%) DOS Executable Generic (12.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x14085 timedatestamp.....: 0x46db8fd8 (Mon Sep 03 04:38:48 2007) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x480 0xa69c 0xa700 6.60 53e3f0eab93e38b90a29a9af46d646db .rdata 0xab80 0x3976 0x3980 2.76 fbf9205fcafd325d5374915e87fa02eb .data 0xe500 0x58a0 0x5900 3.10 e8140b02ff491b588e01ad50d4093586 PAGE 0x13e00 0x251 0x280 5.19 24ed5522794b4dd59b89ced6190270e8 INIT 0x14080 0x78c 0x800 5.14 572acd5b988c714de2c15f30749e060a .rsrc 0x14880 0x340 0x380 3.11 9c3614b2a10c0f18b620a4db64d1ebb3 .reloc 0x14c00 0x8e6 0x900 5.89 b014858f707da4d1e7c20f8ffa277fe8 ( 5 imports ) > NTOSKRNL.EXE: ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, KeInitializeSpinLock, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, KeWaitForSingleObject, KeQuerySystemTime, KeInitializeEvent, KeSetEvent, InterlockedIncrement, KefReleaseSpinLockFromDpcLevel, InterlockedCompareExchange, IoCancelIrp, IoIsWdmVersionAvailable, PsTerminateSystemThread, IoFreeIrp, InterlockedDecrement, IofCallDriver, KeClearEvent, PsCreateSystemThread, IoAllocateIrp, ExAllocatePoolWithTag, KeDelayExecutionThread, KeTickCount, KeBugCheckEx, RtlInitUnicodeString, ZwCreateFile, ZwReadFile, ZwClose, InterlockedExchange, ExFreePool, KefAcquireSpinLockAtDpcLevel > HAL.DLL: KeGetCurrentIrql, KeStallExecutionProcessor, KfAcquireSpinLock, KfReleaseSpinLock > ks.sys: KsStreamPointerDelete, KsStreamPointerGetNextClone, KsPinGetFirstCloneStreamPointer, KsPinGetReferenceClockInterface, KsGetFilterFromIrp, KsPinGetParentFilter, KsPinAttemptProcessing, KsStreamPointerAdvanceOffsets, KsStreamPointerUnlock, KsGetDevice, KsCreateFilterFactory, KsFilterFactoryUpdateCacheData, KsAddItemToObjectBag, KsInitializeDriver, KsPinGetLeadingEdgeStreamPointer, KsStreamPointerClone > BdaSup.SYS: BdaCreateFilterFactoryEx, BdaInitFilter, BdaStartChanges, BdaCheckChanges, BdaGetChangeState, BdaFilterFactoryUpdateCacheData > USBD.SYS: USBD_ParseConfigurationDescriptorEx, USBD_CreateConfigurationRequestEx ( 0 exports ) 
PDFiD.: -
RDS...: NSRL Reference Data Set -
packers (Kaspersky): PE_Patch

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.06.03 -
AhnLab-V3 5.0.0.2 2009.06.03 -
AntiVir 7.9.0.180 2009.06.03 -
Antiy-AVL 2.0.3.1 2009.06.03 -
Authentium 5.1.2.4 2009.06.03 -
Avast 4.8.1335.0 2009.06.03 -
AVG 8.5.0.339 2009.06.03 -
BitDefender 7.2 2009.06.03 -
CAT-QuickHeal 10.00 2009.06.03 -
ClamAV 0.94.1 2009.06.03 -
Comodo 1248 2009.06.03 -
DrWeb 5.0.0.12182 2009.06.03 -
eSafe 7.0.17.0 2009.06.03 -
eTrust-Vet 31.6.6537 2009.06.03 -
F-Prot 4.4.4.56 2009.06.03 -
F-Secure 8.0.14470.0 2009.06.03 -
Fortinet 3.117.0.0 2009.06.03 -
GData 19 2009.06.03 -
Ikarus T3.1.1.59.0 2009.06.03 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.03 -
McAfee 5635 2009.06.03 -
McAfee+Artemis 5635 2009.06.03 -
McAfee-GW-Edition 6.7.6 2009.06.03 -
Microsoft 1.4701 2009.06.03 -
NOD32 4128 2009.06.03 -
Norman 6.01.09 2009.06.03 -
nProtect 2009.1.8.0 2009.06.03 -
Panda 10.0.0.14 2009.06.03 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.03 -
Rising 21.32.24.00 2009.06.03 -
Sophos 4.42.0 2009.06.03 -
Sunbelt 3.2.1858.2 2009.06.03 -
Symantec 1.4.4.12 2009.06.03 -
TheHacker 6.3.4.3.338 2009.06.03 -
TrendMicro 8.950.0.1092 2009.06.03 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.3.1767 2009.06.03 -

Information additionnelle
File size: 87296 bytes
MD5...: 53660d1a4068109c9c1fb97ce83bee35
SHA1..: ffdd3c64a1e937cf65b668732ce3009f628fd9f9
SHA256: f36fa8e969945401c025dda459c8fa1ed5623afd37bd4a3bc994356528ca7d76
ssdeep: - 
PEiD..: -
TrID..: File type identification Win32 Executable Generic (51.1%) Win16/32 Executable Delphi generic (12.4%) Clipper DOS Executable (12.1%) Generic Win/DOS Executable (12.0%) DOS Executable Generic (12.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x14085 timedatestamp.....: 0x46db8fd8 (Mon Sep 03 04:38:48 2007) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x480 0xa69c 0xa700 6.60 53e3f0eab93e38b90a29a9af46d646db .rdata 0xab80 0x3976 0x3980 2.76 fbf9205fcafd325d5374915e87fa02eb .data 0xe500 0x58a0 0x5900 3.10 e8140b02ff491b588e01ad50d4093586 PAGE 0x13e00 0x251 0x280 5.19 24ed5522794b4dd59b89ced6190270e8 INIT 0x14080 0x78c 0x800 5.14 572acd5b988c714de2c15f30749e060a .rsrc 0x14880 0x340 0x380 3.11 9c3614b2a10c0f18b620a4db64d1ebb3 .reloc 0x14c00 0x8e6 0x900 5.89 b014858f707da4d1e7c20f8ffa277fe8 ( 5 imports ) > NTOSKRNL.EXE: ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, KeInitializeSpinLock, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, KeWaitForSingleObject, KeQuerySystemTime, KeInitializeEvent, KeSetEvent, InterlockedIncrement, KefReleaseSpinLockFromDpcLevel, InterlockedCompareExchange, IoCancelIrp, IoIsWdmVersionAvailable, PsTerminateSystemThread, IoFreeIrp, InterlockedDecrement, IofCallDriver, KeClearEvent, PsCreateSystemThread, IoAllocateIrp, ExAllocatePoolWithTag, KeDelayExecutionThread, KeTickCount, KeBugCheckEx, RtlInitUnicodeString, ZwCreateFile, ZwReadFile, ZwClose, InterlockedExchange, ExFreePool, KefAcquireSpinLockAtDpcLevel > HAL.DLL: KeGetCurrentIrql, KeStallExecutionProcessor, KfAcquireSpinLock, KfReleaseSpinLock > ks.sys: KsStreamPointerDelete, KsStreamPointerGetNextClone, KsPinGetFirstCloneStreamPointer, KsPinGetReferenceClockInterface, KsGetFilterFromIrp, KsPinGetParentFilter, KsPinAttemptProcessing, KsStreamPointerAdvanceOffsets, KsStreamPointerUnlock, KsGetDevice, KsCreateFilterFactory, KsFilterFactoryUpdateCacheData, KsAddItemToObjectBag, KsInitializeDriver, KsPinGetLeadingEdgeStreamPointer, KsStreamPointerClone > BdaSup.SYS: BdaCreateFilterFactoryEx, BdaInitFilter, BdaStartChanges, BdaCheckChanges, BdaGetChangeState, BdaFilterFactoryUpdateCacheData > USBD.SYS: USBD_ParseConfigurationDescriptorEx, USBD_CreateConfigurationRequestEx ( 0 exports ) 
PDFiD.: -
RDS...: NSRL Reference Data Set -
packers (Kaspersky): PE_Patch

Réponse 27 / 162

Utilisateur anonyme
3 juin 2009 à 21:43

ok reessaie OTM maintenant

Réponse 28 / 162

jorandall62
3 juin 2009 à 22:24

je pense que OTM a fonctionné mais ensuite aprés le redémarrage du pc je ne pouvais plus me connecté a internet

j'ai d'abord débranché mon modem routeur mais toujours pas de connection !! alors je suis allé dans le centre de réseau et j'ai choisi de cocher "obtenir une adresse ip automatiquement"
ensuite j'ai pu me connecter à internet ! la preuve je suis là lol
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder c:\Program Files\Avira not found.
File/Folder c:\ProgramData\Avira not found.
File/Folder c:\Users\All Users\Avira not found.
File/Folder c:\Users\jorandall62\AppData\Local\VirtualStore\Program Files\Avira not found.
========== REGISTRY ==========
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Avira\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{305CA226-D286-468e-B848-2B2E8E697B74}\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\www\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\www\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\www\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\www\\ .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\avgnt not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\X-AVCSD\Workstation\AntiVir PersonalEdition Classic\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirScheduler\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntiVirService\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgntflt\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avira AntiVir\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\avgntflt\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssmdrv\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirScheduler\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avgntflt\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avipbb\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Avira AntiVir\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\avgntflt\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ssmdrv\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntiVirScheduler\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avipbb\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira AntiVir\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntflt\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssmdrv\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\www\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\www\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\www\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\\ .
Unable to delete registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\www\\ .
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Avira\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Avira\AntiVir PersonalEdition Classic\SeenMessages\\ not found.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\www\\ not found.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\www\\ not found.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\www\\ not found.
Registry key HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\\ deleted successfully.
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de\www\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de\www\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de\www\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\\ .
Unable to delete registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de\www\\ .
========== COMMANDS ==========
File delete failed. C:\Users\JORAND~1\AppData\Local\Temp\ppcrlui_5124_2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.0 log created on 06032009_214915

Réponse 29 / 162

jorandall62
3 juin 2009 à 22:37

j'ai fait une bétise !!
j'ai cliqué sur "arréter l'envoi des mails concernant cette discussion " !!!!!!
j'espère que j'aurai la suite de tes conseils !!!!
c tout moi ça ! lol

Réponse 30 / 162

Utilisateur anonyme
3 juin 2009 à 22:48

bon y a un truc qui bloque l'accès....

tu es bien propritaire du pc ?
la seule session est la tienne ?
tu es en administrateur ou compte invité ?

inscris toi sur le site ca te permettra de mieux suivre la conversation dans tes interventions :)

Réponse 31 / 162

jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
3 juin 2009 à 23:14

tu es bien propritaire du pc ? oui l'ordinateur est bien le mien
la seule session est la tienne ? oui
tu es en administrateur ou compte invité ? en "administrateur
je suis sur 2 réseaux ;
réseau 4 prvé (local et internet par ma carte fast ethernet
réseau non identifié public ( coectivité limitée ) par ma clée usb bluetooth

Réponse 32 / 162

Utilisateur anonyme
3 juin 2009 à 23:29

supprime :

c:\Qoobox
Combofix.exe de ton bureau

retelecharge-le , renomme-le a l enregistrement sur ton bureau , puis relance-le

Réponse 33 / 162

jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
3 juin 2009 à 23:31

bon je te remerçi mais là je vais me coucher
a bientot pour la suite de tes sympathiques conseils
en espérant trouver la solution pour remettre ce sacré "antivir avira " ! lol
bonne nuit à demain

Réponse 34 / 162

Utilisateur anonyme
4 juin 2009 à 00:00

ok à te lire.....

Réponse 35 / 162

jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 11:32

bon me revoilà
aprés le démarrage de mon pc encore une fois impossible de me connecter à internet !
"impossible de communiquer avec serveur DNS principal 89.2.0.1 "
mon modem netgear cvg 834g de numéricable s'est mi en mode wifi alors que j'en veux pas, j'ai du aller dans l'interface de mon modem pour le désactiver !
je ne sais pas si ce problème est du a numéricable ou au nettoyage de hier ?!!
pour combofix j'ai pu désactivé le pare feu windows mais pas mon "superantispyware free edition " car je sais pas comment faire
voici le rapport de combofix
a bientot bon appétit et merci encore de ton aide

ComboFix 09-06-03.04 - jorandall62 2009-06-04 11:12.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1137 [GMT 2:00]
Lancé depuis: c:\users\jorandall62\Desktop\ComboFix2.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-04 au 2009-06-04 ))))))))))))))))))))))))))))))))))))
.

2009-06-04 09:19 . 2009-06-04 09:19 -------- d-----w- c:\users\jorandall62\AppData\Local\temp
2009-06-04 09:19 . 2009-06-04 09:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-06-03 19:49 . 2009-06-03 19:49 -------- d-----w- C:\_OTM
2009-06-03 17:17 . 2009-06-03 17:30 -------- d-s---w- C:\ComboFix
2009-06-03 13:44 . 2009-06-03 14:36 -------- d-----w- C:\UsbFix
2009-06-03 13:10 . 2009-06-03 13:10 -------- d-----w- C:\rsit
2009-06-02 22:46 . 2009-06-02 23:32 -------- d-----w- c:\program files\RegCleaner
2009-05-29 13:55 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-05-29 13:50 . 2009-06-03 00:52 -------- d-----w- c:\program files\eRightSoft
2009-05-28 14:58 . 2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2009-05-28 14:58 . 2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2009-05-26 22:13 . 2009-05-28 10:53 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Software Informer
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Software Informer
2009-05-26 22:13 . 2009-05-28 10:59 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Free Download Manager
2009-05-26 22:13 . 2009-05-28 10:48 -------- d-----w- c:\program files\Free Download Manager
2009-05-26 18:15 . 2009-05-28 10:48 -------- d-----w- c:\program files\VDOWNLOADER
2009-05-26 14:29 . 2009-05-26 14:37 -------- d-----w- C:\My Videos
2009-05-26 14:24 . 2009-05-26 14:24 -------- d-----w- c:\programdata\Apowersoft
2009-05-22 15:31 . 2009-05-22 15:31 -------- d-----w- c:\program files\Magicbit
2009-05-20 20:28 . 2009-05-20 21:19 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Broad Intelligence
2009-05-20 20:25 . 2009-05-21 18:17 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenCandy
2009-05-19 18:43 . 2009-05-19 18:43 -------- d-----w- C:\ConverterOutput
2009-05-19 18:42 . 2009-05-19 18:42 -------- d-----w- c:\program files\Cucusoft
2009-05-17 18:24 . 2009-06-03 00:52 -------- d-----w- c:\program files\Common Files\SNP2UVC
2009-05-17 18:24 . 2007-09-11 14:10 303104 ----a-w- c:\windows\system32\vsnp2uvc.dll
2009-05-17 18:24 . 2007-08-10 16:41 180224 ----a-w- c:\windows\system32\rsnp2uvc.dll
2009-05-17 18:24 . 2007-07-11 16:18 237568 ----a-w- c:\windows\tsnp2uvc.exe
2009-05-17 18:24 . 2007-07-11 13:31 569344 ----a-w- c:\windows\vsnp2uvc.exe
2009-05-17 18:24 . 2007-07-04 15:28 176128 ----a-w- c:\windows\system32\csnp2uvc.dll
2009-05-17 10:28 . 2009-05-17 10:40 -------- d-----w- c:\program files\PurFlirt
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w- c:\program files\Fritivi
2009-05-12 17:51 . 2009-05-15 09:25 -------- d-----w- c:\program files\PC
2009-05-07 14:55 . 2009-06-03 00:52 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-07 13:35 . 2009-05-07 13:35 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple Computer
2009-05-07 13:14 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple Computer
2009-05-07 13:13 . 2009-05-07 13:13 -------- d-----w- c:\users\jorandall62\AppData\Local\Apple
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\program files\Apple Software Update
2009-05-07 13:13 . 2009-06-03 00:52 -------- d-----w- c:\programdata\Apple
2009-05-07 11:51 . 2009-05-08 06:40 -------- d-----w- c:\program files\Reganam
2009-05-07 08:50 . 2009-05-07 09:34 -------- d-----w- c:\program files\Daniusoft
2009-05-06 16:44 . 2009-05-06 16:44 -------- d-----w- c:\program files\IVT Corporation

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 08:37 . 2009-04-03 18:04 117760 ----a-w- c:\users\jorandall62\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-03 15:20 . 2007-12-14 16:32 -------- d-----w- c:\programdata\WholeSecurity
2009-06-03 15:19 . 2007-12-15 21:45 -------- d-----w- c:\program files\Trend Micro
2009-06-03 00:59 . 2007-09-16 17:37 -------- d-----w- c:\programdata\Google Updater
2009-06-03 00:54 . 2007-01-02 15:47 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-02 19:26 . 2009-04-02 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-02 19:24 . 2007-12-12 22:39 -------- d-----w- c:\programdata\PC Tools
2009-06-01 11:50 . 2008-03-31 20:24 -------- d-----w- c:\users\jorandall62\AppData\Roaming\dvdcss
2009-05-29 20:37 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-29 20:37 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 11:45 . 2008-06-20 22:23 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 11:20 . 2008-12-31 15:28 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-06-20 22:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 16:35 . 2007-12-14 22:39 -------- d-----w- c:\program files\AVS4YOU
2009-05-19 10:20 . 2009-04-22 10:04 -------- d-----w- c:\programdata\Bluetooth
2009-05-12 14:20 . 2008-03-02 22:12 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Vso
2009-05-10 13:50 . 2009-04-02 01:47 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Azureus
2009-05-09 15:50 . 2008-12-03 22:07 -------- d-----w- c:\users\jorandall62\AppData\Roaming\ArcSoft
2009-05-07 14:54 . 2007-12-22 20:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-07 11:05 . 2009-04-11 22:44 -------- d-----w- c:\program files\SoftPepper Video Converter 2.0
2009-05-06 16:46 . 2009-04-22 20:57 836 ----a-w- c:\windows\bthservsdp.dat
2009-04-30 09:22 . 2009-04-30 09:22 -------- d-----w- c:\program files\Secret Maryo Chronicles
2009-04-27 16:57 . 2008-09-01 22:15 1 ----a-w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-27 16:57 . 2008-09-01 22:13 -------- d-----w- c:\users\jorandall62\AppData\Roaming\OpenOffice.org2
2009-04-22 20:56 . 2009-04-22 20:34 -------- d-----w- c:\program files\Common Files\SmartCom
2009-04-22 20:55 . 2009-04-21 16:04 -------- d-----w- c:\program files\younan.info
2009-04-22 20:55 . 2008-04-22 17:08 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-04-22 20:35 . 2009-04-22 20:35 143 ----a-w- c:\users\jorandall62\AppData\Local\FSCache.dat
2009-04-22 20:33 . 2009-04-22 20:33 -------- d-----w- c:\program files\SmartCom
2009-04-21 15:57 . 2009-04-21 15:55 -------- d-----w- c:\program files\SMStoB
2009-04-21 15:45 . 2009-04-21 15:43 290816 ------w- c:\windows\Setup1.exe
2009-04-21 15:45 . 2009-04-21 15:43 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-04-21 11:34 . 2009-04-21 11:21 -------- d-----w- c:\program files\BarreMagique
2009-04-19 10:40 . 2009-04-19 10:40 5004 ----a-w- c:\users\jorandall62\nodes.dat
2009-04-18 09:33 . 2009-04-17 07:39 181 ----a-w- c:\users\jorandall62\AppData\Roaming\Azureus\restart.bat
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\program files\vghd
2009-04-13 18:38 . 2009-04-13 18:38 152904 ----a-w- c:\windows\system32\vghd.scr
2009-04-13 18:38 . 2009-04-13 18:38 -------- d-----w- c:\users\jorandall62\AppData\Roaming\vghd
2009-04-12 12:31 . 2008-01-03 23:16 -------- d-----w- c:\users\jorandall62\AppData\Roaming\XnView
2009-04-10 22:51 . 2009-04-10 22:51 -------- d-----w- c:\programdata\Soulseek
2009-04-10 21:36 . 2009-04-01 23:28 -------- d-----w- c:\users\jorandall62\AppData\Roaming\Shareaza
2009-04-07 15:55 . 2008-12-27 11:37 86576 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-07 15:55 . 2008-12-27 11:37 132672 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-07 15:55 . 2008-12-27 11:37 392728 ----a-w- c:\users\jorandall62\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-07 11:29 . 2007-09-20 13:04 680 ----a-w- c:\users\jorandall62\AppData\Local\d3d9caps.dat
2009-04-07 11:07 . 2009-04-07 11:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-04-06 14:06 . 2009-04-06 14:06 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-04-06 10:25 . 2008-08-18 14:02 -------- d-----w- c:\programdata\NOS
2009-04-05 10:28 . 2008-12-03 22:05 -------- d-----w- c:\programdata\ArcSoft
2009-03-17 03:38 . 2009-04-15 10:34 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:34 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-27 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 16:42 . 2009-03-08 16:42 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2005-05-18 11:27 . 2008-08-01 13:55 1564 ----a-w- c:\program files\Readme.txt
2008-08-03 20:34 . 2008-08-03 20:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-16 07:06 . 2007-09-16 17:38 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 07:06 . 2007-09-16 17:38 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 07:06 . 2007-09-16 17:38 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 07:06 . 2007-09-16 17:38 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 07:07 . 2007-09-16 17:38 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 . 2009-05-28 14:58 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-05-29 13:55 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-05-28 14:58 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-27 1830128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-07 413696]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-07-11 237568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 0
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0CEABE2-9804-4FD3-9DA5-56CD7BB65874}"= Disabled:UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{56D49FDB-819E-47C1-A527-98BA0606717F}"= Disabled:TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"TCP Query User{3CCE7B96-E0DE-4AF5-A832-6DEA6555977F}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{68B54872-872B-45E7-AFD2-99643E4B5202}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{E966C56B-2CE0-4B56-9659-1DD541843AEE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{21492215-4B7A-43A9-8657-72A138524CEA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{99A3AD36-B1EF-410C-B50C-B2DCE7E6679A}"= Disabled:UDP:6346:shareaza
"{EF2A56C3-8835-4F56-A9CA-4F186798B5B6}"= Disabled:TCP:6346:shareaza
"TCP Query User{766C9D47-BD9A-4622-B596-B425DDE6D00C}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{60AD0065-D2A9-4BA4-879D-2213F97F935D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{F4FE2058-5F71-4FD0-B8EA-0646BF2BE33B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2C4AE294-C12D-4F59-9E3F-5CA527C987B9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{48A787A1-B89B-4044-875A-C6021447B114}"= Disabled:UDP:c:\program files\Omemo\Omemo.exe:Omemo
"{4D0CE41B-53A5-4582-BA24-2C299D1255F3}"= Disabled:TCP:c:\program files\Omemo\Omemo.exe:Omemo
"TCP Query User{AEAD9F9A-0649-48C3-BD08-0EB04AFC9161}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E6E38BB7-775F-48F3-B3A0-7291A06D8C40}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"6850a7ed-18ea-4859-be34-3f018205ea2b"= UDP:45550:emuletcp2
"85afbcb4-58f1-4d9c-9868-fa960b8691b8"= TCP:45560:emuleudp2
"{01F006D0-AED2-4987-8F0E-C11AA11DB7C2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C9AC9B0F-2F9C-45D4-8D22-55424321C18D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7AEEFB85-936E-45B6-BA2B-4F455A382926}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{C4D61FD9-AF4E-4515-9913-99B4948365AD}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2008-07-29 20632]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2008-07-29 56984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\System32\drivers\viahduaa.sys [2008-07-29 230912]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-01-03 13976]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-09 1136600]
S3 EC168BDA;EC168BDA service;c:\windows\System32\drivers\EC168BDA.sys [2007-09-11 87296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-28 1527900]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-04-09 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-04-06 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-09-16 29744]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\System32\VNICPKT5.sys [2008-07-29 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'

2009-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-16 16:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 11:19
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-641817250-3860369117-549646289-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A7AC858C-5DFC-36D6-1766-51AAB3C5BA2A}*]
"bbdknjbpjbcngmlipcndijdnipfcindmejpf"=hex:61,61,00,00
"abdknjbpjbcngmlipcielknkeopfdompbo"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-06-04 11:21
ComboFix-quarantined-files.txt 2009-06-04 09:21
ComboFix2.txt 2009-06-03 17:30

Avant-CF: 3,462,565,888 octets libres
Après-CF: 3,418,546,176 octets libres

283 --- E O F --- 2009-06-03 01:04

Réponse 36 / 162

Utilisateur anonyme
4 juin 2009 à 12:57

salut tu as installé Spy Emergency ?????????????

Réponse 37 / 162

jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 13:09

non je crois pas

Réponse 38 / 162

Utilisateur anonyme
4 juin 2009 à 13:24

SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}

Réponse 39 / 162

jorandall62 Messages postés 596 Date d'inscription jeudi 24 janvier 2008 Statut Membre Dernière intervention 6 octobre 2023 56
4 juin 2009 à 13:34

ok mais je fais quoi ??
coomment trouver ce truc ? SP: Spy Emergency *disabled* (Updated) {773EE130-7EFF-422a-B0FB-8A71604A2FF9}
ce que j'avais installé c'est spywareblaster

Réponse 40 / 162

Utilisateur anonyme
4 juin 2009 à 13:41

et oui c'est un rogue ce truc-là

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
Driver::
Avira
Spy Emergency
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Impossible de remettre antivivir free edition

162 réponses

Discussions similaires