Salut a tous, Je viens de choper un virus et lorsque je lance un scan et que mon antivirus le trouve, il est de partout et me fait supprimer tous les fichiers . exe de mon ordi. Win32:Sality Mon antivirus est avast. Si quelqu'un pourait me filer un coup de main svp. Bye

Bonjour, Fais ce qui suit dans l’ordre : C - Ccleaner : (nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc.) * Télécharge CCleaner. (attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner). https://www.pcastuces.com/logitheque/ccleaner.htm https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/ Installe le dans un répertoire dédié. Décoche pendant l'installation --- les deux cases "Ajouter l'option ... " --- Contrôler les mises à jour * Lance Ccleaner pour un nettoyage complet. Tutorial ici: https://kerio.probb.fr/t242-tuto-ccleaner-v-2 https://www.malekal.com/tutoriel-ccleaner/ ET http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm > Télécharge random's system information tool (RSIT) : http://images.malwareremoval.com/random/RSIT.exe - Enregistre le programme sur ton bureau. - Double clique sur RSIT.exe - A l'écran "Disclaimer" choisis "1 months" dans le menu déroulant puis clique sur <continue>. - Si HiJackThis n'est pas détecté sur ton PC, RSIT le téléchargera ; accepte alors la licence. - Une fois le scanne terminé tu obtiendras un rapport log.txt. Poste le sur le forum. NB : Il se peut que tu obtiennes un second rapport nommé info.txt. Dans ce cas poste le aussi. +++

Un virus fait bugger mon antivirus !

Réponse 21 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Vide la quarantaine de Malwarebytes' anti Malware.

Réessaye USBFix stp.

Réponse 22 / 106

Chayr Messages postés 109 Statut Membre 1

Go !

Réponse 23 / 106

Chayr Messages postés 109 Statut Membre 1

au faite :

A plusieurs reprises au moins 50 fois l'antivirus a détecter un virus pendant le scan de malwarebytes.
A chaque fois je ferme la fenetre d'avast sinon sa bloque le sscan de malware.
J'ai fini par désactiver avast. et plus de souci pendant le scan.

Voila je ne savai pas si sa avait une importance...

Réponse 24 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

On va changer avast juste après avoir réessayé USBFix et on fera un scan complet avec ce nouvel antivirus.

Réponse 25 / 106

Chayr Messages postés 109 Statut Membre 1

Salut,
Bon voici les nouvelles
Tu m'avais demandé de lancer Usbfix mais il n'a pas voulu démarrer. Meme message d'erreur que précédemment
"This file contains invalid data"

D'autre part j'ai tanté de redémarrer en mode sans echec et ce coup ci ça a marché !
Du coup j'ai exécuter SDfix
Il y a eu un message d'erreur récurent pendant le scan j'ai pris soin de le noté : (le scan ne s'est pas interrompu)

"Exception processing message c0000013parameter 75afbf9c 4 75afbf9c 75afbf9c"

Et sinon voici le rapport d'Sdfix :

[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 27/08/2009 at 01:09

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

Checking for remaining Streams

Checking for remaining Streams

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 01:17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:78,04,b6,a2,c7,41,30,74,a9,48,6e,fb,79,28,4b,28,20,7e,ee,f1,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,58,ea,99,66,49,94,b0,49,78,07,dc,17,6f,b6,21,9f,..
"khjeh"=hex:c0,7a,4a,dd,69,22,a3,3d,f2,13,5f,7d,cd,ca,3d,a5,86,10,84,c5,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8f,f8,18,f8,cf,be,d9,22,9f,d4,52,37,9d,92,55,20,56,6f,a0,67,87,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:72ea5b18
"s2"=dword:b347f103
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:78,04,b6,a2,c7,41,30,74,a9,48,6e,fb,79,28,4b,28,20,7e,ee,f1,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,58,ea,99,66,49,94,b0,49,78,07,dc,17,6f,b6,21,9f,..
"khjeh"=hex:c0,7a,4a,dd,69,22,a3,3d,f2,13,5f,7d,cd,ca,3d,a5,86,10,84,c5,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8f,f8,18,f8,cf,be,d9,22,9f,d4,52,37,9d,92,55,20,56,6f,a0,67,87,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:78,04,b6,a2,c7,41,30,74,a9,48,6e,fb,79,28,4b,28,20,7e,ee,f1,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,58,ea,99,66,49,94,b0,49,78,07,dc,17,6f,b6,21,9f,..
"khjeh"=hex:c0,7a,4a,dd,69,22,a3,3d,f2,13,5f,7d,cd,ca,3d,a5,86,10,84,c5,d1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8f,f8,18,f8,cf,be,d9,22,9f,d4,52,37,9d,92,55,20,56,6f,a0,67,87,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temporary Internet Files\\Content.IE5\\PH04KI4B\\incredimail_install[1].exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temporary Internet Files\\Content.IE5\\PH04KI4B\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\TribalWeb.net\\tribalweb.exe"="C:\\Program Files\\TribalWeb.net\\tribalweb.exe:*:Enabled:TribalWeb.net : R‚seau priv‚ sur Internet"
"C:\\Program Files\\Steam\\SteamApps\\biloutte69\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\biloutte69\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Administrateur\\Bureau\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Steam\\SteamApps\\kidou666\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\kidou666\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Steam\\SteamApps\\master348\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\master348\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Disabled:AdobeR"
"C:\\Program Files\\Kuma Games\\Kuma.exe"="C:\\Program Files\\Kuma Games\\Kuma.exe:*:Enabled:Kuma"
"C:\\Program Files\\GOA\\Gunbound\\GunBound.gme"="C:\\Program Files\\GOA\\Gunbound\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Disabled:Steam"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"G:\\AdobeR.exe"="G:\\AdobeR.exe:*:Disabled:AdobeR.exe"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system\\smsc32.exe"="C:\\WINDOWS\\system\\smsc32.exe:*:WinSpooler32"
"C:\\WINDOWS\\System32\\.scr"="C:\\WINDOWS\\System32\\.scr:*:WinSpooler32"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:ipsec"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"F:\\ehiwt.cmd"="F:\\ehiwt.cmd:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\upqcnk.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\upqcnk.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winssrg.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winssrg.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\svts.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\svts.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winibyq.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winibyq.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winufjqmg.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winufjqmg.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\tgwi.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\tgwi.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingbajh.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingbajh.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winxektdq.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winxektdq.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rahr.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rahr.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjsfo.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjsfo.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winrulwrw.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winrulwrw.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winnuyqy.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winnuyqy.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvbrwr.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvbrwr.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winksypy.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winksypy.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\gnnppg.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\gnnppg.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winenmsg.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winenmsg.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjeby.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjeby.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\prnr.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\prnr.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wintibhf.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wintibhf.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ugkbef.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ugkbef.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winefqtq.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winefqtq.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfdyl.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfdyl.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\nkte.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\nkte.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winphmj.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winphmj.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winagik.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winagik.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbevlyp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbevlyp.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\bmjiw.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\bmjiw.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\mwxyxw.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\mwxyxw.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winalys.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winalys.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winpstr.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winpstr.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winuntalp.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winuntalp.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ujvver.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ujvver.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winryews.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winryews.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winecdnb.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winecdnb.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\vmmdfx.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\vmmdfx.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\qfhgto.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\qfhgto.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvtoe.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvtoe.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfbe.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfbe.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winuddh.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winuddh.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\cohea.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\cohea.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winmmvrqn.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winmmvrqn.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winarncfx.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winarncfx.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\eybs.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\eybs.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rdeoaq.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rdeoaq.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\pytc.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\pytc.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\loxm.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\loxm.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winsrhf.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winsrhf.exe:*:Enabled:ipsec"
"C:\\Documents and Settings\\Bureau\\Ccleaner\\UsbFix.exe"="C:\\Documents and Settings\\Bureau\\Ccleaner\\UsbFix.exe:*:Enabled:ipsec"
"C:\\SDFix\\apps\\ERUNT.EXE"="C:\\SDFix\\apps\\ERUNT.EXE:*:Enabled:ipsec"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winpixu.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winpixu.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\smelcn.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\smelcn.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Thu 7 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 2 Feb 2009 10,012,216 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sat 9 Dec 2006 1,194 A..H. --- "C:\Program Files\Outlook Express\actf9q8I\lLsR4yVZlrw4S4.tmp"
Mon 20 Jul 2009 261 A..H. --- "C:\Documents and Settings\All Users\Application Data\avg8\srmcheck.tmp"
Sun 15 Jan 2006 1,079 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\actf9q8I\lLsR4yVZlrw4S4.tmp"
Thu 29 Jan 2009 26,112 A..H. --- "C:\Documents and Settings\Bureau\helivision\Helivision\Mail\~WRL3016.tmp"
Thu 10 Jul 2008 31,232 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\Tarifs helivision\~WRL2798.tmp"
Thu 27 Aug 2009 5,662 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE4.tmp"
Wed 15 Oct 2008 31,232 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\publicite\plaquette\plaquette\Textes\~WRL0228.tmp"
Wed 15 Oct 2008 31,744 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\publicite\plaquette\plaquette\Textes\~WRL0974.tmp"
Wed 15 Oct 2008 31,232 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\publicite\plaquette\plaquette\Textes\~WRL1243.tmp"
Wed 15 Oct 2008 31,232 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\publicite\plaquette\plaquette\Textes\~WRL1387.tmp"
Wed 15 Oct 2008 31,232 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\publicite\plaquette\plaquette\Textes\~WRL1818.tmp"
Wed 15 Oct 2008 31,232 A..H. --- "C:\Documents and Settings\Bureau\helivision\save\publicite\plaquette\plaquette\Textes\~WRL2285.tmp"

[b]Finished![/b]

Voila bonne journée et merci encore de ton aide

Bye

Réponse 26 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Pourquoi as-tu mis USBFix dans Ccleaner ??!
/!\ Pour la procédure qui suit, branche tes disques externes : clés USB, disques durs externes, ... TOUT (disques E, F et G (sans les ouvrir) /!\

**************************

/!\ Procédure réservée à Chayr. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\
Télécharge OTM (de Old_Timer) sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.

:Processes
explorer.exe

:Files
C:\WINDOWS\AdobeR.exe
G:\AdobeR.exe
C:\WINDOWS\system\smsc32.exe
C:\WINDOWS\System32\.scr
F:\ehiwt.cmd
C:\WINDOWS\system\svhost.exe
C:\WINDOWS\system\smsc32.exe
E:\AdobeR.exe
F:\AdobeR.exe
K:\AdobeR.exe

:Services
WinSpooler32
WindowsTelephony
abp470n5
avu72fwg

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d940803-3257-11db-b7b8-00085416cef5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da0e53f-7927-11dd-8307-000b0d04af4f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{314f7493-fda1-11dc-81e7-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{314f7497-fda1-11dc-81e7-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3732eb6e-a730-11dc-8139-00085416cef5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b0d66e2-d69b-11dc-8193-00085416cef5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aff9606-c21e-11dc-815f-00085416cef5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1492279-bd67-11dc-8155-00085416cef5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce7633c7-ca70-11db-9fd3-00085416cef5}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\AdobeR.exe"=-
"G:\\AdobeR.exe"=-
"C:\\WINDOWS\\system\\smsc32.exe"=-
"C:\\WINDOWS\\System32\\.scr"=-
"F:\\ehiwt.cmd"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\upqcnk.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winssrg.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\svts.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winibyq.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winufjqmg.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\tgwi.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingbajh.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winxektdq.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rahr.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjsfo.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winrulwrw.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winnuyqy.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvbrwr.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winksypy.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\gnnppg.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winenmsg.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjeby.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\prnr.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wintibhf.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ugkbef.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winefqtq.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfdyl.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\nkte.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winphmj.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winagik.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbevlyp.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\bmjiw.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\mwxyxw.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winalys.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winpstr.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ujvver.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winryews.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winecdnb.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\vmmdfx.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\qfhgto.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvtoe.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfbe.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winuddh.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\cohea.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winmmvrqn.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winarncfx.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\eybs.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rdeoaq.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\pytc.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\loxm.exe"=-
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winsrhf.exe"=-
"C:\\Documents and Settings\\Bureau\\Ccleaner\\UsbFix.exe"=-
"C:\\SDFix\\apps\\ERUNT.EXE"=-

:Commands
[purity]
[emptytemp]
[Reboot]

Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s’affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Réponse 27 / 106

Chayr Messages postés 109 Statut Membre 1

C'est juste un dossier ou j'avais rangé Ccleaner lorsque" Marie" m'avais conseillé de l'installer.
Du coup depuis que j'essaye avec votre aide de lever le virus je met les telechargements dans ce meme dossier pour les retrouver.
A toute

Réponse 28 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Ok.
A toute.

Branche bien tes clés et tout et dans le script, prends bien les deux points au début !

Réponse 29 / 106

Chayr Messages postés 109 Statut Membre 1

Oups j'ai zapper les clesf usb et deux disque dur externe

Je peu refaire la procédure ?

Réponse 30 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Tu l'as déjà faite une fois ?
Si oui, poste le rapport et ne recommence pas, on avisera....

Réponse 31 / 106

Chayr Messages postés 109 Statut Membre 1

Oui je viens de le faire mais je n'ai pas remis les 2 cartes SD et 2 Disque durs

Voici le rapport :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\AdobeR.exe not found.
File/Folder G:\AdobeR.exe not found.
File/Folder C:\WINDOWS\system\smsc32.exe not found.
File/Folder C:\WINDOWS\System32\.scr not found.
File/Folder F:\ehiwt.cmd not found.
File/Folder C:\WINDOWS\system\svhost.exe not found.
File/Folder C:\WINDOWS\system\smsc32.exe not found.
File/Folder E:\AdobeR.exe not found.
File/Folder F:\AdobeR.exe not found.
File/Folder K:\AdobeR.exe not found.
========== SERVICES/DRIVERS ==========

Service\Driver WinSpooler32 deleted successfully.

Service\Driver WindowsTelephony deleted successfully.

Service\Driver abp470n5 deleted successfully.
Service\Driver avu72fwg not found.
Service\Driver avu72fwg not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d940803-3257-11db-b7b8-00085416cef5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d940803-3257-11db-b7b8-00085416cef5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da0e53f-7927-11dd-8307-000b0d04af4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2da0e53f-7927-11dd-8307-000b0d04af4f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{314f7493-fda1-11dc-81e7-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314f7493-fda1-11dc-81e7-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{314f7497-fda1-11dc-81e7-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314f7497-fda1-11dc-81e7-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3732eb6e-a730-11dc-8139-00085416cef5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3732eb6e-a730-11dc-8139-00085416cef5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b0d66e2-d69b-11dc-8193-00085416cef5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b0d66e2-d69b-11dc-8193-00085416cef5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aff9606-c21e-11dc-815f-00085416cef5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aff9606-c21e-11dc-815f-00085416cef5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1492279-bd67-11dc-8155-00085416cef5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1492279-bd67-11dc-8155-00085416cef5}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce7633c7-ca70-11db-9fd3-00085416cef5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce7633c7-ca70-11db-9fd3-00085416cef5}\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\AdobeR.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\G:\\AdobeR.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\system\\smsc32.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\WINDOWS\\System32\\.scr not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\F:\\ehiwt.cmd not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\upqcnk.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winssrg.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\svts.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winibyq.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winufjqmg.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\tgwi.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingbajh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winxektdq.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rahr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjsfo.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winrulwrw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winnuyqy.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvbrwr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winksypy.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\gnnppg.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winenmsg.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjeby.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\prnr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wintibhf.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ugkbef.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winefqtq.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfdyl.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\nkte.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winphmj.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winagik.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbevlyp.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\bmjiw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\mwxyxw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winalys.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winpstr.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ujvver.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winryews.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winecdnb.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\vmmdfx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\qfhgto.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvtoe.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wingfbe.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winuddh.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\cohea.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winmmvrqn.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winarncfx.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\eybs.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\rdeoaq.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\pytc.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\loxm.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winsrhf.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\Documents and Settings\\Bureau\\Ccleaner\\UsbFix.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\\SDFix\\apps\\ERUNT.EXE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 3432118 bytes
->Temporary Internet Files folder emptied: 406099574 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 166376474 bytes

User: All Users

User: Bureau

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: InstallAnywhere

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4770492 bytes
->FireFox cache emptied: 1922479 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48967 bytes

%systemdrive% .tmp files removed: 172 bytes
%systemroot% .tmp files removed: 1206248 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 32846 bytes
RecycleBin emptied: 1000554 bytes

Total Files Cleaned = 557,89 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08272009_194350

Réponse 32 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Branche tout et recommence avec ce script :

:Files
G:\AdobeR.exe
F:\ehiwt.cmd
E:\AdobeR.exe
F:\AdobeR.exe
K:\AdobeR.exe

:Comands
[reboot]

*******

Poste ensuite un nouveau rapport RSIT.

Réponse 33 / 106

Chayr Messages postés 109 Statut Membre 1

Et voila :

========== FILES ==========
File/Folder G:\AdobeR.exe not found.
File/Folder F:\ehiwt.cmd not found.
File/Folder E:\AdobeR.exe not found.
File/Folder F:\AdobeR.exe not found.
File/Folder K:\AdobeR.exe not found.
Error: Unable to interpret <:Comands> in the current context!
Error: Unable to interpret <[reboot]> in the current context!

OTM by OldTimer - Version 3.0.0.6 log created on 08272009_200346

Réponse 34 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Ok.
Poste le nouveau rapport RSIT stp.

Réponse 35 / 106

Chayr Messages postés 109 Statut Membre 1

et bien je croyais que c'était ça.

En revanche ce coup ci l'ordi n'a pas rebooté

Réponse 36 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

En revanche ce coup ci l'ordi n'a pas rebooté

C'est normal, j'ai fait une faute de frappe, pas grave.

******

Non RSIT, c'est pas ça, regarde plus haut si tu ne te souviens plus.

Réponse 37 / 106

Chayr Messages postés 109 Statut Membre 1

Ok je l'ai retrouvé (PS : Il ya eu une fenetre : "Hijackthis a rencontré un probleme et doit fermé")

Voici le rapport :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-27 20:38:58
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 14 GB (19%) free of 78 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:28, on 24/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bureau\Ccleaner\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C05457-B689-479E-8828-8E71317F0442}: NameServer = 212.27.40.240,212.27.40.241
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Telephony (WindowsTelephony) - Unknown owner - C:\WINDOWS\system\svhost.exe (file missing)
O23 - Service: Windows System Memory Manager (WinSpooler32) - Unknown owner - C:\WINDOWS\system\smsc32.exe (file missing)
O24 - Desktop Component 0: (no name) - (no file)

Réponse 38 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

On va changer ton antivirus.

Il existe un utilitaire pour désinstaller Avast proprement :
Télécharge le [https://www.avast.com/fr-fr/uninstall-utility = = = =>>> En cliquant ici <<<= = =

******

Installe Antivir d’Avira, préférable à Avast.
Tout est expliqué <gras>sur ce lien, du téléchargement à la configuration.
Autres liens utiles : ICI
ET ICI

Fais une analyse complète de ton système avec Antivir correctement configuré et poste le rapport ici.

Comment va le PC ?

Réponse 39 / 106

Chayr Messages postés 109 Statut Membre 1

Le pc je pense qu'il va mieux.

Cependant la plupart pour ne pas dire tous les programmes sont HS.
Exemple lorsque je lance google chrome il mets la fenetre "ouvrir avec"
idem pour tous.

Aussi la cmd : ctr+alt+suppr me met : le gestionnaires des taches a été desactivé par votre administrateur.

Avast ne se lance plus (je vais le suppr en mode sans echec)
dans les petites icones a coté de l'heure sur le bureau. ya plus que le son ; l'ejection du materiel usb et une icone "touche filtre".

je désinstalle avast et je vais me coucher

++

Réponse 40 / 106

crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 8 017

Ok, bonne nuit et à demain.

Un virus fait bugger mon antivirus !

106 réponses

Votre réponse

Discussions similaires

Newsletters