Sujet Précédent Sujet Suivant

Pc infecté

Fermé
marine3344 - 11 déc. 2009 à 21:24
 Utilisateur anonyme - 13 déc. 2009 à 17:30
Bonjour,
J'ai un soucis avec mon pc il me semble qu'il est infesté de virus dont win32. Mon antivirus (AVG) ne fonctionne plus et mon système son non plus. Je pensais au reformatage mais quelqu'un m'a suggérer de télécharger rsit et de poster le rapport ici avant d'y songer. Est ce le bon truc ?
Dites moi ce que vous en pensez.
Merci d'avance pour vos réponses
Cordialement,

Logfile of random's system information tool 1.06 (written by random/random)
Run by marine collobert at 2009-12-11 21:21:36
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 55 GB (36%) free of 152 GB
Total RAM: 2046 MB (46% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01677B4B-0610-4814-94A0-5F570DD7A88F}]
Google Plus - C:\PROGRA~1\GOOGLE~1\17GOOG~1.DLL [2009-10-26 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-28 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}]
MessengerUpdate Class - C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\MsgUpdate.dll [2009-07-27 330752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78FF2F80-613A-47d7-8871-912B1236F704}]
Super-Search - Finds more of what you need ! - C:\PROGRA~1\EASYSE~1\BHO\7SUPER~1.DLL [2009-12-08 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99B90DF7-AE6E-D44C-1F22-37FD2BACBF28}]
gooochi browser enhancer - C:\WINDOWS\system32\dhdknkxyaamme.dll [2009-11-18 393728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-04 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-28 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Barre d'outils MSN Search Helper - C:\Program Files\MSN Toolbar Suite\msntb.dll [2005-11-09 165584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
CescrtHlpr Object - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.11.0\escort.dll [2009-08-19 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E39D03C8-7F99-44AE-B05C-25F5440A7BC3}]
adHlpr Object - C:\WINDOWS\system32\ltasinpz.dll [2009-06-01 325120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll [2005-11-09 165584]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-04 263280]
{0508F8F1-08E3-43EE-AAA8-09AD09803084} - RecFree Toolbar - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.11.0\escorTlbr.dll [2009-08-19 172032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-01 7557120]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"NVRotateSysTray"=C:\WINDOWS\system32\nvsysrot.dll [2006-05-01 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-08-25 356352]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240]
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2006-02-02 73728]
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2005-05-17 118784]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"CFSServ.exe"=CFSServ.exe -NoClient []
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"Easy PDF Creator"=C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe [2004-02-09 463872]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-04 149280]
"arhjlnoxhz"=C:\WINDOWS\System32\regsvr32.exe [2008-04-14 12288]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-11 2020120]
"SiteVacuum"=C:\Program Files\EasySearch\SiteVacuumClient.exe [2009-12-07 479309]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-03 814592]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-11 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"IgfxSys"=C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\IgfxSys.dll [2009-07-27 186368]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-12-11 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-28 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX01.515\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX01.515\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX18.203\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX18.203\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX71.312\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX71.312\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.000\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.000\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.734\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.734\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX01.797\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX01.797\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.515\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.515\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.922\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.922\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.093\freezer v1.4 fr\freezer.exe"="C:\Documents and Settings\marine collobert\Local Settings\Temp\Rar$EX00.093\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0710c928-fc49-11dc-b96e-00a0d155463a}]
shell\AutoRun\command - autorun.exe
shell\explore\command - autorun.exe -e
shell\open\command - autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9ad23e-13ea-11de-bae6-00a0d155463a}]
shell\AutoRun\command - F:\2.bat
shell\open\command - F:\2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4caf0f48-6aa0-11dc-b888-00a0d155463a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eec4472-95fd-11dc-b8c0-00a0d155463a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55788901-7045-11dd-b9bc-00a0d155463a}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59c1a4c8-cd92-11db-b818-00a0d155463a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6699dca8-cf74-11dc-b914-00a0d155463a}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fc24656-9f8e-11dd-ba05-00a0d155463a}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8747a703-fd97-11dc-b972-00a0d155463a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3dd7e99-d7ea-11dd-ba6b-00a0d155463a}]
shell\Shell00\command - G:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6270805-c543-11dd-ba46-00a0d155463a}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2b55fb6-be6b-11db-b805-00a0d155463a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f783bfcf-e67d-11db-b842-00a0d155463a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff72e5a1-2d4b-11dd-b981-00a0d155463a}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-12-11 21:10:25 ----D---- C:\rsit
2009-12-11 21:10:25 ----D---- C:\Program Files\trend micro
2009-12-11 20:14:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-11 20:14:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-11 19:42:05 ----D---- C:\WINDOWS\LastGood
2009-12-11 19:36:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-12-11 19:23:33 ----A---- C:\WINDOWS\ban_list.txt
2009-12-08 23:25:37 ----HD---- C:\Documents and Settings\marine collobert\Application Data\drivers
2009-12-08 16:07:06 ----A---- C:\WINDOWS\system32\TESOJAK.txt
2009-12-08 15:57:32 ----D---- C:\Program Files\Audacity
2009-12-08 11:01:04 ----D---- C:\Documents and Settings\marine collobert\Application Data\recfree.com
2009-12-07 23:20:40 ----D---- C:\Program Files\GooglePlusVideos
2009-12-07 23:20:21 ----D---- C:\Program Files\RecFree.com
2009-12-07 23:19:39 ----D---- C:\Program Files\EasySearch
2009-11-28 23:51:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-28 23:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-11-28 23:50:15 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-25 11:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 11:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-13 23:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2009-11-13 23:25:47 ----D---- C:\Documents and Settings\marine collobert\Application Data\Babylon
2009-11-13 17:13:17 ----D---- C:\Program Files\eMule
2009-11-13 17:00:54 ----D---- C:\WINDOWS\ie8updates
2009-11-13 16:52:20 ----HDC---- C:\WINDOWS\ie8
2009-11-13 11:11:04 ----D---- C:\Documents and Settings\marine collobert\Application Data\Smart-Ads-Solutions
2009-11-13 11:11:02 ----A---- C:\WINDOWS\system32\jjjvwjctllc.exe
2009-11-13 11:10:56 ----D---- C:\Program Files\Smart-Ads-Solutions
2009-11-13 11:10:56 ----D---- C:\Documents and Settings\marine collobert\Application Data\Messenger
2009-11-12 23:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-11 21:10:25 ----RD---- C:\Program Files
2009-12-11 20:23:42 ----D---- C:\WINDOWS
2009-12-11 20:08:04 ----SHD---- C:\WINDOWS\Installer
2009-12-11 20:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-11 20:07:17 ----D---- C:\Program Files\Mozilla Firefox
2009-12-11 19:42:07 ----HD---- C:\WINDOWS\inf
2009-12-11 19:42:06 ----D---- C:\WINDOWS\Temp
2009-12-11 19:42:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-11 19:26:23 ----D---- C:\WINDOWS\Help
2009-12-11 19:18:20 ----D---- C:\WINDOWS\Registration
2009-12-11 19:16:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-10 16:08:55 ----D---- C:\Documents and Settings\marine collobert\Application Data\Adobe
2009-12-10 16:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-09 20:17:34 ----D---- C:\WINDOWS\Prefetch
2009-12-09 11:49:26 ----D---- C:\WINDOWS\system32
2009-12-08 12:23:59 ----D---- C:\Program Files\AVS4YOU
2009-12-08 12:23:41 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-12-08 12:23:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-08 12:21:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-07 17:41:38 ----D---- C:\Documents and Settings\marine collobert\Application Data\U3
2009-11-28 23:51:04 ----D---- C:\WINDOWS\system32\drivers
2009-11-28 23:40:05 ----SD---- C:\Documents and Settings\marine collobert\Application Data\Microsoft
2009-11-25 11:53:18 ----A---- C:\WINDOWS\imsins.BAK
2009-11-25 11:51:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 11:51:41 ----D---- C:\WINDOWS\WinSxS
2009-11-19 13:21:36 ----D---- C:\Documents and Settings\marine collobert\Application Data\AVS4YOU
2009-11-19 13:20:37 ----RSD---- C:\WINDOWS\Fonts
2009-11-18 21:22:14 ----A---- C:\WINDOWS\system32\dhdknkxyaamme.dll
2009-11-18 17:48:53 ----D---- C:\Program Files\Pinnacle
2009-11-18 17:44:37 ----D---- C:\Program Files\Fichiers communs
2009-11-14 10:04:07 ----D---- C:\Program Files\Internet Explorer
2009-11-14 09:44:03 ----D---- C:\WINDOWS\system32\fr-fr
2009-11-14 09:44:01 ----D---- C:\WINDOWS\Media
2009-11-13 23:48:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-13 17:02:19 ----A---- C:\WINDOWS\iis6.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-28 360584]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-13 21419]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2007-02-21 223128]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-13 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-05 4271616]
R3 NETw3x32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3643296]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-02 191968]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-28 333192]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-28 28424]
S2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S2 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
S2 REGSpy;REGSpy; \??\C:\Program Files\Softwin\BitDefender9\regspy.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-02 471264]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
S3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-04 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2006-02-07 35840]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-11 906520]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-11 285392]
S2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
S2 Service1;Easy PDF Creator Printing; C:\Program Files\Easy PDF Creator\EasyPrinting.exe [2004-01-30 198144]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-16 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
A voir également:

13 réponses

Réponse 1 / 13
Utilisateur anonyme
11 déc. 2009 à 22:21
Bonsoir marine3344


==> shadow_nemesis,

Arrêtes de dire n'importe quoi !!!!!


@ marine3344

Plusieurs infections
sur ton pc...
commences par ceci stp:

• Télécharge USBFIX
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe­



(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " (supression)) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

*********************************************

Ensuite:

Fais un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.





*******************************************

Fais déja cela ...et dsl pour ce soir,je bosse demain...

==> Réponse donc demain apres midi ou soir !!!

a+





1
marine3344
11 déc. 2009 à 22:31
Merci, je fais tout ça et te le poste.
A demain
0
Réponse 2 / 13
Utilisateur anonyme
13 déc. 2009 à 15:14
Bien...

==> A faire dans l'ordre:

Relances Hijackthis et choisis :Do a system scan only
et coches (fixes) les lignes suivantes
TUTO

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

==> Appuies sur FIX CHECKED
==> Redémarre le pc afin de valider ces modifs.


-----------------------------------------------------------

Faille de sécurité:
==> Mets Adobe à jour:
https://www.commentcamarche.net/telecharger/bureautique/2625-adobe-reader/


----------------------------------------------------------


Pour desinstaller les outils utilisés:

Telecharge ToolsCleaner2--> http://pc-system.fr/
-Une fois téléchargé, installe-le et lance-le
-Clique sur Recherche et laisse le scan se terminer
-Clique sur SUPPRESSION
-Clique sur Quitter pour que le rapport puisse se créer
-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt


puis

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).
* Décoche la case plus vieux que 24 h

TRES IMPORTANT:

---> Il est nécessaire de désactiver,redémarrer puis réactiver la restauration système pour la purger :
XP:
https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
VISTA:
https://www.tayo.fr/desactiver-restauration-windows-vista-tutoriel.php

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php


---> Changes le statut de ce topic :
et mets le en "résolu"
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/


a+




1
marine3344
13 déc. 2009 à 17:22
Voila, tout est ok
Un GRAND merci.
Je te poste le rapport

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\avenger: trouvé !
C:\UsbFix: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\marine collobert\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\marine collobert\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\marine collobert\Bureau\FindyKill.txt: trouvé !
C:\Documents and Settings\marine collobert\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\marine collobert\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\marine collobert\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\marine collobert\Recent\UsbFix.lnk: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\marine collobert\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\marine collobert\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\marine collobert\Bureau\FindyKill.txt: supprimé !
C:\Documents and Settings\marine collobert\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\marine collobert\Bureau\UsbFix.txt: supprimé !
C:\Documents and Settings\marine collobert\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\marine collobert\Recent\UsbFix.lnk: supprimé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: supprimé !
C:\avenger: supprimé !
C:\UsbFix: supprimé !
C:\FindyKill: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\trend micro\HijackThis: supprimé !
0
Réponse 3 / 13
shadow_nemesis Messages postés 171 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 20 janvier 2013 11
11 déc. 2009 à 21:37
telecharge nod32 et va chercher une license complete sur nod321 ou nod325 une fois que t'as fait la mise a jour tu fais une analyse, j'espère avoir regler ton probleme de cette façon, pour ma part pour évité mon pc d'etre infecté j'utilise avec nod32 spybot search & destroy que tu peux telecharger sur different site il est gratuit et très efficace
0
Réponse 4 / 13
marine3344
11 déc. 2009 à 21:51
Merci pour ta réponse,
J'ai téléchargé nod32 mais l'installation ne fonctionne pas comme pour spybot d'ailleurs je pense qu'un virus m'en empêche... J'ai l'impression d'être coincée...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
shadow_nemesis Messages postés 171 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 20 janvier 2013 11
11 déc. 2009 à 21:54
a ce moment la je te propose de mettre un antivirus et un antispyware portatif, ce qui veut dire qui demande pas d'installation, tu peux avoir ca sur des clé usb qui ont la protection antivirus mais tu sais aussi faire l'analyse sur pc c'est le cas pour ma copine, y as des programmes comme liberkey qui regroupe pas mal de logiciel gratos et tous portatif, je sais qu'il y a un antispy et un antivirus limite telecharge sur un autre pc pour savoir mettre sur ta clé pour + de sécurité sinon ben l'option radicale reformaté, si tu as mis tes données importante et non infectée sur ton backup tu peux le faire la conscience tranquille.
0
Réponse 6 / 13
Utilisateur anonyme
11 déc. 2009 à 22:57
==> Pas de soucis !
à demain...
0
marine3344
12 déc. 2009 à 15:57
Voici le rapport UsbFix,
Le scan Malwarebytes est en train de se faire il suit,
Merci

############################## | UsbFix V6.061 |

User : marine collobert (Administrateurs) # CUPIDON
Update on 10/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:40:30 | 12/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ (!) Disabled | (!) Outdated ]
AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]
FW : Bitdefender Firewall[ (!) Disabled ]8.0

C:\ -> Disque fixe local # 148,8 Go (75,17 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque fixe local # 149,05 Go (57,07 Go free) [LaCie] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 932
C:\WINDOWS\system32\csrss.exe 1000
C:\WINDOWS\system32\winlogon.exe 1024
C:\WINDOWS\system32\services.exe 1076
C:\WINDOWS\system32\lsass.exe 1088
C:\WINDOWS\system32\svchost.exe 1292
C:\WINDOWS\system32\svchost.exe 1356
C:\WINDOWS\System32\svchost.exe 1500
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1552
C:\WINDOWS\system32\logonui.exe 1576
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 1676
C:\WINDOWS\system32\svchost.exe 1780
C:\WINDOWS\system32\svchost.exe 1904
C:\WINDOWS\system32\spoolsv.exe 1972
C:\WINDOWS\system32\svchost.exe 200
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 264
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 292
C:\WINDOWS\eHome\ehRecvr.exe 344
C:\WINDOWS\eHome\ehSched.exe 360
C:\Program Files\Java\jre6\bin\jqs.exe 488
C:\WINDOWS\system32\nvsvc32.exe 544
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 592
C:\Program Files\Easy PDF Creator\EasyPrinting.exe 728
C:\WINDOWS\system32\svchost.exe 1524
C:\WINDOWS\system32\svchost.exe 1724
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe 1836
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 1924
C:\WINDOWS\ehome\mcrdsvc.exe 272
C:\WINDOWS\system32\wuauclt.exe 620
C:\WINDOWS\system32\dllhost.exe 1460
C:\WINDOWS\system32\wbem\wmiprvse.exe 920
C:\WINDOWS\system32\userinit.exe 2664
C:\WINDOWS\Explorer.EXE 2704

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\Recycler\S-1-5-21-855863144-3249565761-1961283847-1005
Supprimé ! G:\Recycler\S-1-5-21-855863144-3249565761-1961283847-1005

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[15/09/2006 13:41|--a------|0] C:\AUTOEXEC.BAT
[13/02/2007 21:02|-rahs----|209] C:\boot.ini
[10/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
[15/09/2006 13:41|--a------|0] C:\CONFIG.SYS
[15/09/2006 13:41|-rahs----|0] C:\IO.SYS
[15/09/2006 13:41|-rahs----|0] C:\MSDOS.SYS
[10/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[14/05/2009 19:23|-rahs----|252240] C:\ntldr
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[12/12/2009 15:45|--a------|3136] C:\UsbFix.txt
[01/01/2009 11:44|---hs----|29018] G:\.VolumeIcon.icns
[01/01/2009 11:44|---hs----|25214] G:\.VolumeIcon.ico
[11/10/2009 14:33|--a------|9] G:\anniv.m3u
[12/12/2009 14:58|--a------|76000451] G:\AVS Video Editor 4.2.1.166 + Crack.rar
[05/12/2009 01:10|--a------|136192] G:\correction 1.doc
[04/12/2009 18:15|--a------|136192] G:\correction.doc
[26/02/2009 01:02|--a------|43542441] G:\Coulisse nantes.mp4
[03/09/2009 19:30|--a------|36352] G:\CV Marine Collobert+.doc
[09/03/2009 00:02|--a------|3430912] G:\doc tout rassembl‚ partie 1&2 + annexes.doc
[15/03/2009 13:14|--a------|4188160] G:\doc tout rassembl‚.doc
[01/01/2009 11:44|---------|126976] G:\LaCie.exe
[01/01/2009 11:44|---h-----|390] G:\LaCie.ini
[25/02/2009 21:14|--a------|80024685] G:\Le fabuleux d‚stin de Cl‚mence Collin.mp4
[03/09/2009 19:27|--a------|30208] G:\lettre de motiv inpes.doc
[27/08/2009 20:05|--a------|333824] G:\rapport de stage GfK +.doc
[08/09/2009 22:59|--a------|4342272] G:\rapport_de_stage_GfK_+2.doc
[06/09/2009 21:42|--a------|5056512] G:\rapport_de_stage_GfK_+[1].doc
[08/09/2009 22:59|--a------|427008] G:\soutenance.ppt
[01/01/2007 11:04|--a------|33691218] G:\vid‚o foldingue pour nunuche.MOV

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

"G:\AVS Video Editor 4.2.1.166 + Crack.rar"
-> contain : AVS Video Editor v4.2.1.166\AVSVideoEditor.4.2.1.166.exe

"G:\AVS Video Editor 4.2.1.166 + Crack.rar"
-> contain : AVS Video Editor v4.2.1.166\Crack\AVSVideoEditor.exe

"G:\AVS Video Editor 4.2.1.166 + Crack.rar"
-> contain : AVS Video Editor v4.2.1.166\Crack\AVSVideoRecorder.exe


################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\MARINE~1\Bureau\UsbFix_Upload_Me_CUPIDON.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
0
Réponse 7 / 13
marine3344
12 déc. 2009 à 16:13
Et voila le Malwarebytes,

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3349
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2009 16:03:05
mbam-log-2009-12-12 (16-03-05).txt

Type de recherche: Examen rapide
Eléments examinés: 118603
Temps écoulé: 7 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 34
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 30

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgasst84111.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ltasinpz.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\EasySearch\BHO\7.SuperSearch.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil84111111.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e39d03c8-7f99-44ae-b05c-25f5440a7bc3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e39d03c8-7f99-44ae-b05c-25f5440a7bc3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e39d03c8-7f99-44ae-b05c-25f5440a7bc3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e39d03c8-7f99-44ae-b05c-25f5440a7bc3} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.bhobridge (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ea256ed-74b3-4322-b1e0-53d00c693e6e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.bhobridge.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.supersearchfirefoxmgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.supersearchfirefoxmgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jjjvwjctllc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adproclient.adhlpr (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adproclient.adhlpr.1 (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srosa (Worm.Bagle) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99b90df7-ae6e-d44c-1f22-37fd2bacbf28} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99b90df7-ae6e-d44c-1f22-37fd2bacbf28} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Worm.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Worm.Bagle) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\arhjlnoxhz (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\marine collobert\Application Data\drivers\downld (Worm.Bagle) -> Files: 3846 -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.0.27.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgasst84111.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ltasinpz.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\EasySearch\BHO\7.SuperSearch.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\jjjvwjctllc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mdelk.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\wintems.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\conf.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\serial.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\go28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\go282.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgasst84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgasst841.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgasst8411.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil841.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil8411.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil84111.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil841111.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil8411111.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\msgutil84111111.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Drivers\Aud32\smartasf27.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\Messenger\Sys\mu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.0.27.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\marine collobert\Application Data\drivers\winupgro.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srosa2.sys (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfsintwq.sys (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhdknkxyaamme.dll (Trojan.BHO) -> Delete on reboot.
0
Réponse 8 / 13
Utilisateur anonyme
12 déc. 2009 à 17:00
Ok ,
On continue...

Télécharge FindyKill de Chiquitine29 sur ton bureau :

http://pagesperso-orange.fr/NosTools/Chiquitine29/FindyKill.­exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

? Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )


a+
0
marine3344
12 déc. 2009 à 18:38
dac o dac je fais ça par contre le lien que tu m'as donné ne fonctionne pas.. ou je dois aller ?
Merci beaucoup
0
Réponse 9 / 13
Utilisateur anonyme
12 déc. 2009 à 18:43
ssscccuuuuses...

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

a+
0
marine3344
12 déc. 2009 à 18:53
pas de problème,
voilà le résultat


############################## | FindyKill V5.021 |

# User : marine collobert (Administrateurs) # CUPIDON
# Update on 10/12/2009 by Chiquitine29
# Start at: 18:52:00 | 12/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Bitdefender Antivirus 8.0 [ (!) Disabled | (!) Outdated ]
# AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]
# FW : Bitdefender Firewall[ (!) Disabled ]8.0

# C:\ # Disque fixe local # 148,8 Go (75,2 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque fixe local # 149,05 Go (57,07 Go free) [LaCie] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |


################## | C:\WINDOWS |

Présent ! C:\WINDOWS\ban_list.txt
Présent ! C:\WINDOWS\mdelk.exe
Présent ! C:\WINDOWS\wintems.exe
Présent ! C:\WINDOWS\Prefetch\15554250.EXE-345B9994.pf
Présent ! C:\WINDOWS\Prefetch\15616078.EXE-0A5E0CFB.pf
Présent ! C:\WINDOWS\Prefetch\15648859.EXE-16B6434B.pf
Présent ! C:\WINDOWS\Prefetch\30835312.EXE-118E5157.pf
Présent ! C:\WINDOWS\Prefetch\30873937.EXE-30386B39.pf
Présent ! C:\WINDOWS\Prefetch\30885812.EXE-391D7A73.pf
Présent ! C:\WINDOWS\Prefetch\434828.EXE-3AC1BACE.pf
Présent ! C:\WINDOWS\Prefetch\446453.EXE-21A3655E.pf
Présent ! C:\WINDOWS\Prefetch\452671.EXE-0D1E6D40.pf
Présent ! C:\WINDOWS\Prefetch\KEY_GENERATOR.EXE-16DFFB1F.pf
Présent ! C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf
Présent ! C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf

################## | C:\WINDOWS\system32 |

Présent ! C:\WINDOWS\system32\srosa2.sys
Présent ! C:\WINDOWS\system32\wfsintwq.sys

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\marine collobert\Application Data |

Présent ! C:\Documents and Settings\marine collobert\Application Data\drivers
Présent ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld
Présent ! C:\Documents and Settings\marine collobert\Application Data\drivers\winupgro.exe
################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\ControlSet002\Services\srosa]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Présent ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\DateTime4]
Présent ! [HKCU\Software\WS35]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-855863144-3249565761-1961283847-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKU\S-1-5-21-855863144-3249565761-1961283847-1005\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKU\S-1-5-21-855863144-3249565761-1961283847-1005\Software\bisoft]
Présent ! [HKU\S-1-5-21-855863144-3249565761-1961283847-1005\Software\DateTime4]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\key_generator]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-855863144-3249565761-1961283847-1005\Software\Local AppWizard-Generated Applications\key_generator]
Présent ! [HKU\S-1-5-21-855863144-3249565761-1961283847-1005\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.021 ! |
0
Réponse 10 / 13
Utilisateur anonyme
12 déc. 2009 à 18:57
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

• Le pc va redémarrer automatiquement ...

? le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
0
marine3344
12 déc. 2009 à 19:51
voila le nouveau rapport

############################## | FindyKill V5.021 |

# User : marine collobert (Administrateurs) # CUPIDON
# Update on 10/12/2009 by Chiquitine29
# Start at: 19:17:43 | 12/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Bitdefender Antivirus 8.0 [ (!) Disabled | (!) Outdated ]
# AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]
# FW : Bitdefender Firewall[ (!) Disabled ]8.0

# C:\ # Disque fixe local # 148,8 Go (75,2 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque fixe local # 149,05 Go (57,07 Go free) [LaCie] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Easy PDF Creator\EasyPrinting.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

################## | C: |


################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\ban_list.txt
Supprimé ! C:\WINDOWS\mdelk.exe
Supprimé ! C:\WINDOWS\wintems.exe
Supprimé ! C:\WINDOWS\Prefetch\15554250.EXE-345B9994.pf
Supprimé ! C:\WINDOWS\Prefetch\15616078.EXE-0A5E0CFB.pf
Supprimé ! C:\WINDOWS\Prefetch\15648859.EXE-16B6434B.pf
Supprimé ! C:\WINDOWS\Prefetch\30835312.EXE-118E5157.pf
Supprimé ! C:\WINDOWS\Prefetch\30873937.EXE-30386B39.pf
Supprimé ! C:\WINDOWS\Prefetch\30885812.EXE-391D7A73.pf
Supprimé ! C:\WINDOWS\Prefetch\434828.EXE-3AC1BACE.pf
Supprimé ! C:\WINDOWS\Prefetch\446453.EXE-21A3655E.pf
Supprimé ! C:\WINDOWS\Prefetch\452671.EXE-0D1E6D40.pf
Supprimé ! C:\WINDOWS\Prefetch\KEY_GENERATOR.EXE-16DFFB1F.pf
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf
Supprimé ! C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf

################## | C:\WINDOWS\system32 |

Supprimé ! C:\WINDOWS\system32\srosa2.sys
Supprimé ! C:\WINDOWS\system32\wfsintwq.sys

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\marine collobert\Application Data |

Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\145828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\146156.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\146375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\146531.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\146703.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\147015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\147265.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\157156.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\157859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\158468.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\158656.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\159203.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\159812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\160375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\161812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\162796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\163421.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\165796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\166875.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\167078.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\167406.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\167828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\168234.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\168687.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\168875.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\169109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\169562.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\169984.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\170218.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\170437.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\170562.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\170750.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\171328.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\171906.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\172171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\172750.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\173312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\173968.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\174796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\175500.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\176171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\176875.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\177453.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\177921.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\178062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\178281.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\178656.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\179000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\179406.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\179718.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\179953.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\180140.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\180515.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\180875.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\181031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\181187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\182015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\182593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\183265.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\183984.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\184171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\184343.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\184515.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\184687.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\185859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\186906.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\187078.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\187328.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\197187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\200625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\201031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\201468.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\202015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\202734.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\203140.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\203734.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\204625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\205234.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\205453.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\205656.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\205859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\206046.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\206234.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\206421.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\207000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\207625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\207781.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\207984.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\208109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\209359.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\209781.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\210203.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\211640.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\212000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\212375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\212812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\213359.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\213765.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\214187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\214625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\215031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\215406.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\215812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\216187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\216609.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\216843.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\217062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\259453.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\260078.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\260703.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\260984.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\261265.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\261656.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\262031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\265484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\265937.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\266062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\266265.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\268281.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\269765.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\270625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\271531.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\271734.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\272000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\272187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\272406.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\272796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\273125.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\273625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\274140.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\274593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\275062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\276265.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\307515.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\307640.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\328062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\328281.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\349171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\349375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\349593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\349750.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\349953.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\351000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\351421.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\351859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\352109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\353296.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\353921.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\355484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\355703.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\355906.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\356171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\356796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\357171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\358093.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\358718.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\359375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\359781.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\360015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\360250.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\360484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\360687.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\361500.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\362140.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\362375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\362546.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\362734.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\362984.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\363687.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\364078.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\366734.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\368109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\368312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\368500.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\368796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\369015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\369312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\369656.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\369859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\370015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\370281.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\370484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\370609.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\370796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\371687.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\372312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\373046.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\373468.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\373703.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\373890.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\374468.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\375109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\375578.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\375921.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\376250.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\376437.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\376546.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\379828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\380187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\380593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\380859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\381187.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\381812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\382343.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\385531.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\385703.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\385812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\385968.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\386906.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\390468.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\390937.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\391125.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\391250.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\391421.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\391593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\391828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\392093.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\392281.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\393031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\393421.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\393593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\393828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\394781.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\430125.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\430375.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\430609.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\431156.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\431765.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\432968.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\433890.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\435000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\435718.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\437015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\438218.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\439765.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\474750.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\475828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\476546.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\476656.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\476828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\477484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\477921.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\478546.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\479218.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\479859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\480328.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\481359.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\482015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\482593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\524968.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\525109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\525312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\525578.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\525781.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\526031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\568359.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\569906.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\571265.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\571531.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\571734.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\571859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\572031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\572859.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\573468.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\573593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\573796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\574312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\574843.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\575062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\575234.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\575843.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\607828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\607968.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\608125.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\608453.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\608671.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\608796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\609015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\609281.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\609484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\609625.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\609843.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\609953.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\610109.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\610218.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\610390.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\610843.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\611218.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\613531.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\614921.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\615687.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\616140.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\616796.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\617875.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\618390.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\619390.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\619578.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\619812.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\620015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\620578.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\621000.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\621484.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\621828.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\623640.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\624515.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\626031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\627031.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\627593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\628046.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\628765.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\663765.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\666218.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\666843.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\667125.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\702093.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\702203.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\702359.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\702515.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\702718.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\703234.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\706640.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\708531.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\710296.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\711312.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\712406.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\713062.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\713609.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\714328.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\714906.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\715578.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\716015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\716593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\717015.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\717171.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\717390.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\718125.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\718593.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld\719453.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\downld
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers\winupgro.exe
Supprimé ! C:\Documents and Settings\marine collobert\Application Data\drivers

################## | Références de comparaison Bagle MD5 : |

File : C:\WINDOWS\system32\srosa2.sys
-> Crc32 : 00000000 | Md5 : d41d8cd98f00b204e9800998ecf8427e


File : C:\WINDOWS\system32\wfsintwq.sys
-> Crc32 : 00000000 | Md5 : d41d8cd98f00b204e9800998ecf8427e


File : C:\Documents and Settings\marine collobert\Application Data\drivers\winupgro.exe
-> Crc32 : 20661e13 | Md5 : 6b83527ef760fc5addedb70449bead44


################## | Autres suppressions ... |

Supprimé ! "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OLE30DAN\dotnetfx35setup[1].exe"
-> Size : 0 | Crc32 : 00000000 | Md5 : d41d8cd98f00b204e9800998ecf8427e

Supprimé ! "C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe"
-> Size : 814592 | Crc32 : 20661e13 | Md5 : 6b83527ef760fc5addedb70449bead44

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP502\A0096341.exe"
-> Size : 0 | Crc32 : 00000000 | Md5 : d41d8cd98f00b204e9800998ecf8427e

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0104465.sys"
-> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0104466.sys"
-> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0104536.sys"
-> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0104537.sys"
-> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0105534.sys"
-> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0105535.sys"
-> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0105567.sys"
-> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP527\A0105568.sys"
-> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP532\A0106001.exe"
-> Size : 814592 | Crc32 : 20661e13 | Md5 : 6b83527ef760fc5addedb70449bead44

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP532\A0106003.sys"
-> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP532\A0109874.sys"
-> Size : 0 | Crc32 : 00000000 | Md5 : d41d8cd98f00b204e9800998ecf8427e

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP532\A0109875.sys"
-> Size : 0 | Crc32 : 00000000 | Md5 : d41d8cd98f00b204e9800998ecf8427e

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP532\A0110214.exe"
-> Size : 814592 | Crc32 : 20661e13 | Md5 : 6b83527ef760fc5addedb70449bead44

Supprimé ! "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP532\A0110215.exe"
-> Size : 814592 | Crc32 : 20661e13 | Md5 : 6b83527ef760fc5addedb70449bead44

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |

Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Supprimé ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Supprimé ! [HKCU\Software\bisoft]
Supprimé ! [HKCU\Software\DateTime4]
Supprimé ! [HKCU\Software\WS35]
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\key_generator]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"

################## | Etat / Services / Informations |

# Mode sans echec restauré !

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

Corrompu : C:\Program Files\AVG\AVG9\avgchsvx.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\AVG\AVG9\avgcsrvx.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\AVG\AVG9\avgemc.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\AVG\AVG9\avgnsx.exe
[Offset = 000000FC - Valeur = 0x0001]

Corrompu : C:\Program Files\AVG\AVG9\avgrsx.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\AVG\AVG9\avgtray.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\AVG\AVG9\avgwdsvc.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Sonic\RecordNow!\Launch.exe
[Offset = 000000EC - Valeur = 0x0001]

Corrompu : C:\Program Files\Spybot - Search & Destroy\blindman.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Spybot - Search & Destroy\Update.exe
[Offset = 00000104 - Valeur = 0x0001]


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.021 ! |
0
Réponse 11 / 13
Utilisateur anonyme
12 déc. 2009 à 20:30
Bien....

Le son de ton pc est-il revenu?

Le ver "Bagle" a été viré !!! (mais au passage "Bagle" a aussi "shooté"
ton AV et Spybot...)

==> Dans un premer temps réinstalles AVG

==> Laisses tomber Spybot ...il est plus emmer...t qu'efficace !!!

==> Relances Malwarebytes et fais un "examen rapide"

==> >Télécharges HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lances le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoies, par copier/coller, ton rapport Hijackthis sur le forum,


==> Comment se comporte le PC ?

a+
0
marine3344
12 déc. 2009 à 23:25
Alors le son refonctionne sur l'ordi ! Super ! Et il à l'air de marcher plutôt pas mal. Merci.
Voici le HiJack,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:21, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html?SelectedSearchLang=FR
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Plus - {01677B4B-0610-4814-94A0-5F570DD7A88F} - C:\PROGRA~1\GOOGLE~1\17GOOG~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.11.0\escort.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.11.0\escorTlbr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://webalbum.foto.com/NewUploader/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Easy PDF Creator Printing (Service1) - Unknown owner - C:\Program Files\Easy PDF Creator\EasyPrinting.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 12 / 13
Utilisateur anonyme
13 déc. 2009 à 01:00
Ok
Je suis creuvé ce soir...
Montres mioi le rapport Malwarebytes..
.tu le troveras
ds rapports/logs

Je pense que le formatage s'éloigne. !!!!

==> A demain pour finaliser tout cela ...

a+
0
marine3344
13 déc. 2009 à 13:00
Voilà le rapport. En tout cas d'ores et déjà merci beaucoup pour ton aide et tes lumières.


Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3349
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2009 22:47:31
mbam-log-2009-12-12 (22-47-31).txt

Type de recherche: Examen rapide
Eléments examinés: 119772
Temps écoulé: 25 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 13 / 13
Utilisateur anonyme
13 déc. 2009 à 17:30
De rien...et bons surfs !!!

a+
0