Avaste semble Absent ? j ai besoin d aide

Re bonsoir ARCHET9
voici le raport demande le son remarche a nouveau mais le probleme de l'antiverus demeure pour le moment
j'ai des mis a jour qui m'attendent je vais m'en occuper redemarer le PC et ......
Merci encorre pour ce premier depannage
a+

############################## | FindyKill V5.028 |


############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\E_S00RP1.EXE
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

################## | D: |

Supprimé ! G:\autorun.inf

################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\ban_list.txt
Supprimé ! C:\WINDOWS\mdelk.exe
Supprimé ! C:\WINDOWS\wintems.exe

################## | C:\WINDOWS\Prefetch |

Supprimé ! C:\WINDOWS\Prefetch\101843.EXE-0AC82C0E.pf
Supprimé ! C:\WINDOWS\Prefetch\114250.EXE-1E26AC77.pf
Supprimé ! C:\WINDOWS\Prefetch\115218.EXE-17D7C93C.pf
Supprimé ! C:\WINDOWS\Prefetch\126625.EXE-076DF30B.pf
Supprimé ! C:\WINDOWS\Prefetch\14928187.EXE-0849D6E8.pf
Supprimé ! C:\WINDOWS\Prefetch\177421.EXE-24652C0A.pf
Supprimé ! C:\WINDOWS\Prefetch\530406.EXE-1F276C83.pf
Supprimé ! C:\WINDOWS\Prefetch\545296.EXE-221DB811.pf
Supprimé ! C:\WINDOWS\Prefetch\98984.EXE-01431580.pf
Supprimé ! C:\WINDOWS\Prefetch\MDELK.EXE-07594376.pf
Supprimé ! C:\WINDOWS\Prefetch\WINTEMS.EXE-300B635E.pf
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-081C00E2.pf
Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-1C461ECB.pf

################## | C:\WINDOWS\system32 |

Supprimé ! C:\WINDOWS\system32\srosa2.sys
Supprimé ! C:\WINDOWS\system32\wfsintwq.sys

################## | C:\WINDOWS\system32\drivers |


################## | D:\Documents and Settings\B‚zy Eric\Application Data |

Supprimé ! D:\Documents and Settings\B‚zy Eric\Application Data\drivers\downld
Supprimé ! D:\Documents and Settings\B‚zy Eric\Application Data\drivers\winupgro.exe
Supprimé ! D:\Documents and Settings\B‚zy Eric\Application Data\drivers

################## | Références de comparaison Bagle MD5 : |

File : D:\Documents and Settings\B‚zy Eric\Application Data\drivers\winupgro.exe
-> Crc32 : b57ac074 | Md5 : e2fe1eb7926e1de1c3b64993900ed178


################## | Autres suppressions ... |

Supprimé ! "C:\APPS\SMP\SMPSYS.EXE"
-> Size : 813568 | Crc32 : b57ac074 | Md5 : e2fe1eb7926e1de1c3b64993900ed178


################## | Zip File ... |

################## | Temporary Internet Files |


################## | Registre |

Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\srosa]
Supprimé ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Supprimé ! [HKCU\Software\bisoft]
Supprimé ! [HKCU\Software\DateTime4]
Supprimé ! [HKCU\Software\WS35]
Supprimé ! [HKCU\Software\WS4001]
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\patch]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat |

# Mode sans echec restauré !

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH |

Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashChest.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashLogV.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashQuick.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
[Offset = 0000011C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
[Offset = 00000124 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashUpd.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
[Offset = 000000D4 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[Offset = 00000114 - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\copyx64.exe
[Offset = 000000CC - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\sched.exe
[Offset = 000000FC - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\VisthLic.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
[Offset = 000000F4 - Valeur = 0x0001]

Corrompu : C:\Program Files\PC Tools AntiVirus\PCTAV.exe
[Offset = 0000010C - Valeur = 0x0001]

Corrompu : C:\Program Files\PC Tools AntiVirus\Update.exe
[Offset = 00000104 - Valeur = 0x0001]

Corrompu : C:\WINDOWS\$hf_mig$\KB978207-IE8\update\update.exe
[Offset = 000000EC - Valeur = 0x0001]

Tentative de réparation...
Sauvegarde : update.exe.REN
[Offset = 000000EC - Nouvelle valeur = 0x4C01]
Fichier réparé avec succès.



################## | ! Fin du rapport # FindyKill V5.028 ! |

bonsoir archet9
voici le rsultat du scan.
en consultant ma messagerie j ai pu constater que pctools antivirus avait pris le dessus concernant la surveillance de mes mails mais le probleme semble etre toujours le meme quand on clique sur avast et sur pctoools toujours le meme message ils ne sont pas des application win32

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3651
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/01/2010 19:31:53
mbam-log-2010-01-28 (19-31-53).txt

Type de recherche: Examen rapide
Eléments examinés: 292805
Temps écoulé: 22 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\884ed2fb-facc-5dc6-3417-1f90498f6caf (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a0240ef-91af-cfb8-3634-9d4f93409504} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
D:\Documents and Settings\Bézy Eric\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Application Data\FunWebProducts\Data\Bézy Eric (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
D:\Documents and Settings\Bézy Eric\Local Settings\Application Data\cccukas_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Local Settings\Application Data\cccukas_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Local Settings\Application Data\cccukas.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Local Settings\Application Data\cigwmyo_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Local Settings\Application Data\cigwmyo_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Local Settings\Application Data\cigwmyo.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\884ed2fb-facc-5dc6-3417-1f90498f6caf.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zbbhmbvaasdqosv.dll-uninst.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Thumbs.db (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\001543C9.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00323526.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00369AC2.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0036C359.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\003DB32A.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\004446B2.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0036C359.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\Thumbs.db (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\Thumbs.db (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Documents and Settings\Bézy Eric\Local Settings\Temp\minime.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NfoyxLnQ.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

RE,
je ne sais pas si tu as bien recut le dernier message donc je le rédite.

j ai désinstalé avast4 et Pctool antivirus, j'ai chargé la derniere version d'avast sur ce site.
apres quelque scans sur disques dur, externe, et autres j'ai mis des fichiers en quarentaine.
les manips que tu conseilles sont elles encorre d'actualité ?
que faudrait il rajouter au PC pour eviter ce genre de problemes ?
merci encorre pour tes précieux conseils

a+

bonsoir,

qu est ce L UAC ?
D'apres l'exemple de ZEBULON .FR , on parle de VISTA et je suis sur XP
y a pas d erreur ?

a+

.Salut
voici le dernier rapport
faites en bon usage

======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 29.01.2010 à 16:43
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:38:33, 31/01/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: Les-MENZ-Bureau | Utilisateur actuel: B‚zy Eric
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Program Files\BSplayer_WhenUSave_Installer
C:\Program Files\Viewpoint
D:\DOCUME~1\BZYERI~1\APPLIC~1\ItsLabel
D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
D:\Documents and Settings\B‚zy Eric\Local Settings\Application Data\Kiwee Toolbar
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Kiwee Toolbar
.
HKCU\software\appdatalow\ce583ab8-94c3-b670-00c4-04e6a35f66bc
HKCU\software\EoRezo
HKCU\software\FunWebProducts
HKCU\software\ItsLabel
HKCU\software\microsoft\internet explorer\searchscopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-

00AA005B4383}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
HKLM\software\Viewpoint
HKU\.default\software\AGI
HKU\.default\software\recfree.com
HKU\s-1-5-18\software\AGI
HKU\s-1-5-18\software\recfree.com
HKU\s-1-5-21-1346728683-4050317073-1836694237-1006\software\EoRezo
HKU\s-1-5-21-1346728683-4050317073-1836694237-1006\software\FunWebProducts
HKU\s-1-5-21-1346728683-4050317073-1836694237-1006\software\ItsLabel
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Search Bar: hxxp://g.msn.fr/0SEFRFR/SAOS02
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Enable Browser Extensions: yes
Default_Search_URL: hxxp://www.google.com/ie
Start Page Restore: hxxp://www.sfr.fr/kit/adsl/
Use Search Asst: no
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: 8859d0bee19aca01
Start Page Redirect Cache AcceptLangs: fr
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3995 Octet(s) - C:\Ad-Report-SCAN[1].log
.
5 Fichier(s) - D:\DOCUME~1\BZYERI~1\LOCALS~1\Temp
6 Fichier(s) - C:\WINDOWS\Temp
86 Fichier(s) - C:\WINDOWS\Prefetch
.
0 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 9:44:52 | 31/01/2010 - SCAN[1]
.
============== E.O.F ==============
.

voici les rapports

. Quand on coit toutes ces depuis quelques jours il faut vraiement faire confiences, Nest ce pas ?


======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 29.01.2010 à 16:43
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:01:07, 31/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: Les-MENZ-Bureau | Utilisateur actuel: B‚zy Eric
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
C:\Program Files\BSplayer_WhenUSave_Installer
C:\Program Files\Viewpoint
D:\DOCUME~1\BZYERI~1\APPLIC~1\ItsLabel
D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
D:\Documents and Settings\B‚zy Eric\Local Settings\Application Data\Kiwee Toolbar
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Kiwee Toolbar

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\ce583ab8-94c3-b670-00c4-04e6a35f66bc
HKCU\software\EoRezo
HKCU\software\FunWebProducts
HKCU\software\ItsLabel
HKCU\software\microsoft\internet explorer\searchscopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
HKLM\software\Viewpoint
HKU\.default\software\AGI
HKU\.default\software\recfree.com
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Search Asst: no
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: 8859d0bee19aca01
Start Page Redirect Cache AcceptLangs: fr
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3827 Octet(s) - C:\Ad-Report-CLEAN[1].log
4331 Octet(s) - C:\Ad-Report-SCAN[1].log
.
30 Fichier(s) - D:\DOCUME~1\BZYERI~1\LOCALS~1\Temp
6 Fichier(s) - C:\WINDOWS\Temp
2 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\Ad-Remover\BACKUP
60 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 17:07:39 | 31/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.

Rapport USBFIX

############################## | UsbFix V6.083 |


############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 428
C:\WINDOWS\system32\csrss.exe 492
C:\WINDOWS\system32\winlogon.exe 516
C:\WINDOWS\system32\services.exe 560
C:\WINDOWS\system32\lsass.exe 572
C:\WINDOWS\system32\svchost.exe 732
C:\WINDOWS\system32\logonui.exe 776
C:\WINDOWS\system32\svchost.exe 816
C:\WINDOWS\System32\svchost.exe 884
C:\WINDOWS\system32\svchost.exe 920
C:\WINDOWS\system32\svchost.exe 1012
C:\WINDOWS\System32\wudfhost.exe 1100
C:\WINDOWS\system32\svchost.exe 1108
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1252
C:\WINDOWS\system32\userinit.exe 1380
C:\WINDOWS\Explorer.EXE 1404

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1346728683-4050317073-1836694237-1006
Supprimé ! D:\Recycler\S-1-5-21-1346728683-4050317073-1836694237-1006
Supprimé ! F:\Recycler\S-1-5-21-1346728683-4050317073-1836694237-1006

################## | Registre |


################## | Mountpoints2 |


################## | Listing des fichiers présent |

[31/01/2010 17:07|--a--c---|4210] C:\Ad-Report-CLEAN[1].log
[31/01/2010 09:44|--a--c---|4331] C:\Ad-Report-SCAN[1].log
[26/05/2006 12:32|-rahsc---|215] C:\BOOT.BAK
[27/12/2008 21:39|--ahsc---|297] C:\BOOT.INI
[05/08/2004 13:00|-rahsc---|4952] C:\Bootfont.bin
[14/01/2010 21:21|--a--c---|240128] C:\cgi_neufmusic.doc
[30/01/2010 14:49|--a--c---|828] C:\cleannavi.txt
[05/08/2004 13:00|-rahs----|263488] C:\cmldr
[03/03/2008 22:43|--a--c---|8590] C:\debug.log
[17/09/2009 21:30|--a--c---|10002] C:\drwtsn32.log
[26/05/2006 12:14|--a--c---|5464] C:\DWNLOG.TXT
[19/01/2010 20:45|--a--c---|154] C:\fairuse.log
[?|?|?] C:\hiberfil.sys
[26/05/2006 12:33|-rahsc---|0] C:\IO.SYS
[26/05/2006 12:35|--ah-c---|848] C:\IPH.PH
[26/05/2006 12:33|-rahsc---|0] C:\MSDOS.SYS
[05/08/2004 13:00|--a------|47564] C:\NTDETECT.COM
[05/11/2008 11:36|--a------|252240] C:\NTLDR
[09/02/2008 13:31|--a--c---|0] C:\OrbPVR.db
[?|?|?] C:\pagefile.sys
[26/05/2006 12:03|--a--c---|1011] C:\SAUDIT.TXT
[28/12/2009 21:43|--a--c---|848] C:\twacker.log
[07/11/2007 07:00|--a--c---|17734] D:\eula.1028.txt
[07/11/2007 07:00|--a--c---|17734] D:\eula.1031.txt
[07/11/2007 07:00|--a--c---|10134] D:\eula.1033.txt
[07/11/2007 07:00|--a--c---|17734] D:\eula.1036.txt
[07/11/2007 07:00|--a--c---|17734] D:\eula.1040.txt
[07/11/2007 07:00|--a--c---|118] D:\eula.1041.txt
[07/11/2007 07:00|--a--c---|17734] D:\eula.1042.txt
[07/11/2007 07:00|--a--c---|17734] D:\eula.2052.txt
[07/11/2007 07:00|--a--c---|17734] D:\eula.3082.txt
[10/10/2008 12:51|--a--c---|284] D:\Frontpage.htm
[07/11/2007 07:00|--a--c---|1110] D:\globdata.ini
[07/11/2007 07:03|--a--c---|562688] D:\install.exe
[07/11/2007 07:00|--a--c---|843] D:\install.ini
[07/11/2007 07:03|--a--c---|76304] D:\install.res.1028.dll
[07/11/2007 07:03|--a--c---|96272] D:\install.res.1031.dll
[07/11/2007 07:03|--a--c---|91152] D:\install.res.1033.dll
[07/11/2007 07:03|--a--c---|97296] D:\install.res.1036.dll
[07/11/2007 07:03|--a--c---|95248] D:\install.res.1040.dll
[07/11/2007 07:03|--a--c---|81424] D:\install.res.1041.dll
[07/11/2007 07:03|--a--c---|79888] D:\install.res.1042.dll
[07/11/2007 07:03|--a--c---|75792] D:\install.res.2052.dll
[07/11/2007 07:03|--a--c---|96272] D:\install.res.3082.dll
[29/02/2004 16:44|--a--c---|52576] D:\orange.bmp
[12/11/2007 22:05|--ah-c---|474] D:\os847477.bin
[31/01/2010 17:16|--a--c---|3514] D:\UsbFix.txt
[07/11/2007 07:00|--a--c---|5686] D:\vcredist.bmp
[07/11/2007 07:12|--a--c---|232960] D:\VC_RED.MSI
[15/03/2009 21:12|--ah-c---|11469] D:\ZbThumbnail.info
[28/12/2008 10:31|---hs----|32768] G:\FOUND.000
[14/08/2008 13:58|---------|32768] G:\wd_windows_tools
[17/01/2009 16:46|--a------|3102137] I:\€a Plane Pour Moi .mp3
[28/11/2009 12:46|--a------|5546362] I:\C'est Ma Terre.mp3
[31/12/2009 19:27|--a------|2928074] I:\Chihuahua.wma
[31/12/2009 19:32|--a------|3423974] I:\la chenille.wma
[29/11/2009 18:35|--a------|6107495] I:\Le Papa Pingouin.mp3
[10/11/2002 02:05|--a------|5431662] I:\le sampa.wma
[23/11/2009 17:30|--a------|3713743] I:\Mamadou Avait Mal Aux Dents.mp3
[06/01/2010 22:20|--a------|2948297] I:\01-La Valse des tiquettes-Jeanne Cherhal-Le Soldat Rose.mp3
[29/11/2009 19:08|--a------|1999178] I:\01-petit bbogie-Pierre Lozere-Balalaika(23-07-2007 14-26-29).wma
[29/11/2009 19:07|--a------|2208338] I:\07-Papa clown-Pierre Lozere-Balalaika(23-07-2007 14-26-29).wma
[29/11/2009 18:32|--a------|3343296] I:\01-Guillirock-Pierre LozŠre-Guili Rock.wma
[17/01/2009 16:42|--a------|4728206] I:\Bizoo d'eskimo.mp3
[19/01/2009 18:25|-ra------|3104875] I:\Moi, j'aime skier.mp3
[28/12/2008 21:56|--a------|3184502] I:\Swing momes-boogie boogie-Le bal qui balance.wma
[29/12/2008 16:43|--a------|2930794] I:\Swing momes-Pour danse le pas mieux-Le bal qui balance.wma
[28/11/2009 12:00|--a------|3552819] I:\Christophe Mae - Ca Fait Mal.mp3
[31/12/2009 19:26|--a------|3334248] I:\la dance d'helene.wma
[23/01/2010 14:04|--a------|6251198] I:\01-C'est bon pour le moral-COMPAGNIE CREOLE-C'est Bon pour le moral.wma
[23/01/2010 14:04|--a------|5383580] I:\02-Ca fait rire les oiseaux-Compagnie Cr‚ole-C'est Bon pour le moral.wma
[23/01/2010 14:04|--a------|7414754] I:\06-Le Bal Masqu‚-Compagnie Cr‚ole-C'est Bon pour le moral.wma
[20/11/2009 13:53|--a------|32768] K:\9878F000
[13/05/2009 13:30|--a------|780496] K:\annick.pdf
[19/12/2009 08:42|--a------|4500] K:\BOOTEX.LOG
[06/10/2009 07:23|--a------|271] K:\Couriel SFR.url
[31/12/2009 10:35|--a------|140] K:\neufbox Music.url
[30/11/2009 11:54|--a------|19968] K:\Xp professionnel.doc
[06/01/2010 20:29|--a------|296] K:\WMPInfo.xml

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.
# I:\autorun.inf -> Dossier créé par UsbFix.
# K:\autorun.inf -> Dossier créé par UsbFix.

################## | ! Fin du rapport # UsbFix V6.083 ! |


a+

SLT

toutes les taches ontete effectuees
et voici le rapport

c est bien avast derniere version
et dans tous les ANTI....... que rajoutons nous ?

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

D:\UsbFix.txt: trouvé !
D:\Documents and Settings\Bézy Eric\Application Data\Microsoft\Office\Récents\UsbFix.lnk: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\UsbFix: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\Rsit: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\ad renover\Ad-R.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\Navilog1.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\cleannavi.txt: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\rsit\Rsit.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.txt: trouvé !
D:\Documents and Settings\Bézy Eric\Recent\UsbFix.lnk: trouvé !

---------------------------------
--> Suppression:

D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\ad renover\Ad-R.exe: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\Navilog1.exe: supprimé !
D:\UsbFix.txt: supprimé !
D:\Documents and Settings\Bézy Eric\Application Data\Microsoft\Office\Récents\UsbFix.lnk: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\cleannavi.txt: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\rsit\Rsit.exe: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.exe: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.txt: supprimé !
D:\Documents and Settings\Bézy Eric\Recent\UsbFix.lnk: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\UsbFix: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\Rsit: supprimé !

SLT

toutes les taches ontete effectuees
et voici le rapport

c est bien avast derniere version
et dans tous les ANTI....... que rajoutons nous ?

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

D:\UsbFix.txt: trouvé !
D:\Documents and Settings\Bézy Eric\Application Data\Microsoft\Office\Récents\UsbFix.lnk: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\UsbFix: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\Rsit: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\ad renover\Ad-R.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\Navilog1.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\cleannavi.txt: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\rsit\Rsit.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.exe: trouvé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.txt: trouvé !
D:\Documents and Settings\Bézy Eric\Recent\UsbFix.lnk: trouvé !

---------------------------------
--> Suppression:

D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\ad renover\Ad-R.exe: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\Navilog1.exe: supprimé !
D:\UsbFix.txt: supprimé !
D:\Documents and Settings\Bézy Eric\Application Data\Microsoft\Office\Récents\UsbFix.lnk: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\navilog\cleannavi.txt: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\rsit\Rsit.exe: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.exe: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\usbfix\UsbFix.txt: supprimé !
D:\Documents and Settings\Bézy Eric\Recent\UsbFix.lnk: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\UsbFix: supprimé !
D:\Documents and Settings\Bézy Eric\Bureau\nettoyage\Rsit: supprimé !