ANALYSE RAPPORT AD-REMOVER Fermé

Question

Bonjour, 

J'ai scanner mon ordi avec le logiciel Ad-Remover et je voudrait savoir si je peux passer a l'option nettoyer. 
Le but etant d'enlever Eorezo, eoengine, et lo.st.

MErci pour votre réponse

Isaure


Rapport: 

======= RAPPORT D'AD-REMOVER 2.0.0.1,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 06/09/10 à 15:20
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 11:27:14 le 08/09/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Annick@NOM-EB85C523610 ( ) 
 
============== RECHERCHE ==============


0,Dossier trouvé: C:\Documents and Settings\Annick\Application Data\EoRezo
0,Dossier trouvé: C:\Documents and Settings\Annick\Local Settings\Application Data\EoRezo
0,Dossier trouvé: C:\Program Files\EoRezo

1,Clé trouvée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé trouvée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
0,Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO
0,Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
0,Clé trouvée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
1,Clé trouvée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
0,Clé trouvée: HKLM\Software\EoRezo
0,Clé trouvée: HKCU\Software\EoRezo
0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1

0,Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
0,Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
0,Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|spidermessenger


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [Impossible d'obtenir la version] **

-- C:\Documents and Settings\Annick\Application Data\Mozilla\FireFox\Profiles\8wisvhd6.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\Annick\Bureau
browser.startup.homepage, google.fr
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\améruche\Application Data\Mozilla\FireFox\Profiles\ifv6yoix.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\Denis\Application Data\Mozilla\FireFox\Profiles\sjcque8k.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\Denis\Mes documents\Mes images
browser.startup.homepage, hxxp://www.google.fr
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\6hw219y0.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\KARINE\Application Data\Mozilla\FireFox\Profiles\p91e55pn.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.8.1.20

-- C:\Documents and Settingsenaud\Application Data\Mozilla\FireFox\Profilesimodi3q.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\renaud\Bureau
browser.startup.homepage_override.mstone, rv:1.9.0.19

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Do404Search: 0x01000000
Enable Browser Extensions: yes
First Home Page: hxxp://y.lo.st
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: hxxp://y.lo.st
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 08/09/2010 (2137 Octet(s)) 

Fin à: 11:30:40, 08/09/2010 
 
============== E.O.F ==============

moment de grace · Answer

bonjour

1)

relances Ad Remover
option NETTOYAGE
poster le rapport

...............

2)

Télécharge ZHPDiag ( de Nicolas coolman ). 
ftp://zebulon.fr/ZHPDiag.exe

(outil de diagnostic)

 Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
 
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour vista ) 

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner. 

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. 

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


si soucis avec ci joint. fr 

=> utiliser https://www.cjoint.com/
=>  utiliser http://ww38.toofiles.com/fr/oip/documents/txt/av.html

Isaure · Answer

Merci!

voici le lien :

http://www.cijoint.fr/cjlink.php?file=cj201009/cijPuzbB3l.txt

moment de grace · Answer

ok

bien infecté..pas que du Eorezo

fais ceci dans cet ordre et poste les rapport au fur et à mesure

1)

relances Ad Remover
option NETTOYAGE
poster le rapport 

.................

2)


Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs 
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac 

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir 

* Double clic sur le raccourci UsbFix présent sur le bureau . 

* Choisir l'option suppression
(d'autres options disponibles, voir le tutoriel). 
* Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal. 

Si un message te demande de redémarrer l'ordinateur fais le ... 

? Au redémarrage, le fix se relance... laisses l'opération s'effectuer. 

? Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

 
* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) 

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


* Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097 

 Il est enregistré sur ton bureau. 

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. 

.....................

3)


Téléchargez MalwareByte's Anti-Malware (que tu pourras garder)


https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

.......................

4)

Fais un nouveau rapport ZHPdiag stp

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


si soucis avec ci joint. fr 

=> utiliser https://www.cjoint.com/
=>  utiliser http://ww38.toofiles.com/fr/oip/documents/txt/av.html

Isaure · Answer

Ok

je suis au travail je reviens dans une demi heure et je fais tout ca!

merci beaucoup pour ton aide!

isaure

Isaure · Answer

voici le rapport nettoyage ad remover:

======= RAPPORT D'AD-REMOVER 2.0.0.1,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 06/09/10 à 15:20
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:50:49 le 08/09/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
Annick@NOM-EB85C523610 ( ) 
 
============== ACTION(S) ==============


0,Dossier supprimé: C:\Documents and Settings\Annick\Application Data\EoRezo
0,Dossier supprimé: C:\Documents and Settings\Annick\Local Settings\Application Data\EoRezo
0,Dossier supprimé: C:\Program Files\EoRezo

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
1,Clé supprimée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
0,Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
0,Clé supprimée: HKLM\Software\EoRezo
0,Clé supprimée: HKCU\Software\EoRezo
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1

0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper
0,Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|spidermessenger


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [Impossible d'obtenir la version] **

-- C:\Documents and Settings\Annick\Application Data\Mozilla\FireFox\Profiles\8wisvhd6.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\Annick\Bureau
browser.startup.homepage, google.fr
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\améruche\Application Data\Mozilla\FireFox\Profiles\ifv6yoix.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\Denis\Application Data\Mozilla\FireFox\Profiles\sjcque8k.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\Denis\Mes documents\Mes images
browser.startup.homepage, hxxp://www.google.fr
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\6hw219y0.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.0.19

-- C:\Documents and Settings\KARINE\Application Data\Mozilla\FireFox\Profiles\p91e55pn.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.8.1.20

-- C:\Documents and Settingsenaud\Application Data\Mozilla\FireFox\Profilesimodi3q.default\Prefs.js --
browser.download.lastDir, C:\Documents and Settings\renaud\Bureau
browser.startup.homepage_override.mstone, rv:1.9.0.19

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 54 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 13 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 08/09/2010 (1628 Octet(s)) 
C:\Ad-Report-SCAN[1].txt - 08/09/2010 (4646 Octet(s)) 

Fin à: 12:53:35, 08/09/2010 
 
============== E.O.F ==============

moment de grace · Answer

vu 

=> usbfix  (lui il va avoir du travail !)

CONTRIBUTEUR SECURITE 

Désinfection = diagnostic + traitement + finalisation 
"Restez" jusqu'au bout...merci

isaure · Answer

etape 2: 
usb fixe


############################## | UsbFix 7.023 | [Suppression]

Utilisateur: Annick (Administrateur) # NOM-EB85C523610 [ ]
Mis à jour le 02/09/10 par El Desaparecido / C_XX
Lancé à 12:57:57 | 08/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU:  Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: Trend Micro OfficeScan Client 7.3 [Enabled | Updated]
Firewall: Pare-feu pour client - version d'entreprise Trend Micro OfficeScan 7.3 [Enabled]
RAM -> 503 Mo 
C:\ (%systemdrive%) -> Disque fixe # 227 Go (213 Go libre(s) - 94%) [HP_PAVILION] # NTFS
D:\ -> Disque fixe # 6 Go (2 Go libre(s) - 32%) [HP_RECOVERY] # FAT32
E:\ -> CD-ROM
Y:\ -> Disque amovible # 4 Go (2 Go libre(s) - 61%) [] # FAT32

################## | Éléments infectieux |


################## | Registre |

Non supprimé ! HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_KAVSYS
Non supprimé ! HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_KAVSYS
Non supprimé ! HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KAVSYS

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{0b2b6d5d-73be-11db-bb91-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{18690ac2-50cc-11de-bd0e-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3d045a2a-e4bb-11de-bd6f-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{67370b4a-38ad-11df-bda7-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{9530678f-6180-11df-bdc0-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{b76c546a-33c1-11de-bcf6-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{d7dc2b34-3d5d-11df-bda9-0013d3d4ede5}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{ee048c9a-eedb-11da-bb44-0013d3d4ede5}

################## | Listing |

[08/09/2010 - 12:53:36 | A | 4974] 	C:\Ad-Report-CLEAN[1].txt
[08/09/2010 - 11:30:40 | A | 4646] 	C:\Ad-Report-SCAN[1].txt
[02/01/2005 - 13:14:18 | A | 50] 	C:\AUTOEXEC.BAT
[08/09/2010 - 12:46:22 | RASHD ] 	C:\Autorun.inf
[18/01/2006 - 20:22:07 | RASH | 218] 	C:\BOOT.BAK
[19/01/2006 - 11:04:41 | RASH | 298] 	C:\boot.ini
[05/08/2004 - 14:00:00 | RASH | 4952] 	C:\Bootfont.bin
[19/01/2006 - 11:04:41 | RSHD ] 	C:\cmdcons
[05/08/2004 - 14:00:00 | RSH | 263488] 	C:\cmldr
[30/05/2006 - 12:25:20 | AS | 12] 	C:\CONFIG.SYS
[08/09/2010 - 11:43:59 | D ] 	C:\Documents and Settings
[20/01/2006 - 10:13:40 | HD ] 	C:\hp
[23/11/2004 - 23:21:48 | RASH | 0] 	C:\IO.SYS
[08/07/2009 - 10:03:27 | A | 38400] 	C:\Liste Mat Dangereux TP 05-09-1.xls
[23/11/2004 - 23:21:48 | RASH | 0] 	C:\MSDOS.SYS
[11/10/2006 - 07:53:09 | D ] 	C:\MWASPI
[05/08/2004 - 14:00:00 | RASH | 47564] 	C:\NTDETECT.COM
[13/02/2009 - 14:38:31 | RASH | 252240] 	C:
tldr
[29/02/2004 - 17:44:34 | A | 52576] 	C:\orange.bmp
[08/09/2010 - 12:54:23 | ASH | 792723456] 	C:\pagefile.sys
[08/09/2010 - 12:53:28 | D ] 	C:\Program Files
[02/01/2005 - 12:36:21 | HD ] 	C:\Python22
[08/09/2010 - 13:00:19 | SHD ] 	C:\RECYCLER
[01/04/2010 - 11:31:03 | D ] 	C:\spoolerlogs
[18/01/2006 - 20:21:27 | SHD ] 	C:\System Volume Information
[02/01/2005 - 12:36:01 | HD ] 	C:\system.sav
[16/03/2009 - 12:03:25 | D ] 	C:\SystemRoot
[07/12/2006 - 17:29:34 | D ] 	C:	emp
[04/12/2008 - 12:39:03 | A | 21] 	C:	muninst.ini
[08/09/2010 - 13:00:19 | D ] 	C:\UsbFix
[08/09/2010 - 13:00:20 | A | 962] 	C:\UsbFix.txt
[08/09/2010 - 12:46:24 | A | 10887871] 	C:\UsbFix_Upload_Me_NOM-EB85C523610.zip
[08/09/2010 - 12:46:10 | D ] 	C:\WINDOWS
[28/07/2001 - 07:07:38 | SH | 0] 	D:\AUTOEXEC.BAT
[08/09/2010 - 12:46:24 | RASHD ] 	D:\Autorun.inf
[23/11/2004 - 17:48:32 | SH | 6] 	D:\BLOCK.RIN
[09/01/2002 - 20:52:30 | SH | 244] 	D:\BOOT.INI
[17/08/2001 - 10:26:26 | SH | 237728] 	D:\CMLDR
[28/07/2001 - 07:07:38 | SH | 0] 	D:\CONFIG.SYS
[10/09/2002 - 00:14:14 | SH | 100] 	D:\Desktop.ini
[10/09/2002 - 17:21:08 | SH | 7850] 	D:\Folder.htt
[30/04/2001 - 21:16:46 | SH | 14] 	D:\Graph
[25/01/2002 - 19:21:24 | SH | 0] 	D:\GRAPH16
[30/11/2004 - 12:01:50 | SH | 73728] 	D:\Info.exe
[28/07/2001 - 07:07:38 | SH | 0] 	D:\IO.SYS
[16/05/2006 - 11:22:32 | SH | 906] 	D:\MASTER.LOG
[28/07/2001 - 07:07:38 | SH | 0] 	D:\MSDOS.SYS
[25/07/2001 - 23:00:00 | SH | 45124] 	D:\NTDETECT.COM
[17/08/2001 - 16:32:24 | SH | 0] 	D:\NTFS
[25/07/2001 - 23:00:00 | SH | 222880] 	D:\NTLDR
[10/09/2002 - 14:58:12 | SH | 181616] 	D:\protect.ed
[23/11/2004 - 17:39:42 | SH | 36] 	D:\SaveFile.Dir
[30/04/2001 - 21:16:46 | SH | 14] 	D:\SVGA
[02/01/2005 - 05:12:10 | ASH | 900] 	D:\USER
[08/02/2002 - 16:44:24 | SH | 88038] 	D:\Warning.bmp
[18/08/2001 - 16:00:00 | SH | 10] 	D:\WIN51
[22/01/2001 - 16:00:00 | SH | 11] 	D:\WIN51.B2
[25/07/2001 - 16:00:00 | SH | 11] 	D:\WIN51.RC1
[25/07/2001 - 21:47:04 | SH | 11] 	D:\WIN51.RC2
[18/08/2001 - 16:00:00 | SH | 10] 	D:\WIN51IC
[20/03/2001 - 16:00:00 | SH | 11] 	D:\WIN51IC.B2
[25/07/2001 - 16:00:00 | SH | 11] 	D:\WIN51IC.RC1
[25/07/2001 - 16:00:00 | SH | 11] 	D:\WIN51IC.RC2
[17/08/2001 - 16:00:00 | SH | 10] 	D:\WIN51IP
[22/01/2001 - 16:00:00 | SH | 11] 	D:\WIN51IP.B2
[25/07/2001 - 21:47:04 | SH | 11] 	D:\WIN51IP.RC2
[17/08/2001 - 14:17:02 | SH | 184] 	D:\WINBOM.INI
[02/01/2005 - 05:11:58 | SHD ] 	D:\cmdcons
[02/01/2005 - 05:11:58 | SHD ] 	D:\hp
[02/01/2005 - 05:11:58 | SHD ] 	D:\I386
[02/01/2005 - 05:12:50 | SHD ] 	D:\MiniNT
[02/01/2005 - 05:37:52 | SHD ] 	D:\PRELOAD
[24/02/2004 - 17:38:52 | A | 498] 	D:\BATCH.OLD
[24/11/2004 - 21:55:24 | RD ] 	D:\Réinstallation Système
[30/03/1999 - 18:17:54 | SHD ] 	D:\SYSTEM.SAV
[02/01/2005 - 05:11:58 | SHD ] 	D:\TOOLS
[01/02/2005 - 00:41:48 | ASH | 1552] 	D:\BATCH.LOG
[02/01/2005 - 04:37:12 | SHD ] 	D:\System Volume Information
[02/01/2005 - 05:11:58 | SHD ] 	D:\RECOVERY
[02/01/2005 - 05:36:48 | SHD ] 	D:\Recycled
[16/05/2006 - 11:22:34 | RSH | 26] 	D:\RCBoot.sys
[05/02/2009 - 08:20:54 | RSH | 105624] 	D:\3dohrt.com
[04/02/2009 - 08:06:26 | RSH | 104882] 	D:120.bat
[24/08/2009 - 10:27:40 | RSH | 116655] 	D:\g1.bat
[01/01/1995 - 02:00:02 | R | 44] 	E:\Track01.cda
[01/01/1995 - 02:02:15 | R | 44] 	E:\Track02.cda
[01/01/1995 - 02:04:43 | R | 44] 	E:\Track03.cda
[01/01/1995 - 02:08:02 | R | 44] 	E:\Track04.cda
[01/01/1995 - 02:10:45 | R | 44] 	E:\Track05.cda
[01/01/1995 - 02:13:28 | R | 44] 	E:\Track06.cda
[01/01/1995 - 02:15:26 | R | 44] 	E:\Track07.cda
[01/01/1995 - 02:19:22 | R | 44] 	E:\Track08.cda
[01/01/1995 - 02:22:28 | R | 44] 	E:\Track09.cda
[01/01/1995 - 02:25:34 | R | 44] 	E:\Track10.cda
[01/01/1995 - 02:27:36 | R | 44] 	E:\Track11.cda
[01/01/1995 - 02:29:47 | R | 44] 	E:\Track12.cda
[01/01/1995 - 02:32:51 | R | 44] 	E:\Track13.cda
[01/01/1995 - 02:35:12 | R | 44] 	E:\Track14.cda
[01/01/1995 - 02:38:59 | R | 44] 	E:\Track15.cda
[01/01/1995 - 02:41:53 | R | 44] 	E:\Track16.cda
[01/01/1995 - 02:46:07 | R | 44] 	E:\Track17.cda
[01/01/1995 - 02:51:02 | R | 44] 	E:\Track18.cda
[01/01/1995 - 02:55:38 | R | 44] 	E:\Track19.cda
[01/01/1995 - 02:00:28 | R | 44] 	E:\Track20.cda
[01/01/1995 - 02:03:55 | R | 44] 	E:\Track21.cda
[01/01/1995 - 02:07:35 | R | 44] 	E:\Track22.cda

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_NOM-EB85C523610.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |

moment de grace · Answer

vu

peux tu refaire la même manip mais en mode sans echec

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

Isaure · Answer

moment de grace · Answer

ok

=> MBAM

Isaure · Answer

je laisse tourner MalwareByte's anti-Malware. Et je te transmet le rapport demain. 
Merci bcp pour ton aide,

isaure

Isaure · Answer

Bonjour!

Voici le rapport:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4569

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/09/2010 08:22:43
mbam-log-2010-09-09 (08-22-43).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|H:\|I:\|J:\|Y:\|)
Elément(s) analysé(s): 285972
Temps écoulé: 58 minute(s), 56 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 151

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c5f43bef-ce2f-46d8-afe6-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5f43bef-ce2f-afe6-46d8-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5f43bef-ce2f-46d8-afe6-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\api32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP923\A0092911.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094700.exe (Spyware.AgenceExclusive) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094835.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094853.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094871.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094826.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094829.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094830.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094832.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094834.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094837.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094840.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094845.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094846.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094847.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094848.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094851.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094854.com (Trojan.Onlinegames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094855.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094860.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094861.exe (Trojan.OnLineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094862.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094864.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094865.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094869.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094872.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094893.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094896.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094897.cmd (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094898.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094901.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094902.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094903.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094904.cmd (Worm.Magania) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094905.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094907.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094909.cmd (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0095029.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0095030.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0095032.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0095033.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0092313.exe (Spyware.AgenceExclusive) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP910\A0092579.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP910\A0092593.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP913\A0092632.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\cgaqyi.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\e2.cmd.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\em8tqm.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\i8ikdjwt.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\mk28sp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C
u.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\q9.cmd.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\uvsqfgwd.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\x3xh.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\Annick\LOCALS~1\Temp\dsoqq.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\Annick\LOCALS~1\Temp\dsoqq2.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\Annick\LOCALS~1\Temp
odqq0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds1.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds2.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds3.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds4.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds5.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds6.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds7.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds8.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\WINDOWS\Temp\cvasds9.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\1gkbvsni.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\2.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\2bbi1ax.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\2nuk.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\2ul.exe.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\6j2j.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\6phx.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\8gig0ofk.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\8paf1d.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\9fo3ar0j.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\9rfpp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\ba.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\boyedt.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\cgaqyi.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\chxnxyx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\cobn8w3.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\dqm.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\e2.cmd.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\em8tqm.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\eyruu.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\g6jk.exe.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\gyn.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\hifdmgt.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\i.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\i8ikdjwt.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\icxpa.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\j.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\jm3cx96.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\kmj.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\krwyrv0d.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\luk1ylq.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\mi9al8rs.exe.vir (Worm.Taterf) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\mk28sp.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\ml.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\o3n9k.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\p3vwxx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\q9.cmd.vir (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\qhbfqx.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\ukvr.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\Dfg.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\Dhwhin.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\Dpw.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\Dxf.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\sdfqh.exe.vir (Spyware.OnLineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\upw.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\uvsqfgwd.cmd.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\w.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\x3xh.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\xcisvxl.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\xcr.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\xsia.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\D\yh.cmd.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\Y\9fo3ar0j.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Documents and Settings\Annick\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Documents and Settings\Annick\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\EoRezo\eorezo.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\EoRezo\EoRezoBHO.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denis\Local Settings\Temp
odqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denis\Local Settings\Temp
odqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp
odqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp
odqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094912.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094933.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094937.cmd (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094938.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094945.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094947.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094948.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094956.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094959.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094964.cmd (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094976.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094979.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP942\A0094985.cmd (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP923\A0092913.EXE (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP910\A0092581.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP910\A0092595.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP913\A0092634.EXE (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP935\A0093416.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settingsenaud\Local Settings\Temp\apiqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settingsenaud\Local Settings\Temp\apiqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denis\Local Settings\Temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Denis\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settingsenaud\Local Settings\Temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settingsenaud\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

moment de grace · Answer

ok

vide la quarantaine de MBAM

puis

Fais un nouveau rapport ZHPdiag stp

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message


si soucis avec ci joint. fr 

=> utiliser https://www.cjoint.com/
=>  utiliser http://ww38.toofiles.com/fr/oip/documents/txt/av.html

Isaure · Answer

lien rapport ZHPdiag

http://www.cijoint.fr/cjlink.php?file=cj201009/cij1oF4qEf.txt

moment de grace · Answer

ok

1)


* Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


[HKCU\Software\SpiderMessenger]       
O64 - Services: CurCS - (.not file.) - KAVsys (KAVsys)  .(.Pas de propriétaire - Pas de description.) - LEGACY_KAVSYS   
 [MD5.4058D6D2E8FC6B115ECA8639C2B70EFB] - (.PC Tools - PC Tools GUI Application.) -- C:\Program Files\PC Tools Security\pctsGui.exe   [1588184]  
 [MD5.9C5387F87E1299EDC7F73303F083C14B] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\TEMP\TOEB4E.EXE   [172099] 
 O4 - HKLM\..\Run: [ISTray] . (.PC Tools - PC Tools GUI Application.) -- C:\Program Files\PC Tools Security\pctsGui.exe 



Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.



Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ". 

Copie/Colle le rapport à l'écran dans ton prochain message

( ce rapport est sauvegardé dans ce dossier  C:\Program files\ZHPDiag\ZHPFixReport.txt ) 

.............................

2)

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier : 


C:\WINDOWS\UDB.zip


Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers : 

Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK

.............................

3)

un périphérique nommé G et absent pendant USBfix est infecté

il faudrait refaire USBfix avec lui

Isaure · Answer

Rapport de ZHPFix v1.12.3147 par Nicolas Coolman, Update du 07/09/2010
Fichier d'export Registre : C:\ZHPExportRegistry-09-09-2010-10-28-33.txt
Run by Annick at 09/09/2010 10:28:33
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Processus mémoire ==========
C:\WINDOWS\TEMP\TOEB4E.EXE [172099]  => Supprimé et mis en quarantaine

========== Clé(s) du Registre ==========
HKCU\Software\SpiderMessenger  => Clé absente
O64 - Services: CurCS - (.not file.) - KAVsys (KAVsys) .(.Pas de propriétaire - Pas de description.) - LEGACY_KAVSYS  => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O4 - HKLM\..\Run: [ISTray] . (.PC Tools - PC Tools GUI Application.) -- C:\Program Files\PC Tools Security\pctsGui.exe  => Valeur supprimée avec succès


========== Récapitulatif ==========
1 : Processus mémoire
2 : Clé(s) du Registre
1 : Valeur(s) du Registre


End of the scan

Isaure · Answer

rapport virus total:


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: UDB.zip
Submission date: 2010-09-09 08:32:15 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

not reviewed
 Safety score: - 
Compact
Print results 
Antivirus	Version	Last Update	Result
AhnLab-V3	2010.09.09.00	2010.09.09	-
AntiVir	8.2.4.50	2010.09.09	-
Antiy-AVL	2.0.3.7	2010.09.09	-
Authentium	5.2.0.5	2010.09.08	-
Avast	4.8.1351.0	2010.09.08	-
Avast5	5.0.594.0	2010.09.08	-
AVG	9.0.0.851	2010.09.08	-
BitDefender	7.2	2010.09.09	-
CAT-QuickHeal	11.00	2010.09.09	-
ClamAV	0.96.2.0-git	2010.09.09	-
Comodo	6021	2010.09.09	-
DrWeb	5.0.2.03300	2010.09.09	-
Emsisoft	5.0.0.37	2010.09.09	-
eSafe	7.0.17.0	2010.09.07	-
eTrust-Vet	36.1.7844	2010.09.09	-
F-Prot	4.6.1.107	2010.09.01	-
F-Secure	9.0.15370.0	2010.09.09	-
Fortinet	4.1.143.0	2010.09.08	-
GData	21	2010.09.09	-
Ikarus	T3.1.1.88.0	2010.09.09	-
Jiangmin	13.0.900	2010.09.09	-
K7AntiVirus	9.63.2470	2010.09.08	-
Kaspersky	7.0.0.125	2010.09.09	-
McAfee	5.400.0.1158	2010.09.09	-
McAfee-GW-Edition	2010.1B	2010.09.09	-
Microsoft	1.6103	2010.09.09	-
NOD32	5435	2010.09.08	-
Norman	6.06.05	2010.09.08	-
nProtect	2010-09-09.03	2010.09.09	-
Panda	10.0.2.7	2010.09.08	-
PCTools	7.0.3.5	2010.09.09	-
Prevx	3.0	2010.09.09	-
Rising	22.64.03.01	2010.09.09	-
Sophos	4.57.0	2010.09.09	-
Sunbelt	6850	2010.09.09	-
SUPERAntiSpyware	4.40.0.1006	2010.09.09	-
Symantec	20101.1.1.7	2010.09.09	-
TheHacker	6.7.0.0.012	2010.09.09	-
TrendMicro	9.120.0.1004	2010.09.09	-
TrendMicro-HouseCall	9.120.0.1004	2010.09.09	-
VBA32	3.12.14.0	2010.09.08	-
ViRobot	2010.9.8.4031	2010.09.09	-
VirusBuster	12.64.24.0	2010.09.08	-
Additional informationShow all
MD5   : 9b8179250728489cf45fde50505b6431
SHA1  : f8236edfdfe090076f1d684f6fdfccc8697026e7
SHA256: 21a293353817ab2f4ade89f6fa1d3a407144291f7b9f11d5e8da8c64b991304f
ssdeep: 48:9stqB+qhehvAPe+0WNZ3qO/3SA5iKHrPQg8n1NRai9CdxEGX:ytChy4RT6AgKHT8nPRai9eq
GX
File size : 2074 bytes
First seen: 2010-09-09 08:32:15
Last seen : 2010-09-09 08:32:15
TrID: 
ZIP compressed archive (100.0%)
sigcheck: 
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

moment de grace · Answer

ok

reste ce G, ca te parle ?

Isaure · Answer

Rapport de ZHPFix v1.12.3147 par Nicolas Coolman, Update du 07/09/2010
Fichier d'export Registre : C:\ZHPExportRegistry-09-09-2010-10-28-33.txt
Run by Annick at 09/09/2010 10:28:33
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Processus mémoire ==========
C:\WINDOWS\TEMP\TOEB4E.EXE [172099]  => Supprimé et mis en quarantaine

========== Clé(s) du Registre ==========
HKCU\Software\SpiderMessenger  => Clé absente
O64 - Services: CurCS - (.not file.) - KAVsys (KAVsys) .(.Pas de propriétaire - Pas de description.) - LEGACY_KAVSYS  => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O4 - HKLM\..\Run: [ISTray] . (.PC Tools - PC Tools GUI Application.) -- C:\Program Files\PC Tools Security\pctsGui.exe  => Valeur supprimée avec succès


========== Récapitulatif ==========
1 : Processus mémoire
2 : Clé(s) du Registre
1 : Valeur(s) du Registre


End of the scan

Isaure · Answer

J'ai refais mais le G non ne me parle pas vraiment. donc je sais pas si c'est bon.

moment de grace · Answer

Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe




Double-clique sur l'icône. 
Les icônes vont disparaître. C'est normal. 
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite 
Redémarre ensuite le PC.

ANALYSE RAPPORT AD-REMOVER

21 réponses

Discussions similaires