TR/crypt.XPACK.gen3 Résolu/Fermé

Question

Bonjour, 


Voilà je suis victime d'un Trojan (je suis novice). J'ai un antivirus Avira qui a détecté un virus mais ne parvient pas à l'effacer.
J'ai relancé plusieurs fois l'antivirus et il retrouve à chaque fois le problème mais il ne parvient pas à l'effacer.
Quelqu'un pourrait-il m'aider?

Merci beaucoup.

Lecable
Configuration: Windows Vista / Firefox 3.5.13

moment de grace · Answer

bonjour

peux tu poster le rapport avira stp

de plus

Télécharge ZHPDiag ( de Nicolas coolman ). 
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 


(outil de diagnostic)

 Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
 
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista ) 

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner. 

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. 

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

lecabledelordi · Answer

Tout d'abord un tout grand merci pour la réponse rapide.

Voici le lien demandé:
http://www.cijoint.fr/cjlink.php?file=cj201010/cijsTfdzNL.txt

A+

LEcable

lecabledelordi · Answer

Voici le message que je reçois:

C:\Windows\Temp\TMPFE2.5.tmp

You may not have the required permission or the file is locked.
PLease make sure that you have administrative rights for this action

Is the TR/Crypt.XPACK.Gen3 Trojan.
Ensuite j'ai le choix entre Delete locked files after reboot ou ignore.
Là je clique sur  Delete mais il n'accepte pas.

lecabledelordi · Answer

Virus: TR/Crypt.XPACK.Gen3 
Date discovered: 08/10/2009 
Type: Trojan 
In the wild: Yes 
Reported Infections: Low 
Distribution Potential: Low 
Damage Potential: Low 
Static file: No 
Engine version: 7.09.01.35 


 General Alias:

Similar detection:
   *  3040 
   *  4496 
 
Description inserted by Andrei Ivanes on Thursday, August 26, 2010
Description updated by Andrei Ivanes on Thursday, August 26, 2010


Back 
. 
. 
. 
. © 2010 Avira GmbH. All rights reserved.
ImprintPrivacyLegal TermsVoluntary agreementTechBlogNewsletter.Recommend to a friendBookmark this pagetwitterfacebookPrint pageBack to Top.

moment de grace · Answer

ok

1)

pour vérifier une ligne, dis moi si tu trouves en Espagne stp

...........

2)

* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX) 
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe 

Miroir: 

https://www.androidworld.fr/ 

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\ 

 Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 

- Double-clique sur l'icône Ad-remover située sur ton Bureau. 
- Sur la page, clique sur le bouton « NETTOYER » 
- Confirme lancement du scan 
- Laisse travailler l'outil. 
- Poste le rapport qui apparaît à la fin. 

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt) 

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) 

....................

3)


DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

Télécharge ici :List_Kill'em et enregistre le sur ton bureau

http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe



si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

 Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

 laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

 Clique sur Parcourir et cherche le fichier ci-dessus.

 Clique sur Ouvrir.

 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

est ajouté dans la page.

 Copie ce lien dans ta réponse.

 Fais de même avec more.txt qui se trouve sur ton bureau

lecabledelordi · Answer

Je te confirme que ma ligne est bien en espagne.
Je vais à présent me déconnecter et suivre les étapes que tu m'as indiquées.

Merci.
LEcable

lecabledelordi · Answer

Voici le rapport:
======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:30:54 le 08/10/2010, Mode normal

Microsoft® Windows Vista(TM) Édition Familiale Premium  Service Pack 1 (X86) 
Gérald@PC-DE-GÉRALD (Acer Aspire 6930G) 
 
============== ACTION(S) ==============


0,Dossier supprimé: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
0,Fichier supprimé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
0,Dossier supprimé: C:\Users\Gérald\AppData\Roaming\Mozilla\FireFox\Profiles\7xoireyx.default\extensions	oolbar@ask.com
0,Erreur suppression dossier: C:\Program Files\Ask.com (Error code: 0)
0,Dossier supprimé: C:\Users\Gérald\AppData\LocalLow\AskToolbar
3,Fichier supprimé: C:\Windows\Installer\c03951.msi  

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Users\Gérald\AppData\Roaming\Mozilla\FireFox\Profiles\7xoireyx.default\Prefs.js --
Ligne supprimée: user_pref("extensions.asktb.cbid", "AG"); 
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l... 
Ligne supprimée: user_pref("extensions.asktb.dtid", "YYYYYYYYBE"); 
Ligne supprimée: user_pref("extensions.asktb.first-launch-url", "file:///C:/Program%20Files/Acro%20Software/CutePDF%2... 
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false); 
Ligne supprimée: user_pref("extensions.asktb.l", "dis"); 
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1286518606120"); 
Ligne supprimée: user_pref("extensions.asktb.locale", "fr_EU"); 
Ligne supprimée: user_pref("extensions.asktb.o", "15084"); 
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); 
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871"); 
Ligne supprimée: user_pref("extensions.asktb.r", "6"); 
Ligne supprimée: user_pref("extensions.asktb.search-suggestions-enabled", true); 
Ligne supprimée: user_pref("extensions.enabledItems", "toolbar@ask.com:3.8.0.12304,{CAFEEFAC-0016-0000-0020-ABCDEFFED... 
-- Fichier Fermé --
 

1,Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
1,Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
1,Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
0,Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
0,Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
0,Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
0,Clé supprimée: HKCU\Software\Ask.com
0,Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
0,Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
3,Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
3,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
0,Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar (Error code: 1)

0,Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.13 (fr)] **

-- C:\Users\Gérald\AppData\Roaming\Mozilla\FireFox\Profiles\7xoireyx.default\Prefs.js --
browser.download.dir, C:\Users\Gérald\Downloads
browser.startup.homepage, hxxp://www.google.be/
browser.startup.homepage_override.mstone, rv:1.9.1.13
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

========================================

** Internet Explorer Version [8.0.6001.18943] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: no
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 191 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 08/10/2010 (6254 Octet(s)) 

Fin à: 20:35:47, 08/10/2010 
 
============== E.O.F ==============

lecabledelordi · Answer

BOn alors petit souci
L'ordi me dit impossible d'exécuter le fichier 
C:program files\list killem\Get-upd.exe
Create process a échoué; code 740.
L'opération nécessite une élévation
Que dois-je faire?

moment de grace · Answer

Clique droit -> Executer en tant qu'admin

lecabledelordi · Answer

Bonjour,

J'ai ouvert le programme en tant qu'administrateur mais quand je clique sur search je reçois le message suivant: Windows ne trouve pas "List em.bat". Vérifiez que vous avez entré le nom correct puis réessayer.
PS: comme je n'ai pas pu faire toutes les démarches hier dois-je tout recommencer? En d'autres mots est-il possible que le virus ait repris?

Merci

moment de grace · Answer

as tu bien enregistrer l'outil sur le bureau ?

as tu bien fait clic droit pour son installation

as tu bien désactivé toutes tes protections provisoirement, antispyware compris

lecabledelordi · Answer

Voilà les 2 fichiers.
Merci pour ta patience.

http://www.cijoint.fr/cjlink.php?file=cj201010/cijbsdIruk.txt
http://www.cijoint.fr/cjlink.php?file=cj201010/cijlS5ofFk.txt

Cordialement,

moment de grace · Answer

ok

1)

désinstaller Spyware Doctor inutile

.............

2)
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau. 
mais cette fois-ci : 

choisis l'option CLEAN
 

laisse travailler l'outil. 

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau , 

colle le contenu dans ta reponse


.....................

3)

Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)

https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

lecabledelordi · Answer

Voilà j'ai terminé toutes les étapes.
Un tout grand MERCI pour ton aide précieuse.
Ci-après le kill'em text suivi du rapport Malware.
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.9 ¤¤¤¤¤¤¤¤¤¤ 
 
User : Gérald (Administrateurs) 
Update on 04/10/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 12:01:33 | 09/10/2010

Intel(R) Core(TM)2 Duo CPU     T5800  @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18943
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 144,04 Go (42,61 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 140,5 Go (140,41 Go free) [DATA] | NTFS
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\ProgramData\ArcadeDeluxe2.log 
Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log 
Quarantined & Deleted !! : C:\ProgramData
vModes.001 
Quarantined & Deleted !! : C:\ProgramData
vModes.dat 
Quarantined & Deleted !! : C:\Program Files\Ask.com 
 
Quarantined & Deleted !! : C:\Windows\System32\ACER.exe 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1308.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1363.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP15C7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP180A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP19F9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1AA6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1AF9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1B41.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1CDF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1F1B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP1F8F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP253C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP25F0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP26A9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP279E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP2A51.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP2BA6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP2D12.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP2D33.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP2F7F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP30C7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP3176.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP330A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP336B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP35BF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP3762.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP37A4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP39E7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP3A41.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP3C1A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP3D1.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP3E3E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP43C5.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP4471.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP4569.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP4973.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP5509.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP572E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP59AC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP5FE7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6154.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP635A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6507.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6511.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP651F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6570.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP657B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP657C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6597.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6627.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP673F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6810.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6899.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6916.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP692.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6920.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6967.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6A06.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6B5C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6B88.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6C82.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6D5E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6E51.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP6F7D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP708A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP70C8.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7153.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7329.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7382.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7396.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP74.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP741.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP742.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7472.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP74D6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7536.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP755A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP766D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP76B3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7751.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP785.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP79C3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp	mp79EF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7A2C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7B55.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7B88.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7CBC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7CD9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7D05.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7DF0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7E21.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7E6F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7EC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP7EC8.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP80B4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP815D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP81B2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP81C0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP82A0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP82F5.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8526.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP85CD.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP868F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp	mp86AC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP88A1.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP88DC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP891.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP897A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP89BA.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP89F5.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8A6C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8AE2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8AF2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8B62.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8BEE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8BF3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8C42.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8CAD.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8D6C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP8FB3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9183.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9206.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9238.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP942B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9449.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP94BB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP94CB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9696.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP96DE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9705.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP977D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP97B3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP97C9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP98F7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP998B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9ADF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9B90.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9BA6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9BB0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9C12.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9DE0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9E1E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9E48.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9E55.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMP9EA8.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA02C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA07F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA08B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA0E7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA1B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA226.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA39C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA3C3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA3D8.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA461.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA491.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA537.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA5D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA678.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA731.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA7F2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPA927.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAA34.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAA46.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAA50.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAA7B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAA93.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAAAE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAB48.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPABCB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAC07.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAD4C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPADBB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAE2E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAE34.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAE63.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAE94.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAF9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPAFF2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB068.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB0C9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB192.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB1A4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB27A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB304.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB30E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB326.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB357.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB3B8.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB3D7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB3EC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB5F1.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB659.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB6B6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB76B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB782.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB83B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB855.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB8EE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp	mpB901.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB9A5.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPB9CE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBA42.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBC4A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBCD3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBCFA.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBD2A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBD84.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBDE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBE37.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBE48.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBE60.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBED.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBF06.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPBF3D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp	mpBF48.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC140.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC211.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC274.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC2B4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC2D1.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC35C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC404.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC41B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC48B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC48D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC49C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC562.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC614.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC6B8.tmp 
Quarantined & Deleted !! : C:\Windows\Temp	mpC7E0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC802.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC871.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC8EF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC935.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC989.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPC9CF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCB39.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCB7C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCBCF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCBF6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCC09.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCC70.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCCD6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCCFE.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCD32.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCD4F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCD50.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCD92.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPCECB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD040.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD09C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD19F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD242.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD26A.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD2B7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD381.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD3EB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD495.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD56E.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD64C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD698.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD6AA.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD6D9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD6DC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD804.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD832.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD8BB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD92C.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD959.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPD9CB.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPDB50.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPDBB2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPDC29.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPDD74.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPDD84.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPDDF9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE065.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE0C9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE1A0.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE1A4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE2A3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE2A4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE404.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE488.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE535.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE5E9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE662.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE692.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE7F5.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE868.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE91D.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPE9F1.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPEB51.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPED26.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPEE31.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPEE77.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPEEB6.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF025.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF051.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF29.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF3D9.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF3F.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF47.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF47B.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF4AF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF4D4.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF5A5.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF5E3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF763.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF7D7.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF959.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPF9AC.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFA49.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFA58.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFAA3.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFAEF.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFBD2.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFCAD.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFD66.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFE25.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\TMPFE59.tmp 
Quarantined & Deleted !! : C:\Windows\Temp\~DFA96.tmp 
Quarantined & Deleted !! : C:\Users\G'rald\AppData\Local\d3d9caps.dat 
Quarantined & Deleted !! : C:\Users\G'rald\AppData\Roaming\.# 
Quarantined & Deleted !! : C:\Users\G'rald\LOCAL Settings\Temp\RtkBtMnt.exe 
Quarantined & Deleted !! : C:\Users\G'rald\LOCAL Settings\Temp\catchme.dll 
Deleted !! : C:\$Recycle.bin\S-1-5-21-3404627791-3628067528-3678779845-1000\$IAAYACS.lnk   
Deleted !! : C:\$Recycle.bin\S-1-5-21-3404627791-3628067528-3678779845-1000\$RAAYACS.lnk   
 
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1       localhost   

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar"  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E  

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	=         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	=         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.google.com/?gws_rd=ssl
Local Page	=         	C:\WINDOWS\system32\blank.htm
Search Page	=         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
cval	=      	1 () 
FirstRunDisabled	=      	1 () 
AntiVirusDisableNotify	=      	0 (0x0) 
FirewallDisableNotify	=      	0 (0x0) 
UpdatesDisableNotify	=      	0 (0x0) 
AntiVirusOverride	=      	0 (0x0) 
FirewallOverride	=      	0 (0x0) 
 
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Wlansvc : Start = 2   
 SharedAccess : Start = 2   
 windefend : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ 

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll iaStor.sys HDAudBus.sys RTKVHDA.sys RTKVHDA.sys 
kernel: MBR read successfully
user & kernel MBR OK 
 
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4784

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

09/10/2010 14:27:19
mbam-log-2010-10-09 (14-27-19).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 299699
Temps écoulé: 1 heure(s), 35 minute(s), 8 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

moment de grace · Answer

ok

Fais un nouveau rapport ZHPdiag stp

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

lecabledelordi · Answer

Voici le lien:

http://www.cijoint.fr/cjlink.php?file=cj201010/cijkJbr5BE.txt

Encore une chose, je voudrais savoir si je dois garder les programmes suivants:
ZHP Diag, MBRCheck, List Kill'Em une fois que le problème sera réglé?
En outre me conseilles-tu de changer de antivirus ou puis-je garder le Avira?

Merci pour tout.

Cordialement,

moment de grace · Answer

ok 

garde les outils jusqu'à la fin 

avira est tres bien 

le rapport ZHP est lui aussi bien 

donc 

Télécharge :ATF Cleaner par Atribune  
http://www.atribune.org/ccount/click.php?id=1 

Double-clique (clic droit "en tant qu'administrateur" pour Vista) ATF-Cleaner.exe afin de lancer le programme.  
Sous l'onglet Main, choisis : Select All . 
Clique sur le bouton Empty Selected  
Si tu utilises le navigateur Firefox :  
Clique Firefox au haut et choisis : Select All  
Clique le bouton Empty Selected a  
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.  
Si tu utilises le navigateur Opera :  
Clique Opera au haut et choisis : Select All  
Clique le bouton Empty Selected  
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.  
Clique Exit, du menu prinicipal, afin de fermer le programme.  
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.  

puis fais un scan avec antivir pour voir ce qu'il en pense

CONTRIBUTEUR SECURITE 

Désinfection = diagnostic + traitement + finalisation 
"Restez" jusqu'au bout...merci

lecabledelordi · Answer

Voilà le scan est terminé.
Il me dit qu'il a trouvé 33 virus mais tous  ceux-ci sont des fichiers qui se trouvent dans Kill'Em.
Normalement dans Avira je dois cliquer sur REPAIR mais en faisant cela il les efface.
Puis-je cliquer sur repair ou dois-je attendre?

Merci

lecabledelordi · Answer

Voici le rapport que j'ai reçu: Dois-je faire quelque chose d'autre? Merci Avira AntiVir Personal Report file date: samedi 9 octobre 2010 20:09 Scanning for 2914708 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (Service Pack 1) [6.0.6001] Boot mode : Normally booted Username : SYSTEM Computer name : PC-DE-GÉRALD Version information: BUILD.DAT : 9.0.0.422 21701 Bytes 9/03/2010 10:29:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 23/11/2009 06:02:37 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 21:35:47 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 21:35:57 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 19:04:26 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 20:20:18 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 06:52:19 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 05:07:18 VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 05:09:07 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 05:45:05 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 13:06:54 VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 13:06:54 VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 13:06:54 VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 13:06:54 VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 13:06:54 VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 12:54:04 VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 16:43:20 VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 16:43:14 VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 16:43:18 VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 16:46:04 VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 19:21:16 VBASE019.VDF : 7.10.12.99 134144 Bytes 1/10/2010 20:35:33 VBASE020.VDF : 7.10.12.122 131584 Bytes 5/10/2010 12:15:14 VBASE021.VDF : 7.10.12.148 119296 Bytes 7/10/2010 10:46:08 VBASE022.VDF : 7.10.12.149 2048 Bytes 7/10/2010 10:46:08 VBASE023.VDF : 7.10.12.150 2048 Bytes 7/10/2010 10:46:08 VBASE024.VDF : 7.10.12.151 2048 Bytes 7/10/2010 10:46:08 VBASE025.VDF : 7.10.12.152 2048 Bytes 7/10/2010 10:46:08 VBASE026.VDF : 7.10.12.153 2048 Bytes 7/10/2010 10:46:08 VBASE027.VDF : 7.10.12.154 2048 Bytes 7/10/2010 10:46:08 VBASE028.VDF : 7.10.12.155 2048 Bytes 7/10/2010 10:46:09 VBASE029.VDF : 7.10.12.156 2048 Bytes 7/10/2010 10:46:09 VBASE030.VDF : 7.10.12.157 2048 Bytes 7/10/2010 10:46:09 VBASE031.VDF : 7.10.12.167 75776 Bytes 8/10/2010 12:23:31 Engineversion : 8.2.4.72 AEVDF.DLL : 8.1.2.1 106868 Bytes 3/08/2010 05:45:17 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 17/09/2010 15:50:01 AESCN.DLL : 8.1.6.1 127347 Bytes 12/05/2010 18:35:43 AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 17:18:16 AERDL.DLL : 8.1.9.2 635252 Bytes 21/09/2010 16:43:21 AEPACK.DLL : 8.2.3.7 471413 Bytes 17/09/2010 15:49:14 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 3/08/2010 05:45:14 AEHEUR.DLL : 8.1.2.30 2941303 Bytes 1/10/2010 20:35:40 AEHELP.DLL : 8.1.13.4 242038 Bytes 24/09/2010 16:46:05 AEGEN.DLL : 8.1.3.23 401779 Bytes 1/10/2010 20:35:37 AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 17:18:15 AECORE.DLL : 8.1.17.0 196982 Bytes 24/09/2010 16:46:05 AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 17:18:15 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 23/11/2009 06:02:37 AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 17:55:51 AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 10:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 08:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 10:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 23/11/2009 06:02:36 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: samedi 9 octobre 2010 20:09 Starting search for hidden objects. '128246' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'conime.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned Scan process 'acp2HID.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'lsnfier.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'AcerVCM.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'PMVService.exe' - '1' Module(s) have been scanned Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned Scan process 'ArcadeDeluxeAgent.exe' - '1' Module(s) have been scanned Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned Module is OK -> 'C:\Users\GRALD~1\AppData\Local\Temp\RtkBtMnt.exe' [WARNING] The file could not be opened! Scan process 'XAudio.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'RS_Service.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'BackupSvc.exe' - '1' Module(s) have been scanned Scan process 'PLFSetI.exe' - '1' Module(s) have been scanned Scan process 'MobilityService.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'BkupTray.exe' - '1' Module(s) have been scanned Scan process 'eAudio.exe' - '1' Module(s) have been scanned Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'BASVC.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'ETService.exe' - '1' Module(s) have been scanned Scan process 'eDSService.exe' - '1' Module(s) have been scanned Scan process 'CLHNService.exe' - '1' Module(s) have been scanned Scan process 'Agentsvc.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'CompPtcVUI.exe' - '1' Module(s) have been scanned Scan process 'upeksvr.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 94 processes with 94 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '60' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Kill'em\Quarantine\TMP19F9.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP1AA6.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Kill'em\Quarantine\TMP1B41.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Kill'em\Quarantine\TMP1F1B.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP25F0.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP2A51.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP2D12.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP2D33.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP30C7.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Kill'em\Quarantine\TMP3176.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP336B.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP35BF.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP3762.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP37A4.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP39E7.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP3A41.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Kill'em\Quarantine\TMP3C1A.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP3E3E.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP43C5.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP4973.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMP5509.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Kill'em\Quarantine\TMP572E.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Kill'em\Quarantine\TMP59AC.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPB3EC.tmp.Kill'em [DETECTION] Is the TR/Dropper.Gen Trojan C:\Kill'em\Quarantine\TMPCD4F.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPD09C.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPD242.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPD495.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPD6AA.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPD92C.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPDB50.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPDD74.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\Kill'em\Quarantine\TMPFE25.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Users\Gérald\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\D8CN6BQB\AIO_HPSU_110_001[1].exe [WARNING] The file could not be read! C:\Users\Gérald\AppData\Local\Temp\HPSUCDQG.UGL\AIO_HPSU_110_001.exe.tmp [WARNING] The file could not be read! Begin scan in 'D:\' Beginning disinfection: C:\Kill'em\Quarantine\TMP19F9.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4ba.qua'! C:\Kill'em\Quarantine\TMP1AA6.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4ab2fe13.qua'! C:\Kill'em\Quarantine\TMP1B41.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4ab386cb.qua'! C:\Kill'em\Quarantine\TMP1F1B.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4bb.qua'! C:\Kill'em\Quarantine\TMP25F0.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4eb86554.qua'! C:\Kill'em\Quarantine\TMP2A51.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4bc.qua'! C:\Kill'em\Quarantine\TMP2D12.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4ab7a52d.qua'! C:\Kill'em\Quarantine\TMP2D33.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4bd.qua'! C:\Kill'em\Quarantine\TMP30C7.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4d00c4be.qua'! C:\Kill'em\Quarantine\TMP3176.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4bf.qua'! C:\Kill'em\Quarantine\TMP336B.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4aa556d8.qua'! C:\Kill'em\Quarantine\TMP35BF.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4aa65d20.qua'! C:\Kill'em\Quarantine\TMP3762.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c0.qua'! C:\Kill'em\Quarantine\TMP37A4.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c1.qua'! C:\Kill'em\Quarantine\TMP39E7.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c2.qua'! C:\Kill'em\Quarantine\TMP3A41.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4a0269e3.qua'! C:\Kill'em\Quarantine\TMP3C1A.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4a07410b.qua'! C:\Kill'em\Quarantine\TMP3E3E.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c3.qua'! C:\Kill'em\Quarantine\TMP43C5.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4a09519c.qua'! C:\Kill'em\Quarantine\TMP4973.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4a0a59e4.qua'! C:\Kill'em\Quarantine\TMP5509.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4d00c4c5.qua'! C:\Kill'em\Quarantine\TMP572E.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4a0c6876.qua'! C:\Kill'em\Quarantine\TMP59AC.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c6.qua'! C:\Kill'em\Quarantine\TMPB3EC.tmp.Kill'em [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4d00c4c7.qua'! C:\Kill'em\Quarantine\TMPCD4F.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4ebfd8b8.qua'! C:\Kill'em\Quarantine\TMPD09C.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c8.qua'! C:\Kill'em\Quarantine\TMPD242.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4ec1e8c9.qua'! C:\Kill'em\Quarantine\TMPD495.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4ec2f701.qua'! C:\Kill'em\Quarantine\TMPD6AA.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4c9.qua'! C:\Kill'em\Quarantine\TMPD92C.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4ec48792.qua'! C:\Kill'em\Quarantine\TMPDB50.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4ec58fea.qua'! C:\Kill'em\Quarantine\TMPDD74.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to '4d00c4ca.qua'! C:\Kill'em\Quarantine\TMPFE25.tmp.Kill'em [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to '4ec79e7b.qua'! End of the scan: samedi 9 octobre 2010 21:37 Used time: 1:15:25 Hour(s) The scan has been done completely. 27178 Scanned directories 430969 Files were scanned 33 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 33 Files were moved to quarantine 0 Files were renamed 3 Files cannot be scanned 430933 Files not concerned 3005 Archives were scanned 5 Warnings 35 Notes 128246 Objects were scanned with rootkit scan 0 Hidden objects were found

lecabledelordi · Answer

Après un nouveau scan aucun virus n'a été détecté. Voici le rapport. Puis-je considérer que le problème est réglé. Encore un tout grand merci pour la qualité du service! Avira AntiVir Personal Report file date: samedi 9 octobre 2010 21:57 Scanning for 2914708 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (Service Pack 1) [6.0.6001] Boot mode : Normally booted Username : SYSTEM Computer name : PC-DE-GÉRALD Version information: BUILD.DAT : 9.0.0.422 21701 Bytes 9/03/2010 10:29:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 23/11/2009 06:02:37 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 10:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 10:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 21:35:47 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 21:35:57 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 19:04:26 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 20:20:18 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 06:52:19 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 05:07:18 VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 05:09:07 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 05:45:05 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 13:06:54 VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 13:06:54 VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 13:06:54 VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 13:06:54 VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 13:06:54 VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 12:54:04 VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 16:43:20 VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 16:43:14 VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 16:43:18 VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 16:46:04 VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 19:21:16 VBASE019.VDF : 7.10.12.99 134144 Bytes 1/10/2010 20:35:33 VBASE020.VDF : 7.10.12.122 131584 Bytes 5/10/2010 12:15:14 VBASE021.VDF : 7.10.12.148 119296 Bytes 7/10/2010 10:46:08 VBASE022.VDF : 7.10.12.149 2048 Bytes 7/10/2010 10:46:08 VBASE023.VDF : 7.10.12.150 2048 Bytes 7/10/2010 10:46:08 VBASE024.VDF : 7.10.12.151 2048 Bytes 7/10/2010 10:46:08 VBASE025.VDF : 7.10.12.152 2048 Bytes 7/10/2010 10:46:08 VBASE026.VDF : 7.10.12.153 2048 Bytes 7/10/2010 10:46:08 VBASE027.VDF : 7.10.12.154 2048 Bytes 7/10/2010 10:46:08 VBASE028.VDF : 7.10.12.155 2048 Bytes 7/10/2010 10:46:09 VBASE029.VDF : 7.10.12.156 2048 Bytes 7/10/2010 10:46:09 VBASE030.VDF : 7.10.12.157 2048 Bytes 7/10/2010 10:46:09 VBASE031.VDF : 7.10.12.167 75776 Bytes 8/10/2010 12:23:31 Engineversion : 8.2.4.72 AEVDF.DLL : 8.1.2.1 106868 Bytes 3/08/2010 05:45:17 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 17/09/2010 15:50:01 AESCN.DLL : 8.1.6.1 127347 Bytes 12/05/2010 18:35:43 AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 17:18:16 AERDL.DLL : 8.1.9.2 635252 Bytes 21/09/2010 16:43:21 AEPACK.DLL : 8.2.3.7 471413 Bytes 17/09/2010 15:49:14 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 3/08/2010 05:45:14 AEHEUR.DLL : 8.1.2.30 2941303 Bytes 1/10/2010 20:35:40 AEHELP.DLL : 8.1.13.4 242038 Bytes 24/09/2010 16:46:05 AEGEN.DLL : 8.1.3.23 401779 Bytes 1/10/2010 20:35:37 AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 17:18:15 AECORE.DLL : 8.1.17.0 196982 Bytes 24/09/2010 16:46:05 AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 17:18:15 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 23/11/2009 06:02:37 AVREP.DLL : 8.0.0.7 159784 Bytes 17/02/2010 17:55:51 AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 10:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 08:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 10:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 15:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 23/11/2009 06:02:36 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: samedi 9 octobre 2010 21:57 Starting search for hidden objects. '128639' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'FlashUtil10e.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'acp2HID.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'lsnfier.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'AcerVCM.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'PMVService.exe' - '1' Module(s) have been scanned Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned Scan process 'ArcadeDeluxeAgent.exe' - '1' Module(s) have been scanned Scan process 'PdtWzd.exe' - '1' Module(s) have been scanned Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned Scan process 'PLFSetI.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'BkupTray.exe' - '1' Module(s) have been scanned Scan process 'eAudio.exe' - '1' Module(s) have been scanned Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'XAudio.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'RS_Service.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'BackupSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MobilityService.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'BASVC.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'ETService.exe' - '1' Module(s) have been scanned Scan process 'eDSService.exe' - '1' Module(s) have been scanned Scan process 'CLHNService.exe' - '1' Module(s) have been scanned Scan process 'Agentsvc.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'CompPtcVUI.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'upeksvr.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 95 processes with 95 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '60' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Users\Gérald\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\D8CN6BQB\AIO_HPSU_110_001[1].exe [WARNING] The file could not be read! C:\Users\Gérald\AppData\Local\Temp\HPSUCDQG.UGL\AIO_HPSU_110_001.exe.tmp [WARNING] The file could not be read! Begin scan in 'D:\' End of the scan: samedi 9 octobre 2010 23:07 Used time: 1:09:44 Hour(s) The scan has been done completely. 27184 Scanned directories 431122 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 431120 Files not concerned 3007 Archives were scanned 4 Warnings 2 Notes 128639 Objects were scanned with rootkit scan 0 Hidden objects were found

moment de grace · Answer

c'est bon oui

pour finir proprement

Fais un nouveau rapport ZHPdiag stp

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

lecabledelordi · Answer

Ci-après le lien:
http://www.cijoint.fr/cjlink.php?file=cj201010/cijYaqv6x4.txt 

MERCI beaucoup!

moment de grace · Answer

1)

Mettre à jour VISTA 
https://www.01net.com/telecharger/windows/Utilitaire/dll_librairies/fiches/46736.html

.............

2)

* Lancez Adobe Reader
* Cliquez sur Edition --> Préférences --> JavaScript
* Décochez "Activer Acrobat JavaScript"
* Validez

....................

3)
IMPORTANT

Purger la restauration systeme vista
https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista

.................

4)

Télécharge DelFix sur ton bureau.

http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe


1. Lance le, choisis le bouton SUPPRESSION

2. Patiente pendant le scan jusqu'à l'ouverture du rapport.

3. Copie/Colle le contenu du rapport dans ta prochaine réponse.

Note : Le rapport se trouve également sous C:\DelFixSearch

.........................................

Recommandations pour l'avenir

Tu es la meilleure protection pour ton pc que tout autre antivirus, si tu admets un minimum de rigueur dans son utilisation...Les virus sont vigilants et pénètrent ta machine par toutes les portes que tu laisseras ouvertes...
-	logiciels non à jour (windows, internet explorer, java, adobe reader etc)
-	installation de toolbar
-	fréquentation de sites piégés
-	P2P
-	Application de cracks
-	Supports usb

Pour t'aider dans cette tâche, voici quelques pistes

 Pour naviguer sur internet plus en sécurité et à l'abri des publicités, je te conseille vivement d'installer et d'utiliser le navigateur firefox
http://www.mozilla-europe.org/fr/firefox/

 Une fois que c'est fait, lances le et installe l'extension de sécurité adblock plus 
pour bloquer les publicités
 http://www.clubic.com/telecharger-fiche45912-adblock-plus.html

............................

WOT - Extension pour ton navigateur internet : 
Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC : 
Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/ 
Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp 

........................

Pour éviter une infection toolbar, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !

..........................

Vaccines tes disques amovibles à l'aide de USBFix (de Chiquitine29 et C_XX) 
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
Au menu principal, choisis l'option 3 (Vaccination).
............................

garder Malwarebytes et faire un examen de temps en temps ton PC, avec mise à jour avant chaque scan
.......................

Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
 https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

* Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... 
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse 

..........................
utilitaire pour défragmenter , utilises pour ce faire Defraggler https://www.clubic.com/telecharger-fiche44314-defraggler.html

........................
A lire pour mieux comprendre l'environnement qui t'entoure
http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html
https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf

http://www.libellules.ch/...

lecabledelordi · Answer

Merci pour tous ces précieux renseignements!

Voici le rapport:
Rapport DelFix v5.7 - 10/10/2010 à 13:50,28
Mis à jour le 08/10/10 à 18h40 par Xplode
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits) [version 6.0.6001] Service Pack 1
Navigateur : Mozilla Firefox 3.5.13 (fr) [Navigateur par défaut]
Processeur : Intel(R) Core(TM)2 Duo CPU     T5800  @ 2.00GHz
Mémoire vive totale : 2,99 Go
Nom d'utilisateur : Gérald - PC-DE-GÉRALD (Administrateur)
Exécuté depuis : C:\Users\Gérald\Downloads\DelFix.exe


~~~~~~ Dossiers ~~~~~~

Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List_Kill'em
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

~~~~~~ Fichiers ~~~~~~

Supprimé : C:\List'em.txt
Supprimé : C:\Ad-Report-CLEAN[1].txt
Supprimé : C:\Users\Gérald\Desktop\AD-R.lnk
Supprimé : C:\Users\Gérald\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Gérald\Desktop\Kill'em.txt
Supprimé : C:\Users\Gérald\Desktop\More.txt
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk
Supprimé : C:\Users\Gérald\Downloads\List_Killem_Install(2).exe
Supprimé : C:\Users\Gérald\Downloads\List_Killem_Install(3).exe
Supprimé : C:\Users\Gérald\Downloads\List_Killem_Install(4).exe
Supprimé : C:\Users\Gérald\Downloads\List_Killem_Install.exe
Supprimé : C:\Users\Gérald\Downloads\ZHPDiag.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E88BA4E8-6B36-4D39-9499-C10B439819E1}_is1

########## EOF - "C:\DelFixSuppr.txt" - [1919 octets] ##########

moment de grace · Answer

bien

sauf soucis

=> résolu

bonne continuation

(sourire)

lecabledelordi · Answer

MERCI!
Service nickel!
Grâce à toi!

A+
Lecable

TR/crypt.XPACK.gen3

26 réponses

Discussions similaires