Tres gros beug!!!!!!

Résolu
xavierf1518 Messages postés 14 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,je fais appel a vous car j'ai un gros soucis mon pc rame enormement impossible d'ouvrir avast, ccleaner et spybot , mon pare-feu c'est desactive, je ne peut pas faire de restauration systeme et impossible de demarer en mode sans echec.
j'ai essayer, en suivant les instructions de precedent forum d'installer hijasthis et antivir: impossible. le seul "truc" qui fonctionne c'est le scan en ligne de panda active scan qui tourne depuis deux jours!!!!!!!!!
je suis a l'ecoute de quiconque pourra me donner un petit coup de main.
ps: je suis sous xp sp2, IE 7.0
merci d'avance
Configuration: Windows XP
Internet Explorer 7.0

12 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut xavier,

    tu es infecté par bagle

    tu as telechargé un crack > supprime le de suite !

    puis

    Télécharge ELIBAGLA en bas de cette page
    http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau.

    Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
    Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
    Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.

    ***Ne pas rebooter en passant par msconfig.

    @+
    1
    1. xavierf1518 Messages postés 14 Statut Membre
       
      tout d'abord merci de m'avoir repondu j'ai suivi ton raccourci mais impossible de telecharger quand enfin j'ai pu l'avoir je ne peut pas l'installer: application win32 pas valide
      que faire?
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon...

    on va essayer comme ceci :

    Tu va telecharger ce fix ( ne prete pas attention au nom : yojay > je l´ai utilisé pour un cas similaire, c´est pour cela qu´il porte le nom de l´autre personne > J´ai renommé l´application en esperant qu´il ne finisse pas en "n´est pas une application valide".)

    ici :

    http://sd-1.archive-host.com/membres/up/1366464061/Yojay.rar

    Tu le decompresse sur ton bureau puis n´y touche pas.

    Copie le texte ci-dessous :

    File::
    G:\WINDOWS\SYSTEM32\WINTEMS.EXE
    G:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE
    G:\WINDOWS\SYSTEM32\DRIVERS\MDELK.EXE
    G:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS

    Folder::
    G:\Windows\system32\drivers\down

    Driver::
    SROSA

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Yojay.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix/Yojay,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Yojay.txt

    @´+
    0
    1. xavierf1518 Messages postés 14 Statut Membre
       
      desole de repondre tardivement j'ai suivi tes instructions: tres efficace casimment tout refonctionne normalement par contre je n'ai rien de marque dans le rapport de yojay .
      j'ai fait un scan par spybot et il a effectivement trouve bagle qu'il a supprime.
      avast par contre refuse toujours de s'ouvrir: avast n'est pas une application win 32 valide : c'est normal?
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    essaie de supprimer/desinstaller avast et instale celui la a la place :

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    le rapport de yojay.txt est situé a la racine de ton disk c:\

    peux tu poster un rapport hijack this egalement

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
    1. xavierf1518 Messages postés 14 Statut Membre
       
      voici le rapport hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 08:05, on 2008-03-26
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\ps2.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Unlocker\UnlockerAssistant.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\system32\HPZipm12.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
      O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
      O4 - S-1-5-18 Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
      O4 - .DEFAULT Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe (User 'Default user')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - .DEFAULT User Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~2\Wanadoo Messager.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
      O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://surcouf.metaboli.fr/components/Metaboli.ocx
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
      O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/bejeweled2/Oberongamesloader.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut xavier,

    ok pour les rapports.

    supprime : C:\Documents and Settings\All Users\Application Data\crack.zip

    C´est quoi ca : C:\Documents and Settings\All Users\Application Data\Hyperballoid2_1660.exe?

    supprime : C:\WINDOWS\system32\wi1.exe

    puis

    instale ce par feu :

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    puis effectue un scan a l´aide de malwarebytes :

    Telecharge malwarebytes

    -> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. xavierf1518 Messages postés 14 Statut Membre
     
    ca y est j'ai suivi tes instructions
    voila le rapport malewarebytes:
    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 551

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 123299
    Temps écoulé: 56 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    pour ce qui est de C:\Documents and Settings\All Users\Application Data\Hyperballoid2_1660.exe, il s'agit d'un jeu .

    A+
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok xavier,

    performe un scan a l´aide d´antivir avec les regalges ci dessous et post le rapport :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    @+
    0
    1. xavierf1518 Messages postés 14 Statut Membre
       
      salut g!rly
      j'ai fait les reglages que tu m'as conseiller et il a effectivement trouves un malware
      je te laisse le rapport:


      AntiVir PersonalEdition Classic
      Report file date: 2008-03-27 09:26

      Scanning for 835736 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: SYSTEM
      Computer name: NOM-EB85C523610

      Version information:
      BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
      ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:55
      ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 2007-09-13 14:27:04
      ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 2007-09-13 14:27:13
      AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 2007-09-17 17:43:56
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
      AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
      AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: D:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: on
      Scan all files...................: All files
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: high

      Start of the scan: 2008-03-27 09:26

      Starting search for hidden objects.
      '61491' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
      Scan process 'DownloadManager.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'Watch.exe' - '1' Module(s) have been scanned
      Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
      Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
      Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
      Scan process 'Toaster.exe' - '1' Module(s) have been scanned
      Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
      Scan process 'ComComp.exe' - '1' Module(s) have been scanned
      Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
      Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
      Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
      Scan process 'oaui.exe' - '0' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
      Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
      Scan process 'hpztsb12.exe' - '1' Module(s) have been scanned
      Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned
      Scan process 'qttask.exe' - '1' Module(s) have been scanned
      Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
      Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
      Scan process 'ps2.EXE' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
      Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'oasrv.exe' - '0' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      49 processes with 49 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [NOTE] No virus was found!
      Master boot sector HD1
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015
      Master boot sector HD2
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015
      Master boot sector HD3
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015
      Master boot sector HD4
      [NOTE] No virus was found!
      [WARNING] The boot sector file could not be read!
      [WARNING] Error code: 0x0015

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'D:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '51' files ).


      Starting the file scan:

      Begin scan in 'C:\' <HP_PAVILION>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228780.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO] The file was moved to '481d7b9e.qua'!
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229029.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO] The file was moved to '481d7bb0.qua'!
      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229132.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO] The file was moved to '481d7bbe.qua'!
      C:\WINDOWS\system32\drivers\OADriver.sys
      [WARNING] The file could not be opened!
      C:\WINDOWS\system32\drivers\OAmon.sys
      [WARNING] The file could not be opened!
      C:\WINDOWS\system32\drivers\oanet.sys
      [WARNING] The file could not be opened!
      Begin scan in 'D:\' <HP_RECOVERY>


      End of the scan: 2008-03-27 12:09
      Used time: 2:42:36 min

      The scan has been done completely.

      6764 Scanning directories
      474509 Files were scanned
      0 viruses and/or unwanted programs were found
      3 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      4 Files cannot be scanned
      474509 Files not concerned
      14843 Archives were scanned
      4 Warnings
      13 Notes
      61491 Objects were scanned with rootkit scan
      0 Hidden objects were found

      a par ca tout est redevenu normal voir meme un peu plus rapide pour l'ouverture des applications
      encore merci pour le temps consacre et ton aide.
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    xavier,

    oui il a trouvé quelque chose dans la restoration system; on rectifira ca la fin...

    encore un dernier scan en ligne cette fois ci; pour verifier :

    Scan en ligne bitdefender :

    https://www.bitdefender.com/toolbox/

    Clicker sur " I agree " et suivre les indications

    A faire imperativement sous internet explorer, en acceptant l´activ x

    tutoriel en image en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    post le rapport stp

    @+
    0
    1. xavierf1518 Messages postés 14 Statut Membre
       
      voila le rapport bitdefender:
      BitDefender Online Scanner



      Scan report generated at: Thu, Mar 27, 2008 - 20:31:29





      Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







      Statistics

      Time
      01:08:38

      Files
      450206

      Folders
      6795

      Boot Sectors
      3

      Archives
      15552

      Packed Files
      17365




      Results

      Identified Viruses
      6

      Infected Files
      69

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      69




      Engines Info

      Virus Definitions
      1034431

      Engine build
      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Scan plugins
      16

      Archive plugins
      41

      Unpack plugins
      7

      E-mail plugins
      6

      System plugins
      5




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
      Deleted

      C:\Program Files\programmes\CloneCD\clone cd et crack\Crack clone cd\CloneCD v4 kg.exe
      Infected with: Packer.FSG.A

      C:\Program Files\programmes\CloneCD\clone cd et crack\Crack clone cd\CloneCD v4 kg.exe
      Disinfection failed

      C:\Program Files\programmes\CloneCD\clone cd et crack\Crack clone cd\CloneCD v4 kg.exe
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
      Detected with: Adware.Navipromo.BYH

      C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
      Update failed

      C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002
      Detected with: Adware.Navipromo.BYH

      C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)
      Update failed

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\104546.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\104546.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\105718.exe.vir
      Infected with: Win32.Bagle.STX@mm

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\105718.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\118703.exe.vir
      Infected with: Win32.Bagle.STX@mm

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\118703.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14639109.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14639109.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14684156.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14684156.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14709156.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\14709156.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29244500.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\29244500.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43735421.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43735421.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43827765.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\43827765.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\633796.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\633796.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72898218.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72898218.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72973250.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\72973250.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\82890.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\82890.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\85234.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\85234.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87516687.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87516687.exe.vir
      Deleted

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97046.exe.vir
      Infected with: Trojan.Pakes.ZUS

      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97046.exe.vir
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP881\A0227637.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP881\A0227637.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228710.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228710.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228745.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228745.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228770.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228770.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228775.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228775.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228775.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228777.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228777.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228777.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228787.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228787.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228787.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228821.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228821.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228881.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228881.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP882\A0228881.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0228971.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0228971.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0228995.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0228995.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229019.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229019.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229024.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229024.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229024.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229026.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229026.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229026.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229065.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229065.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229129.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229129.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229129.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229131.exe
      Infected with: Packer.Krunchy.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229131.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP883\A0229131.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229445.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229445.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229528.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229528.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229593.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229593.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229636.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229636.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229660.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229660.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229683.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229683.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229719.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP886\A0229719.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0229844.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0229844.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0229927.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0229927.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0229992.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0229992.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230035.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230035.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230059.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230059.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230082.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230082.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230118.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP887\A0230118.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231339.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231339.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231341.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231341.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231376.exe
      Infected with: Win32.Bagle.STX@mm

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231376.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231404.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231404.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231412.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231412.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231431.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231431.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231611.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231611.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231677.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231677.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231687.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231687.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231753.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231753.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231772.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231772.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231782.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231782.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231812.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231812.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231814.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231814.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231818.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231818.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231848.exe
      Infected with: Trojan.Pakes.ZUS

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP888\A0231848.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0232255.exe
      Infected with: Trojan.Downloader.Bagle.HA

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0232255.exe
      Deleted

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0232256.exe
      Infected with: Packer.FSG.A

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0232256.exe
      Disinfection failed

      C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP901\A0232256.exe
      Deleted
      0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok xavier,

    fais ceci :

    Désactive ta restauration système:
    pour cela :
    Click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration système;
    coche la case désactiver la restauration systèm et applique.
    puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration systèm
    décoche la case désactiver la restauration systèm et applique.

    puis

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    0
  10. xavierf1518 Messages postés 14 Statut Membre
     
    voila le rapport:
    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes fichiers reçus\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok xavier,

    plus de crack maintenant !

    bonne continuation`

    Bye`

    g!rly`
    0
  12. xavierf1518 Messages postés 14 Statut Membre
     
    ok ca marche, je te remercie pour ton aide.
    bonne continuation a toi aussi.
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    De rien ;-)
    0