Quoi virer dans hijackthis? - Page 2

Résolu
Précédent
  • 1
  • 2
  1. ludsfa Messages postés 1287 Statut Membre 15
     
    salut Aide info

    on continue.

    L'étape qui suit est très importante.



    Désactive toute protection résidente ( antivirus…) !


    Copie tout le texte en gras ci-dessous :


    files::
    C:\FOUND.009
    C:\FOUND.008
    C:\FOUND.007
    C:\FOUND.006
    C:\FOUND.005
    C:\FOUND.004
    C:\WINDOWS\unins000.exe
    C:\WINDOWS\unins000.dat
    C:\FOUND.003
    C:\WINDOWS\system32\pwhrfhkh.ini
    C:\WINDOWS\system32\mosijoav.ini
    C:\WINDOWS\system32\xgichdud.ini
    C:\WINDOWS\system32\xgichdud.tmp
    C:\FOUND.002
    C:\FOUND.001
    C:\FOUND.000

    folder::
    C:\VundoFix Backups

    registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"=
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDvvWq]
    khfDvvWq.dll


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous : clic sur le lien pour voir :

    http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.
    0
    1. Aide info
       
      Hello Ludfsa!

      Je me suis trompée j'ai glissé le fichier CFScript.text dans combofix = le pc s'est éteint avec rédémarrage vérification système. Je recommence...A tout de suite
      0
      1. Aide info > Aide info
         
        Ah petit problème, je n'ai aucun fichier ComboFix-Do.txt sur mon pc...Comment je fais?
        0
  2. ludsfa Messages postés 1287 Statut Membre 15
     
    repasse le scipt encore une fois.
    0
    1. Aide info
       
      Lequel? Je re glisse CFScript.text dans Combofix?
      0
  3. Utilisateur anonyme
     
    Salut ludsfa.

    Ton CFScript n'est pas correct.

    C:\FOUND.009 <- Ce sont des dossiers.

    Il n'y a pas de ' S ' à 'files'.

    Pour le registre :

    registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDvvWq]


    J'ai rajouté ce qu'il manquait ;)

    ++
    0
    1. Aide info
       
      Salut à toi, docteur bis! Je fais quoi du coup?
      0
  4. Utilisateur anonyme
     
    Tu attends ludsfa.

    Et aussi ,

    pourquoi virer la clé SOUNDMAN ??? ( je m'adresse à ludsfa )

    +
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ludsfa Messages postés 1287 Statut Membre 15
     
    je suis pas réveillé ce matin.

    celui-ci:


    file::
    C:\FOUND.009
    C:\FOUND.008
    C:\FOUND.007
    C:\FOUND.006
    C:\FOUND.005
    C:\FOUND.004
    C:\WINDOWS\unins000.exe
    C:\WINDOWS\unins000.dat
    C:\FOUND.003
    C:\WINDOWS\system32\pwhrfhkh.ini
    C:\WINDOWS\system32\mosijoav.ini
    C:\WINDOWS\system32\xgichdud.ini
    C:\WINDOWS\system32\xgichdud.tmp
    C:\FOUND.002
    C:\FOUND.001
    C:\FOUND.000

    folder::
    C:\VundoFix Backups

    registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDvvWq]
    0
    1. Aide info
       
      J'ai recommencé avec ce script mais le pc s'est éteint avec vérification système avant de me donner le rapport.

      Je poste ce que je trouve dans combofix '(apparemment rapport d'erreur)

      -------------------------------------------------------

      \\.\C:\test0123 will be moved to \\.\C:\Qoobox\Quarantine\C\test0123.vir at next reboot.

      To undo this, start regedt32.exe and delete value PendingFileRenameOperations
      in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager.

      Error: Key: system\currentcontrolset\control\servicegrouporder_combofixbackup does not exist!

      -----------------------------------------------------

      Rapport combofix;

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\FOUND.000
      C:\FOUND.001
      C:\FOUND.002
      C:\FOUND.003
      C:\FOUND.004
      C:\FOUND.005
      C:\FOUND.006
      C:\FOUND.007
      C:\FOUND.008
      C:\FOUND.009
      C:\WINDOWS\system32\mosijoav.ini
      C:\WINDOWS\system32\pwhrfhkh.ini
      C:\WINDOWS\system32\xgichdud.ini
      C:\WINDOWS\system32\xgichdud.tmp
      C:\WINDOWS\unins000.dat
      C:\WINDOWS\unins000.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\mosijoav.ini
      C:\WINDOWS\system32\pwhrfhkh.ini
      C:\WINDOWS\system32\xgichdud.ini
      C:\WINDOWS\system32\xgichdud.tmp
      C:\WINDOWS\unins000.dat
      C:\WINDOWS\unins000.exe

      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
      2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
      2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
      2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
      2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
      2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
      2006-12-11 12:12 1,152 ----a-w C:\Documents and Settings\Th\Application Data\wklnhst.dat
      2006-01-20 17:35 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-19_ 2.31.23.71 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-19 00:24:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-04-19 09:37:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-04-19 09:38:18 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_678.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 17:19 68856]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
      "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
      "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
      "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
      "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
      "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
      "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
      "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
      "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
      "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]
      "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 21:31 196608]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
      "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

      C:\Documents and Settings\Th\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-05 20:01:39 110592]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
      Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-05 20:01:39 110592]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "C:\\Program Files\\adslTV\\adslTV.exe"=
      "C:\\Program Files\\adslTV\\vlc.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
      R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
      R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
      R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
      R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
      R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
      S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]
      S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
      S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
      S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
      S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
      S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
      S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
      S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
      \Shell\AutoRun\command - D:\setupSNK.exe

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-18 13:16:20 C:\WINDOWS\Tasks\User_Feed_Synchronization-{31CCF554-6118-4687-8DA2-903748BBF26D}.job"
      - C:\WINDOWS\system32\msfeedssync.exe
      "2008-04-14 16:18:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-04-19 09:41:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-19 12:19:09
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-19 12:20:07
      ComboFix-quarantined-files.txt 2008-04-19 10:20:04
      ComboFix2.txt 2008-04-19 00:32:08

      Pre-Run: 10,213,900,288 octets libres
      Post-Run: 10,218,799,104 octets libres
      .
      2008-04-17 20:13:45 --- E O F ---
      0
      1. Aide info > Aide info
         
        Et le petit hijack



        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 12:44, on 2008-04-19
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Acer\eManager\anbmServ.exe
        C:\WINDOWS\system32\tcpsvcs.exe
        C:\WINDOWS\System32\snmp.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Inventel\Gateway\wlancfg.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\acer\epm\epm-dm.exe
        C:\Program Files\Arcade\PCMService.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Launch Manager\LaunchAp.exe
        C:\Program Files\Launch Manager\PowerKey.exe
        C:\Program Files\Launch Manager\HotkeyApp.exe
        C:\Program Files\Launch Manager\OSDCtrl.exe
        C:\Program Files\Launch Manager\Wbutton.exe
        C:\Program Files\Acer\eRecovery\Monitor.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
        O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
        O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
        O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
        O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
        O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
        O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
        O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
        O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
        O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
        O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://donnamonroe.spaces.live.com/PhotoUpload/MsnPUpld.cab
        O20 - Winlogon Notify: khfDvvWq - C:\WINDOWS\
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
        O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
        0
  7. ludsfa Messages postés 1287 Statut Membre 15
     
    ok non ce n'est pas un rapport d'erreur mais le script que je t'ai fait comporte des petites erreurs.

    Mais là c'est bon refais un hijackthis stp.

    dis moi comment va ton pc.

    ensuite télécharge ToolsCleaner sur ton bureaux et tu fais recherche et ensuite suppression.
    Un rapport va etre généré envois le moi.
    0
    1. Aide info
       
      Le rapport toolscleaner:

      -->- Recherche:

      C:\Combofix: trouvé !
      C:\Qoobox: trouvé !
      C:\_OtMoveIt: trouvé !
      C:\Documents and Settings\Th\Bureau\OtMoveIt2.exe: trouvé !
      C:\Documents and Settings\Th\Bureau\ComboFix.exe: trouvé !
      C:\Documents and Settings\Th\Bureau\vundoFix.exe: trouvé !
      C:\Documents and Settings\Th\Bureau\SmitFraudFix.exe: trouvé !
      C:\Documents and Settings\Thé\Bureau\SDFIX: trouvé !
      C:\Documents and Settings\Th\Bureau\SmitFraudfix: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\Th\Bureau\OtMoveIt2.exe: supprimé !
      C:\Documents and Settings\Th\Bureau\ComboFix.exe: supprimé !
      C:\Documents and Settings\Th\Bureau\vundoFix.exe: supprimé !
      C:\Documents and Settings\Th\Bureau\SmitFraudFix.exe: supprimé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\Combofix: supprimé !
      C:\Qoobox: supprimé !
      C:\_OtMoveIt: supprimé !
      C:\Documents and Settings\Th\Bureau\SDFIX: supprimé !
      C:\Documents and Settings\Th\Bureau\SmitFraudfix: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      0
      1. Aide info > Aide info
         
        VOILA LE BILAN = MON PC TOURNE COMME NEUF ET JE N'AI PLUS DE FAUX ANTISPYWARE + NAVIGUATION WEB BEAUCOUP PLUS RAPIDE!!!

        CONCLUSION = VIVE DOCTEUR LUDFSA!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! MILLE MERCI A TOI ET BRAVOOOOOO!!!!
        0
      2. Aide info > Aide info
         
        CONCLUSION = RESOLU !!!!!!

        :-))) VIVE LUDSFA ET VIVE COMMENTCAMARCHE.NET!
        0
  8. ludsfa Messages postés 1287 Statut Membre 15
     
    attends

    je te conseille vivement de changer d'antivirus.

    désinstalle avast voici le lien pour le désinstaller: https://www.avast.com/fr-fr/uninstall-utility

    installe antivir antivirus:http://www.avira-antivir.info/fr/install_Avira%20AntiVir%20Personal_.exe

    ensuite le lien du tuto antivir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

    pourquoi changer avast contre antivir: http://forum.malekal.com/ftopic3528.php

    ta première analyse tu la fait en mode sans échec et tu m'envoies le rapport.
    0
    1. Aide info
       
      Et perfectionniste avec ça !! ;-)

      Ok je fais tout ça, tout de suite!
      0
  9. ludsfa Messages postés 1287 Statut Membre 15
     
    pas de soucis j'attends ton rapport.
    0
  10. Aide info
     
    Pour avoir le code d'activation d'antivir je dois payer 6 Euros via sms, c'est normal?
    0
  11. ludsfa Messages postés 1287 Statut Membre 15
     
    non il faut que tu télécharge antivir free.

    je t'envois le lien:

    http://dl1.avgate.net/down/windows/antivir_workstation_winu_en_h.exe
    0
    1. Aide info
       
      Bouououououhh j'ai encore des infections...

      Voici le rapport d'Antivir:

      Avira AntiVir Personal
      Report file date: 2008-04-19 14:39

      Scanning for 1165085 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Save mode
      Username: Th
      Computer name: T

      Version information:
      BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
      LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
      LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
      ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 19:12:34
      ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 2008-03-25 08:27:50
      Engineversion : 8.1.0.28
      AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
      AESCRIPT.DLL : 8.1.0.19 229754 Bytes 2008-04-07 15:34:46
      AESCN.DLL : 8.1.0.12 115060 Bytes 2008-04-07 15:34:46
      AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 15:34:46
      AEPACK.DLL : 8.1.1.0 364918 Bytes 2008-03-18 11:20:44
      AEOFFICE.DLL : 8.1.0.15 192889 Bytes 2008-04-07 15:34:46
      AEHEUR.DLL : 8.1.0.15 1147253 Bytes 2008-04-07 15:34:46
      AEHELP.DLL : 8.1.0.11 115061 Bytes 2008-04-07 15:34:44
      AEGEN.DLL : 8.1.0.15 299379 Bytes 2008-04-07 15:34:44
      AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 15:34:44
      AECORE.DLL : 8.1.0.25 168309 Bytes 2008-04-08 09:58:34
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
      AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
      AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
      AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
      AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, D:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: 2008-04-19 14:39

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      12 processes with 12 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '44' files ).


      Starting the file scan:

      Begin scan in 'C:\' <ACER>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\Th\Local Settings\Application Data\vqrmnzhfv.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE] The file was moved to '487bf0cd.qua'!
      C:\Documents and Settings\Th\Local Settings\Application Data\nvlbqqkdt.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE] The file was moved to '4875f0d7.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP479\A0170040.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE] The file was moved to '483af74a.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP479\A0171159.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE] The file was moved to '483af756.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP483\A0177720.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE] The file was moved to '483af7bb.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP484\A0178700.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE] The file was moved to '483b0f40.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP484\A0178701.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '483b0f45.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP485\A0181996.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '483b0f5a.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP488\A0185386.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE] The file was moved to '483b0f8d.qua'!
      C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP488\A0185387.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
      [NOTE] The file was moved to '483b0f92.qua'!
      Begin scan in 'D:\' <ACERDATA>


      End of the scan: 2008-04-19 17:44
      Used time: 3:05:19 min

      The scan has been done completely.

      6515 Scanning directories
      249440 Files were scanned
      10 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      10 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      249430 Files not concerned
      7025 Archives were scanned
      1 Warnings
      10 Notes



      J'espère que c'est bon cette fois?
      0
  12. ludsfa Messages postés 1287 Statut Membre 15
     
    oui infection vundo

    supprime déjà tout ce que tu as en quarantaine en ouvrant antivir et tu tu vas dans quarantaine tu séléctionne les virus et tu fais deletepour chaque ligne.

    je dois m'absenter on finira plus tard .Mais en attendant tu fais ça:

    1/ Télécharge VundoFix.exe :http://www.atribune.org/ccount/click.php?id=4

    Double-clique VundoFix.exe .
    Clique sur Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Ensuite clique sur YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

    Poste le rapport qui se trouve dans C:\vundofix.txt

    2/ Télécharge Combofix (par sUBs) sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    voici le tuto:http://mickael.barroux.free.fr/securite/combofix.php
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    envois moi les deux rapports je les analyserai ce soir.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    0
    1. Aide info
       
      Ok je fais tout ça!

      Sinon, j'ai un souci antivir, l'icône n'apparaît pas près de l'horloge, et j'ai une alerte sécurité windows "antivirus périmé". Tu sais comment régler ça?

      A plus tard
      0
      1. Aide info > Aide info
         
        Rapport Vundofix:

        VundoFix V7.0.3

        Scan started at 15:26:18 18/04/2008

        Listing files found while scanning....

        No infected files were found.


        Beginning removal...

        Beginning removal...

        VundoFix V7.0.3

        Scan started at 16:27:50 18/04/2008

        Listing files found while scanning....

        No infected files were found.


        Beginning removal...

        Beginning removal...

        VundoFix V7.0.3

        Scan started at 18:43:30 2008-04-19

        Listing files found while scanning....

        No infected files were found.


        Beginning removal...

        Beginning removal...

        Beginning removal...

        VundoFix V7.0.3

        Scan started at 19:21:38 2008-04-19

        Listing files found while scanning....


        VundoFix V7.0.3

        Scan started at 19:29:39 2008-04-19

        Listing files found while scanning....
        0
      2. Aide info > Aide info
         
        Rapport combofix


        ComboFix 08-04-18.3 - Th 2008-04-19 19:37:58.4 - [color=red][b]FAT32[/b][/color]x86
        Endroit: C:\Documents and Settings\Th\Bureau\ComboFix.exe
        * Resident AV is active


        [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
        .

        ((((((((((((((((((((((((((((( Fichiers créés 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))))))
        .

        2008-04-19 18:43 . 2008-04-19 18:43 <REP> d-------- C:\VundoFix Backups
        2008-04-19 14:31 . 2008-04-19 14:31 <REP> d-------- C:\Program Files\Avira
        2008-04-19 14:31 . 2008-04-19 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
        2008-04-19 12:24 . 2008-04-19 12:24 <REP> d--hs---- C:\FOUND.011
        2008-04-19 11:37 . 2008-04-19 11:37 <REP> d--hs---- C:\FOUND.010
        2008-04-19 02:32 . 2008-04-19 02:32 <REP> d-------- C:\Documents and Settings\Th
        2008-04-19 02:07 . 2008-04-19 02:07 <REP> d--hs---- C:\FOUND.009
        2008-04-18 21:43 . 2008-04-18 21:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
        2008-04-18 21:43 . 2008-04-18 21:43 <REP> d-------- C:\Documents and Settings\Th\Application Data\Malwarebytes
        2008-04-18 21:43 . 2008-04-18 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-04-18 21:19 . 2008-04-18 21:19 <REP> d--hs---- C:\FOUND.008
        2008-04-18 17:22 . 2008-04-18 17:33 4,408 --a------ C:\WINDOWS\system32\tmp.reg
        2008-04-18 17:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
        2008-04-18 17:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
        2008-04-18 17:07 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
        2008-04-18 17:07 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
        2008-04-18 17:07 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
        2008-04-18 17:07 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
        2008-04-18 17:07 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
        2008-04-18 14:17 . 2008-04-18 14:17 <REP> d-------- C:\WINDOWS\ERUNT
        2008-04-16 19:03 . 2008-04-16 19:03 <REP> d--hs---- C:\FOUND.007
        2008-04-16 15:11 . 2008-04-16 15:11 <REP> d--hs---- C:\FOUND.006
        2008-04-16 14:44 . 2008-04-16 14:44 <REP> d--hs---- C:\FOUND.005
        2008-04-16 13:51 . 2008-04-16 13:51 <REP> d--hs---- C:\FOUND.004
        2008-04-16 11:15 . 2008-04-16 11:15 101,160 --a------ C:\WINDOWS\BM184221c6.xml
        2008-04-15 14:06 . 2008-04-15 14:06 <REP> d-------- C:\Program Files\Windows Defender
        2008-04-15 13:14 . 2008-04-15 13:14 <REP> d--hs---- C:\FOUND.003
        2008-04-15 13:04 . 2008-04-15 13:04 <REP> d-------- C:\Program Files\Trend Micro
        2008-04-11 11:23 . 2008-04-11 11:23 <REP> d--hs---- C:\FOUND.002
        2008-04-10 17:36 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\BureauTrojan.Win32.BlackBird.exe
        2008-04-10 17:36 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\BureauTrojan.Win32.BlackBird.exe
        2008-04-10 17:35 . 2008-04-10 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ebglojef
        2008-04-10 17:35 . 2008-04-10 17:35 4,096 --a------ C:\Documents and Settings\Th\BureauFWebdEditor.exe
        2008-04-10 17:35 . 2008-04-10 17:35 4,096 --a------ C:\Documents and Settings\ThBureauFWebdEditor.exe
        2008-04-10 17:35 . 2008-04-10 17:35 4,096 --a------ C:\Documents and Settings\Th\Bureaufwebd.exe
        2008-04-10 17:35 . 2008-04-10 17:35 4,096 --a------ C:\Documents and Settings\Th\Bureaufwebd.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\Bureaufkwp2.0.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\Bureaufkwp2.0.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\Bureaufkwp1.5.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\Bureaufkwp1.5.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\Bureaufilemanagerclient.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\Bureaufilemanagerclient.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\BureauEditorFKWP2.0.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\BureauEditorFKWP2.0.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\Th\BureauEditorFKWP1.5.exe
        2008-04-10 17:35 . 2008-04-10 17:36 4,096 --a------ C:\Documents and Settings\ThBureauEditorFKWP1.5.exe
        2008-04-10 12:05 . 2008-04-10 12:05 <REP> d-------- C:\Program Files\PDFCreator
        2008-04-10 12:05 . 1998-07-13 02:08 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
        2008-04-10 12:05 . 1998-06-24 01:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
        2008-04-10 12:05 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
        2008-04-10 12:05 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
        2008-04-04 13:46 . 2008-04-04 13:46 <REP> d--hs---- C:\FOUND.001
        2008-04-02 18:00 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
        2008-04-02 18:00 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
        2008-04-02 17:53 . 2008-04-02 17:53 <REP> d--hs---- C:\FOUND.000
        2008-04-02 17:40 . 2008-04-02 17:41 486 --a------ C:\WINDOWS\PowerReg.dat
        2008-04-02 17:38 . 2008-04-02 17:38 <REP> d-------- C:\Program Files\Painter 7
        2008-04-01 05:09 . 2008-04-01 05:09 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
        2008-04-01 05:09 . 2008-04-01 05:09 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
        2008-03-31 23:49 . 2008-04-03 11:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-03-31 23:49 . 2008-03-31 23:49 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-03-31 23:41 . 2008-03-31 23:42 <REP> d-------- C:\Program Files\Apple Software Update
        2008-03-31 23:41 . 2008-03-31 23:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
        2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
        2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
        2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
        2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
        2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
        2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
        2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
        2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
        2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
        2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
        2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
        2006-12-11 12:12 1,152 ----a-w C:\Documents and Settings\Th\Application Data\wklnhst.dat
        2006-01-20 17:35 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
        .

        ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 17:19 68856]
        "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
        "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
        "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
        "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
        "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
        "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
        "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
        "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
        "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
        "PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
        "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
        "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
        "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
        "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
        "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
        "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]
        "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256]
        "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 21:31 196608]
        "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
        "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
        "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
        "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
        "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

        C:\Documents and Settings\Th‚\Menu D‚marrer\Programmes\D‚marrage\
        Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-05 20:01:39 110592]

        C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
        Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-05 20:01:39 110592]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDvvWq]

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\Messenger\\msmsgs.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
        "C:\\Program Files\\adslTV\\adslTV.exe"=
        "C:\\Program Files\\adslTV\\vlc.exe"=

        R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
        R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
        R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
        R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
        R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
        R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
        R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
        R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
        S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]
        S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
        S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
        S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
        S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
        S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
        S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 05:00]
        S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
        S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

        *Newly Created Service* - SSMDRV
        .
        Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
        "2008-04-19 15:57:58 C:\WINDOWS\Tasks\User_Feed_Synchronization-{31CCF554-6118-4687-8DA2-903748BBF26D}.job"
        - C:\WINDOWS\system32\msfeedssync.exe
        "2008-04-14 16:18:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        "2008-04-19 15:56:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
        - C:\Program Files\Windows Defender\MpCmdRun.exe
        .
        **************************************************************************

        catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-04-19 19:43:58
        Windows 5.1.2600 Service Pack 2 FAT NTAPI

        Balayage processus cachés ...

        Balayage caché autostart entries ...

        Balayage des fichiers cachés ...

        Scan terminé avec succès
        Les fichiers cachés: 0

        **************************************************************************
        .
        Temps d'accomplissement: 2008-04-19 19:45:15
        ComboFix-quarantined-files.txt 2008-04-19 17:45:08

        Pre-Run: 10,107,469,824 octets libres
        Post-Run: 10,189,963,264 octets libres

        179 --- E O F --- 2008-04-17 20:13:45
        0
      3. Aide info > Aide info
         
        Pour l'icône antivir c'est réglé!

        A toute!
        0
  13. ludsfa Messages postés 1287 Statut Membre 15
     
    ok ouvre à nouveau tools cleaner fait recherche et suppression et envois moi le rapport.
    0
    1. Aide info
       
      Voilà le rapport:

      -->- Recherche:

      C:\Vundofix backups: trouvé !
      C:\Qoobox: trouvé !
      C:\Documents and Settings\Th\Bureau\ComboFix.exe: trouvé !
      C:\Documents and Settings\Th\Bureau\vundoFix.exe: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\Th\Bureau\ComboFix.exe: supprimé !
      C:\Documents and Settings\Th\Bureau\vundoFix.exe: supprimé !
      C:\Vundofix backups: supprimé !
      C:\Qoobox: supprimé !
      0
  14. ludsfa Messages postés 1287 Statut Membre 15
     
    bien refais une analyse malware byte's en mode sans echec et un antivir également et tu m'envois les 3 rapports.
    0
    1. Aide info
       
      Rapport malware:

      Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 651

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 102521
      Temps écoulé: 2 hour(s), 42 minute(s), 43 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      --------------------------------------------------------------------------------------

      Rapport antivir

      Avira AntiVir Personal
      Report file date: dimanche 20 avril 2008 20:26

      Scanning for 1218459 virus strains and unwanted programs.


      Version information:
      BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
      LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
      LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:36:36
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:07:50
      ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 13:57:02
      ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 14:19:50
      Engineversion : 8.1.0.32
      AEVDF.DLL : 8.1.0.5 102772 Bytes 02/04/2008 12:36:34
      AESCRIPT.DLL : 8.1.0.26 233850 Bytes 18/04/2008 08:50:48
      AESCN.DLL : 8.1.0.14 119156 Bytes 18/04/2008 08:50:48
      AERDL.DLL : 8.1.0.19 418164 Bytes 14/04/2008 09:11:24
      AEPACK.DLL : 8.1.1.2 364917 Bytes 18/04/2008 08:50:46
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 08:50:46
      AEHEUR.DLL : 8.1.0.18 1167735 Bytes 14/04/2008 09:11:24
      AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 08:50:46
      AEGEN.DLL : 8.1.0.17 299380 Bytes 18/04/2008 08:50:46
      AEEMU.DLL : 8.1.0.5 430450 Bytes 14/04/2008 09:11:24
      AECORE.DLL : 8.1.0.27 168310 Bytes 18/04/2008 08:50:46
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
      AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
      AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, D:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: All files
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: dimanche 20 avril 2008 20:26

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      12 processes with 12 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '44' files ).


      Starting the file scan:

      Begin scan in 'C:\' <ACER>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      Begin scan in 'D:\' <ACERDATA>


      End of the scan: dimanche 20 avril 2008 21:48
      Used time: 1:21:59 min

      The scan has been done completely.

      6523 Scanning directories
      251332 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      251332 Files not concerned
      7020 Archives were scanned
      1 Warnings
      0 Notes
      0
      1. Aide info > Aide info
         
        --------------------------------------------- Euréka doc????!!
        0
  15. ludsfa Messages postés 1287 Statut Membre 15
     
    bonjour,

    hésite pas si t'as d'autre soucis.

    bon surf.
    0
    1. Aide info
       
      Encore mille merci à toi!!!!! Bon surf itou!
      0
  16. ludsfa Messages postés 1287 Statut Membre 15
     
    salut à toi aide info .

    A l'occasion fait moi un hijackthis pour vérifier une source.
    0
Précédent
  • 1
  • 2