Sujet Précédent Sujet Suivant

Gable?

Résolu/Fermé
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008 - 29 juil. 2008 à 01:41
 Utilisateur anonyme - 30 juil. 2008 à 02:43
Bonjour,
voila, je n'arrive plus a demarrer avast et spybot ex:
c:\Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide
mon centre de secu se bloque et ne s'ouvre plus, me laissant sans windows defender et parefeu, je suis obligé de le redemarrer via outils d'administration/services, je pense etre victime d'un gable, que dois -je faire? merci d'avance

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
29 juil. 2008 à 01:54
Salut


Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

http://deckard.geekstogo.com/dss.exe


(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

Double-clic sur DSS.exe pour lancer l'outil.

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 2 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
29 juil. 2008 à 02:24
j'ai bien installer dss mais peu apres que je lance le scan la fenetre disparait et plus de nouvelles, aucune fenetre ne s'ouvre
0
Réponse 3 / 24
Utilisateur anonyme
29 juil. 2008 à 02:27
ok

voila ce que tu vas faire


-> Redémarre en mode sans échec avec prise en charge reseau :

Comment redémarrer en mode sans echec avec prise en charge reseau ?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec avec prise en charge reseau puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.


une fois dans ce mode :


Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

http://deckard.geekstogo.com/dss.exe


(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

Double-clic sur DSS.exe pour lancer l'outil.

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


note : reste en mode sans echec avec prise en charge reseau
0
Réponse 4 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
29 juil. 2008 à 03:30
voila le main et l'extra text



Deckard's System Scanner v20071014.68
Run by serj bougot on 2008-07-29 02:44:45
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2008-07-28 20:38:04 UTC - RP578 - Windows Update
5: 2008-07-27 22:22:08 UTC - RP577 - Point de contrôle planifié
4: 2008-07-27 01:12:48 UTC - RP576 - Point de contrôle planifié
3: 2008-07-26 09:12:30 UTC - RP575 - Windows Update
2: 2008-07-25 15:05:59 UTC - RP574 - Point de contrôle planifié


-- First Restore Point --
1: 2008-07-24 10:22:37 UTC - RP573 - Windows Update


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 1022 MiB (1024 MiB recommended).[/color]


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 02:50:26
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\explorer.exe
C:\Windows\System32\config\systemprofile\Documents\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: imslsp.dllO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\System32\FreezeScreenSaver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - Unknown owner - C:\Windows\System32\lxczcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
Utilisateur anonyme
29 juil. 2008 à 03:39
ok

il faut que tu sois en mode sans echec avec prise en charge reseau



télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\downld

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


0
Réponse 6 / 24
Utilisateur anonyme
29 juil. 2008 à 03:45
bonsoir petite anecdote tres secondaire et inutile :

adobe n'est pas a jour
0
Réponse 7 / 24
E..T Messages postés 6087 Date d'inscription vendredi 1 février 2008 Statut Contributeur Dernière intervention 3 mars 2024 426
29 juil. 2008 à 07:29
Bonjour tout le monde ;-)

bonsoir petite anecdote tres secondaire et inutile :
adobe n'est pas a jour >> sisi c'est utile et et tu as oublié java :-)
Mais je pense que chiqui l'as vu ;-)

Bon courage à vous!
@++
0
Réponse 8 / 24
Utilisateur anonyme
29 juil. 2008 à 12:14
ok.............recip.
0
Réponse 9 / 24
Utilisateur anonyme
29 juil. 2008 à 16:21
Faire les Maj ne résoudra pas le probleme bagle

le soucis est donc d éradiquer l infection apres otmoveit ,une seconde etape est nécessire

@++
0
Réponse 10 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
29 juil. 2008 à 19:29
voila j'ai fait ce que tu as dit, je ne trouve pas le rapport dont tu parles de plus ça n'a pas l'air d'avoir changer qq chose,
0
Réponse 11 / 24
Utilisateur anonyme
29 juil. 2008 à 19:33
oui bagle est encore present


en mode sans echec avec prise en charge reseau :


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau


-> Double clique sur killbagle.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.


Une fois fait, sur ton bureau double-clic sur killbagle.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)


-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 12 / 24
Utilisateur anonyme
29 juil. 2008 à 20:14
si tu paux faire ça aussi pour le rapport otmoveit
va dans ordinateur
entre dans le disque C
entre dans _OTMoveit
entre dans movedfiles
post le fichier texte ..........log ( c est le rapport otmoveit) stp
0
Réponse 13 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
29 juil. 2008 à 20:53
c'est ça le rapport otmoveit ?

C:\Windows\system32\drivers\srosa.sys moved successfully.
C:\Windows\system32\drivers\hldrrr.exe moved successfully.
C:\Windows\system32\drivers\mdelk.exe moved successfully.
C:\Windows\system32\drivers\downld moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07292008_192029
0
Réponse 14 / 24
Utilisateur anonyme
29 juil. 2008 à 20:55
OUI C est ça parfait passe killbagle (merci pour le rapport)

http://www.commentcamarche.net/forum/affich 7635828 gable#11
0
Réponse 15 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
29 juil. 2008 à 22:23
voila
ComboFix 08-07-28.7 - SYSTEM 2008-07-29 21:51:47.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.722 [GMT 2:00]
Endroit: C:\Windows\System32\config\systemprofile\Documents\killbagle.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\PROGRA~2\Starware316
C:\PROGRA~2\Starware316\buttons\775_button_1b_def.bmp
C:\PROGRA~2\Starware316\buttons\FindIt.bmp
C:\PROGRA~2\Starware316\buttons\FindItHot.bmp
C:\PROGRA~2\Starware316\buttons\findithotxp.png
C:\PROGRA~2\Starware316\buttons\finditxp.png
C:\PROGRA~2\Starware316\buttons\Free_Credit_Score0.bmp
C:\PROGRA~2\Starware316\buttons\Free_Credit_Score0.bmp_new
C:\PROGRA~2\Starware316\buttons\Free_Music0.bmp
C:\PROGRA~2\Starware316\buttons\Free_Music0.bmp_new
C:\PROGRA~2\Starware316\buttons\logo.bmp
C:\PROGRA~2\Starware316\buttons\logoxp.bmp
C:\PROGRA~2\Starware316\buttons\Reference.bmp
C:\PROGRA~2\Starware316\buttons\ReferenceHot.bmp
C:\PROGRA~2\Starware316\buttons\referencehotxp.png
C:\PROGRA~2\Starware316\buttons\referencexp.png
C:\PROGRA~2\Starware316\buttons\Ringtones0.bmp
C:\PROGRA~2\Starware316\buttons\Ringtones0.bmp_new
C:\PROGRA~2\Starware316\buttons\Screensavers0.bmp
C:\PROGRA~2\Starware316\buttons\Screensavers0.bmp_new
C:\PROGRA~2\Starware316\buttons\Weather.bmp
C:\PROGRA~2\Starware316\buttons\WeatherHot.bmp
C:\PROGRA~2\Starware316\buttons\weatherhotxp.png
C:\PROGRA~2\Starware316\buttons\weatherxp.png
C:\PROGRA~2\Starware316\contexts\error.xml
C:\PROGRA~2\Starware316\contexts\related.xml
C:\PROGRA~2\Starware316\contexts\travel.xml
C:\PROGRA~2\Starware316\images\clear.bmp
C:\PROGRA~2\Starware316\images\cloudy.bmp
C:\PROGRA~2\Starware316\images\foggy.bmp
C:\PROGRA~2\Starware316\images\mcloud.bmp
C:\PROGRA~2\Starware316\images\nclear.bmp
C:\PROGRA~2\Starware316\images\ncloudy.bmp
C:\PROGRA~2\Starware316\images\nfoggy.bmp
C:\PROGRA~2\Starware316\images\nmcloud.bmp
C:\PROGRA~2\Starware316\images\nnoicon.bmp
C:\PROGRA~2\Starware316\images\npcloud.bmp
C:\PROGRA~2\Starware316\images\nrain.bmp
C:\PROGRA~2\Starware316\images\pcloud.bmp
C:\PROGRA~2\Starware316\images\rain.bmp
C:\PROGRA~2\Starware316\images\shower.bmp
C:\PROGRA~2\Starware316\images\walertXP.bmp
C:\PROGRA~2\Starware316\images\windrain.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))
.

2008-07-29 19:20 . 2008-07-29 19:20 <REP> d-------- C:\_OTMoveIt
2008-07-29 02:43 . 2008-07-29 21:03 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-29 02:05 . 2008-07-29 02:05 <REP> d-------- C:\Deckard
2008-07-29 00:40 . 2008-07-29 00:40 <REP> d-------- C:\Program Files\Panda Security
2008-07-29 00:40 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-28 22:39 . 2008-07-28 22:39 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-07-27 01:45 . 2008-07-27 01:45 <REP> d-------- C:\Program Files\Safer Networking
2008-07-24 12:23 . 2007-11-08 11:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex
2008-07-14 00:51 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-14 00:51 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-14 00:51 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-12 21:24 . 2008-07-12 21:24 <REP> d-------- C:\Users\All Users\FloodLightGames
2008-07-12 21:24 . 2008-07-12 21:24 <REP> d-------- C:\PROGRA~2\FloodLightGames
2008-07-12 18:04 . 2008-07-12 18:04 <REP> d-------- C:\Users\All Users\Flood Light Games
2008-07-12 18:04 . 2008-07-12 18:04 <REP> d-------- C:\PROGRA~2\Flood Light Games
2008-07-12 18:03 . 2008-07-12 23:59 <REP> d-------- C:\Users\All Users\GamesBar
2008-07-12 18:03 . 2008-07-12 23:59 <REP> d-------- C:\PROGRA~2\GamesBar
2008-07-12 18:02 . 2008-07-12 18:02 <REP> d-------- C:\Program Files\orange
2008-07-12 18:02 . 2008-07-12 23:59 <REP> d-------- C:\Program Files\GamesBar
2008-07-12 18:02 . 2008-07-12 18:02 <REP> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-09 08:29 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 08:29 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 08:29 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 08:29 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 08:29 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 08:29 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 08:29 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 08:25 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 08:25 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 08:25 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 08:25 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 08:25 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 08:25 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 08:25 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-06-30 16:14 . 2008-06-30 16:14 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-06-30 16:14 . 2008-06-30 16:14 <REP> d-------- C:\PROGRA~2\WindowsSearch
2008-06-30 08:51 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-30 08:51 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-30 08:51 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-29 22:30 . 2008-06-29 22:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-29 15:40 . 2008-06-29 15:40 <REP> d-------- C:\PerfLogs

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 21:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-28 21:03 --------- d-----w C:\PROGRA~2\NVIDIA
2008-07-26 23:54 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-07-26 09:33 --------- d-----w C:\Program Files\carasexe
2008-07-26 09:33 --------- d-----w C:\Program Files\caramec
2008-07-25 08:56 --------- d-----w C:\Program Files\IMsecure
2008-07-12 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 21:53 --------- d-----w C:\Program Files\Rockstar Games
2008-07-12 20:28 --------- d---a-w C:\PROGRA~2\TEMP
2008-07-10 19:44 --------- d-----w C:\Program Files\IncrediMail
2008-07-09 11:04 --------- d-----w C:\Program Files\Windows Mail
2008-06-29 13:53 174 --sha-w C:\Program Files\desktop.ini
2008-06-29 13:41 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-29 13:41 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-29 13:41 --------- d-----w C:\Program Files\Windows Journal
2008-06-29 13:41 --------- d-----w C:\Program Files\Windows Defender
2008-06-29 13:41 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-29 13:41 --------- d-----w C:\Program Files\Windows Calendar
2008-06-25 23:56 --------- d-----w C:\Program Files\NeroInstall.bak
2008-06-25 23:48 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-25 23:44 --------- d-----w C:\PROGRA~2\Nero
2008-06-18 03:24 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-06-16 14:42 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2008-06-16 14:40 --------- d-----w C:\Program Files\Kalypso
2008-06-09 20:55 --------- d-----w C:\Program Files\eMule
2007-10-21 17:08 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 00:41 20034600]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-28 23:11 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-05-15 15:52 675840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2004-02-03 09:03 675840]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-07-12 23:23 454144]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-28 01:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-28 01:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-28 01:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-635473776-2211851216-2027331798-1001]
"EnableNotificationsRef"=dword:00000018

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F57F31FF-F69C-4C4D-B9BD-58D04C6F0989}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C4A89695-46F4-4641-AB0C-6C24C5438483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B63087CD-6E8E-409D-998C-FBCF6793B1F8}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{998F8892-58FB-4FB6-8C65-9DEA24FE06CF}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{128987E3-1A85-484F-A436-EB8C4D352FEF}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{977FA936-5FEA-401F-8EB5-DB7A71F192FF}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{D0020019-9AFC-4ACB-BD94-1A7F7D2C530C}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{51E69CE0-1272-4D0D-BB06-A2C5768F5511}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{9EA10025-EE36-4883-B2E9-DA0861B82D40}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{DCA4C958-1543-4C15-BC6B-3CA57E42ACB7}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{37083D90-9A83-4FA0-9386-5AD2C99FB371}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{19974BD7-D372-4ED1-88EA-4ECF82DD4E67}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{F3397D8C-7661-4B65-BB24-C5BD195DB6E0}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{DED48DD2-338A-43EF-909B-80F4018CAF79}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5ACB1DBE-14DE-46AC-85F2-240E609CD3A4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C85F90A6-A09A-4898-9433-739A73AE1991}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{D49B2822-738C-433C-A239-83CE3519E6C9}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{7B2CFAC2-B674-44B3-BBF9-AB4F0B0E9F69}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{C840FD7F-648F-4F10-AC7A-A8CCB4A0C251}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{1C4F783D-A51A-4E8C-B137-F6FD092C52C6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{82B7883C-D860-4F60-833B-55FD60FD69D3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3C78F3FE-23AE-4E7C-9852-916449CDE6B1}"= Disabled:UDP:C:\Users\serj bougot\Downloads\incredimail_install.exe:IncrediMail Installer
"{EDA65BF1-BF33-47C0-A111-5B270AD5CE76}"= Disabled:TCP:C:\Users\serj bougot\Downloads\incredimail_install.exe:IncrediMail Installer
"{D820103C-BB15-4DB1-847C-D8ADAC698A41}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{4CC0D991-58EE-4F05-8A59-B5B9B1825066}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2148DA98-5181-485B-8480-E41C19AA900F}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{859E204B-B6D6-4A66-BEBD-ECD75C619AEC}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{85E545E1-6E5D-4E58-9CE2-8B0DACE310D0}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{594B8E70-897A-4328-8DBC-E0A8D08E1A1C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{067D436A-E900-4B81-A8C0-D580D9C5DA03}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DD607FA0-1A45-4F57-BB56-9FD6F0764F9C}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{839F2BC4-4D35-4F6F-8DC8-804253348A87}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{28B114B2-FCFD-444D-BD60-13143A84609B}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{048860F1-CF99-4CE4-A06A-9486816C3512}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{9E2FD330-7B4A-4454-A92D-B1CC6F33C897}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{6267D662-859F-4ACD-A2B0-D4C8F2A9734A}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{0FA4474C-4C55-491F-90D6-CD0C146B7D5F}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{835F9557-E3DE-4372-B469-DBC12C29EE8A}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{BB56BD34-3A91-4DD9-B3FB-2F20EA4F3D12}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{2E900FCB-657E-44E6-8A10-B5F29DAFF603}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"{B994B155-B4C3-437A-8E8F-9A7B0C0EA256}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{D5362A36-5843-4FD4-A751-449D67DEF01D}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{258B03F5-932B-4CA5-909C-3C4E7E3C8961}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{ADCE15D4-0F09-4A7B-BE5F-FEA55E0DE406}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{EF37EE9A-E487-4044-A28C-96EF4108E0F7}C:\\users\\serj bougot\\nouveau dossier\\wow-2.3.0.7561-frfr-downloader.exe"= UDP:C:\users\serj bougot\nouveau dossier\wow-2.3.0.7561-frfr-downloader.exe:wow-2.3.0.7561-frfr-downloader.exe
"UDP Query User{892FAA4B-A443-46DA-AF62-1D7C60FF6EDF}C:\\users\\serj bougot\\nouveau dossier\\wow-2.3.0.7561-frfr-downloader.exe"= TCP:C:\users\serj bougot\nouveau dossier\wow-2.3.0.7561-frfr-downloader.exe:wow-2.3.0.7561-frfr-downloader.exe
"{0059002B-78C4-4EF5-9BFD-754A1BB65648}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8FDCDB2E-194E-4769-AD0F-8BD1D2ABCE82}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FD7768FC-F477-4287-A8EC-B00D9575E3A1}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 11:32]
R2 FreezeScreenSaver;FreezeScreenSaver;C:\Windows\system32\FreezeScreenSaver.exe [2005-09-29 15:55]
R2 lxcz_device;lxcz_device;C:\Windows\system32\lxczcoms.exe [2007-02-08 17:50]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-06-07 10:34]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 10:13]
S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce8d918e-5aed-11dd-a48a-001a922ed1d7}]
\shell\AutoRun\command - J:\nideiect.com
\shell\explore\Command - J:\nideiect.com
\shell\open\Command - J:\nideiect.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-27 C:\Windows\Tasks\rpc.job
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
R1 -: HKCU-Internet Settings,ProxyServer = ftp=proxy.free.fr:3128;http=proxy.free.fr:3128
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 21:59:32
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\ehome\ehrecvr.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-29 22:18:25 - machine was rebooted [serj bougot]
ComboFix-quarantined-files.txt 2008-07-29 20:18:03

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 48,757,002,240 octets libres

296 --- E O F --- 2008-07-28 20:50:02
0
Réponse 16 / 24
Utilisateur anonyme
29 juil. 2008 à 22:29
redémarre en mode normal et lance ce scan :


Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log



pendant le scan mlewarebyte verifie si avast marche, si il marche pas le désinstller et le réinstaller , si windows defender ne marche pas me le signaler et pour le parefeu aussi

0
Réponse 17 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
30 juil. 2008 à 00:06
windows defender marche ainsi que le parefeu mais pas avast et impossible de le desinstaller

le rapport:

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 6.0.6001 Service Pack 1

00:04:16 2008-07-30
mbam-log-7-30-2008 (00-04-16).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 179999
Temps écoulé: 1 hour(s), 25 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 132

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\serj bougot\AppData\Roaming\m (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\serj bougot\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QQSoft Multi-screen Spy 2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo DVD Slideshow 3.3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to 3GP Converter 1.1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to Flash Converter 1.1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to iPhone MP4 Converter 1.1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to iPod MP4 Converter 1.1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to Pocket PC Converter 1.1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to PSP Converter 1.1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to Video Converter 1.1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Photo to Zune Converter 1.1.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QR Timetable 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRav 2.00.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode 2D Barcode .Net Control 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode 2D Barcode ActiveX 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode 2D Barcode ASP Component 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode 2D Barcode ASP.Net Component 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode 2D Barcode Win32 DLL 3.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode Encoder SDK ActiveX 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode Encoder SDK ASP Component 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode Encoder SDK Static Library 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode Font 2.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QReminder 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QReport 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QReport Artist 3.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRes 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRYCLIENTIP 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRYDEPTAPP 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRYPUBAPP 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRYTSCIP 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QS Disclaimer 2.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QS Flash Magic Menu Builder 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSaver 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\qsBarcode Code39 1.0.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSearch 2006.10.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSearchFolders 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qsel 1.52b-4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSetup 8.5.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\qSong 0.8.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSS Widget 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QRCode Encoder SDK Dynamic Library 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\qRFCView 0.62.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSuperList and QInputBox 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTam Hexview 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTracker 4.31.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quack Player 1.3.0.3 Alpha.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadratic Equation Solver 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuantDump 1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuArK 6.50 beta 1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuarkConverter 2.18.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quasi Random Music Rev 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSyncFTP 1.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QSynchronization 2.5.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qt Arabian 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qt Network Monitor 0.2 Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QT TabBar 1.2.2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QT Virtual Desktop 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTAddressBar 0.9.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\qTag 4.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\qTagDB 2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTam Bitmap to Icon 3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTam Spin Palette BMP 1.2.00.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QText 1.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTFairUse for ITunes 2.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QtiPlot 0.9 RC2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QtNetworkMonitor 0.2 Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qtpfsgui 1.9.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTranslator 2006.10.25.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qtrax 0.2 Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\qTray 1.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTray MP3 Recorder 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTTabBar 1.2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTVR2MOV 1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QTXL 1.0.11.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QUACK Sound Effects Studio 4.2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuackNews 0.4.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quad-Lock Unit Converter 5.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuadEquations 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadjoin 0.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadmix and Quadpan 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuadraSite 4.0c.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadrata 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuadRate 1.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadratic Equation Solver 2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadro Uneraser 2.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quadrupeds 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuadSucker-News 4.8.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quake 2007 1.1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quake Mate Seeker 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quake Video Maker 1.4.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuakeMap 3.6.20060114.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuakeSaver 1.20.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quali-Sense 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quality Fashion Jewelry Screensaver 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QualityNet 2.58.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QualityTime 4.08.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quandary 2.3.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quanta Plus 3.1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quantrix Spanner 2.03.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quantrix WinInfo 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quantrix WinTool 1.11.0114.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quantum GIS 0.8.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quantum Invoice Manager 1.05.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quantum Time Tracker 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuantumFTP 1.65.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark 1.0.40.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP ImagePort 1.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP Imposer 2.6.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP Imposer Pro 2.6.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP Imposer Pro for Adobe Acrobat 1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP MarkIt 2.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP ShadowCaster 3.2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark ALAP XPert Tools Pro 2.1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quark Doc Xtractor 1.02.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuarkCopyDesk 3.5.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuarkXPress 7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quarterround 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quartet X2 Music Studio 3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quartz 1.34.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quartz AudioMaster Freeware 4.6 build 0026b.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quasar the star-maker 1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuasiFractal Composer 2.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Quattro Pro Password Recovery Key 8.0 build 2514.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qube 2.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qube Desktop Client 2.0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qube Font 2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qubit Master 2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\Qucs 0.0.12.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\serj bougot\AppData\Roaming\m\shared\QuData Calculator 1.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 18 / 24
Utilisateur anonyme
30 juil. 2008 à 00:10
ok

réouvre malewarebyte
va sur quarantaine
supprime tout

-> Redémarre en mode sans échec avec prise en charge reseau :

Comment redémarrer en mode sans echec avec prise en charge reseau ?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec avec prise en charge reseau puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.


une fois dans ce mode :

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility

redémarre en mode normal et :


regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php


alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59
0
Réponse 19 / 24
kwrlii Messages postés 10 Date d'inscription mardi 29 juillet 2008 Statut Membre Dernière intervention 30 juillet 2008
30 juil. 2008 à 00:57
bon je crois que tout est rentré dans l'ordre
sauf que sur mon ordi j'ai pas mal de programme entrop a mon avis
maintenant j'ai installer antivir mais j'ai aussi regcleaner, spybot et son analyseu "runalyz", j'ai aussi l'analyseur de avast " aswclnr" , puis ad aware et enfin malwarebytes que me conseilles tu de garder dans tout ça?
0
Réponse 20 / 24
Utilisateur anonyme
30 juil. 2008 à 01:00
ok

ce que tu fais en mode normal


Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


Tutoriel d´instalation :

-> https://forums.cnetfrance.fr

Tutoriel d´utilisation :

-> https://forums.cnetfrance.fr

Post le rapport généré ici stp...


et je te dirais quoi garder/supprimer

0