avast edition familialeRésolu/Fermé

Question

Bonjour,

Je viens d'installer le logiciel. Or lorsque je clique sur l'icone pour le lancer j'ai ce message :
C\Programfiles.....\ashAvast.exe n'est pas une application Win32 valide.

Pouvez-vous m'aide , merci !

Destrio5 · Accepted Answer

L'infection Bagle avait envahit ton PC d'où le message d'erreur d'Avast.

On continue la désinfection.

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

Bagle vient d'un crack infecté, arrête de télécharger n'importe quoi.

pascal_78 · Answer

Tu l'a télécharger ou?

loic · Answer

sur le site : 
https://www.avast.com/fr-fr/free-antivirus-download

pascal_78 · Answer

Tu es sur XP ou vista?

loic · Answer

je suis sur xp

pascal_78 · Answer

essais de réinstaller.

Tu as eu un message d'erreur lors de l'installation?

loic · Answer

lors de l'installation y a pas eu de souci ; j'ai redémarré l'ordi une fois l'installation finie ;

pascal_78 · Answer

supprimes le et réinstalle le, mais normalement l'installation se passe sans problème.

Destrio5 · Answer

Salut,

Pour vérifier un truc :

---> Télécharge EliBaglA.exe :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

---> Clique en bas de la page sur le bouton Descargar Elibagla.
Enregistre ce fichier sur le bureau.

---> Double-clique sur EliBaglA.exe pour l'ouvrir.

---> Assure-toi que dans le menu déroulant Unidad qu'il y ait bien C:\
Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée.

---> Clique sur le bouton Explorar pour lancer l'analyse.

---> L'analyse finie, redémarre, poste le rapport d'EliBaglA qui se trouve ici C:\InfoSat.txt

loic · Answer

voici le rapport 

	  Thu Sep 11 18:15:19 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.

	  Thu Sep 11 18:42:48 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

	  Thu Sep 11 18:43:03 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

	  Thu Sep 11 18:47:55 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

	  Thu Sep 11 18:47:58 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

	  Thu Sep 11 18:52:30 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr

	  Thu Sep 11 18:52:34 2008
EliBagle v11.70  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Microsoft Works\WKFUD.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181454.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181455.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181511.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181512.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181513.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181560.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181561.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181562.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181600.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181601.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181602.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181664.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181665.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181666.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181678.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181701.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181702.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181703.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181725.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181726.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181727.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181738.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181739.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181740.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181850.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181855.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181857.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181859.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181881.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181882.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181883.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181893.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181911.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181913.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181914.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182041.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182042.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182043.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182053.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182076.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182077.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182078.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182148.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182223.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183221.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183224.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183225.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183232.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183233.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183355.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183356.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183357.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183366.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183370.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183371.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183377.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183378.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183503.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0184501.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185497.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185498.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185499.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185500.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185503.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1495718.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1500187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15253562.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\15361421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15435640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15448937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15626906.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15638437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16066078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16075640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16274609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\277281.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3012687.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\3057546.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3062312.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\323609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\325328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\339750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\342843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3514234.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\3769656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3975734.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\440390.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\711796.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\720312.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\724468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\745468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\753406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\758093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\778406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\788328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\790484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\868187.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\914484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\921062.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\951953.EXE --> Eliminado Bagle

Nº Total de Directorios:   8659
Nº Total de Ficheros:      75167
Nº de Ficheros Analizados: 12860
Nº de Ficheros Infectados: 103
Nº de Ficheros Limpiados:  103

loic · Answer

voila : 

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2

11/09/2008 21:32:41
mbam-log-2008-09-11 (21-32-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 119429
Temps écoulé: 1 hour(s), 44 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 203

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hervé\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\config\40084332.Evt (Rootkit.Agent.H) -> Delete on reboot.
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185524.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1007265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1012640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1024203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1026578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1032312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1040406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1045968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1049250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1055000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1067578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1095328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1454500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1468453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1470187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15263250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15306593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15306765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15309546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1535578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15369140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15369250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15385453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1542656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15487265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15514703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15559031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15559062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15562953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15571046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15603359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15621515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15623875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15633140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15653234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15695234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15757281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15797890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15943171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15991140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16003843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16017062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16028156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1603531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16045000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16047859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16079000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16114484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1612078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16161640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1618718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16194156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16253578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16266281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16268062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16303656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16324359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16327140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16388031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16408906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16415515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16769375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16901875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\17117734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1798843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1813906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\258140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\269453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\270687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\284140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3017718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\303125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3035265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3039859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\304296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3073765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\315312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3159890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\316593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3173390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3174656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3188718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3195296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3220828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\322562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3225796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3258625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3265031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3284343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3294062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\331406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\333625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\334593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\339000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\345625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3518593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\352625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3729953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3731546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3780046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3806937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\384703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3848984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3853234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\387109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\390562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3984156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4014515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4016484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4027281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4035218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4062453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4066312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\421296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\426078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\438421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\443921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\446828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\521890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\543859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\545625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\566031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\572109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\594937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\628703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\634609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\649281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\658281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\683296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\698156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\699640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\700640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\702734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\710968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\712796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\714812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\716046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\717031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\721437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\722093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\722906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\729390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\730187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\743687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\746890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\750828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\752609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\753234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\755125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\757812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\766296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\769500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\772359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\784343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\785437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\788218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\799125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\802812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\804234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\806468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\809125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\814906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\823796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\826781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\833203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\837796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\838593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\839421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\845515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\851375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\858781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\859015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\860781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\869375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\871062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\873078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\874937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\885000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\892531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\893156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\899718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\899843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\917890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\921343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\926843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\940156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\942187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\955375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\957796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\958109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\959093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\961812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\963359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\964078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\985187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\986781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\989515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\993078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\995890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\997203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vccwvzm_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vccwvzm_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

Destrio5 · Answer

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

loic · Answer

Et voila : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:08, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran40perso.IEPlugIn - {397B3223-7D10-11D6-ABC6-00B0D094B576} - C:\Program Files\Systran\4_0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
pjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
pjpi150_01.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9F4AA2-1E80-4E21-8C91-8E3B8F1EF84B}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: wmmres32 - C:\WINDOWS\SYSTEM32\wmmres32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing)
O24 - Desktop Component 0: (no name) - http://perso.orange.fr/scl/images/CDAmourAnarchie1.jpg

Destrio5 · Answer

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

loic · Answer

voila :
ComboFix 08-09-10.04 - Hervé 2008-09-11 22:28:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.96 [GMT 2:00]
Endroit: C:\Program Files\Programmes téléchargés\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\config\49472178.Evt
C:\WINDOWS\system32\dao350.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_NPF
-------\Legacy_SROSA
-------\Service_asc3550p

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.

2008-09-11 22:15 . 2008-09-11 22:15 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 19:37 . 2008-09-11 19:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 19:37 . 2008-09-11 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 19:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 19:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 16:37 . 2008-09-09 17:50 <REP> d-------- C:\Program Files\splus
2008-09-07 16:37 . 2005-10-17 18:13 447,488 --a------ C:\WINDOWS\system32\splus.cpl
2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\TechSmith
2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-09-07 16:35 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-09-07 16:28 . 2008-09-07 16:30 <REP> d-------- C:\Program Files\camtasia studio v3.0.2
2008-09-07 16:09 . 2008-09-07 16:09 <REP> d-------- C:\Program Files\Alwil Software
2008-08-19 17:44 . 2008-08-19 17:45 <REP> d-------- C:\Program Files\Philips
2008-08-19 17:44 . 2008-01-14 16:58 19,840 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-08-14 17:19 . 2005-05-05 10:59 9,918,872 --a------ C:\WINDOWS\wmsetup.exe
2008-08-14 17:19 . 2005-09-18 20:32 1,416,944 --a------ C:\WINDOWS\wmwinxp.exe
2008-08-14 17:19 . 2005-09-18 20:32 1,186,032 --a------ C:\WINDOWS\wm2000.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 20:37 --------- d-----w C:\Program Files\Wanadoo
2008-09-11 20:25 --------- d-----w C:\Program Files\Programmes téléchargés
2008-09-11 16:56 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 18:03 --------- d-----w C:\Program Files\eMule
2008-09-07 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-09-07 08:52 --------- d-----w C:\Program Files\CamStudio
2008-09-07 08:33 --------- d-----w C:\Program Files\HyCam2
2008-08-19 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 16:50 --------- d-----w C:\Program Files\TubeMaster
2008-08-09 09:44 --------- d-----w C:\Program Files\IVCsoft
2008-08-09 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2008-08-05 14:46 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="00" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-10-05 331830]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 28738]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-31 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975]
"Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 44544]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="atiptaxx.exe" [2002-07-04 ATI\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmmres32]
2004-09-07 13:04 12288 C:\WINDOWS\system32\wmmres32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.LM20"= lm20.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8112:TCP"= 8112:TCP:messenger
"3658:TCP"= 3658:TCP:messenger

R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-11-30 2368]
S2 wmmres32;Windows Movie Maker;rundll32.exe C:\WINDOWS\system32\wmmres32.dll,ocib [ ]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237cc8ac-aaf3-11dc-8f59-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4399870e-a41f-11dc-8f4f-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdb3df1-6e05-11dd-9080-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5859fe4-8f7c-11db-8dad-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WorksFUD - C:\Program Files\Microsoft Works\wkfud.exe
HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Hervé\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]taqxaia.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 22:38:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 22:49:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 20:49:02

Pre-Run: 23,276,920,832 octets libres
Post-Run: 23,270,830,080 octets libres

181 --- E O F --- 2008-01-04 19:14:31

loic · Answer

merci pour toutes ces informations ; c'est bon la, je suis sauvé ?

Destrio5 · Answer

- Télécharge RavAntivirus d'Evosla sur ton bureau : 
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix

- Clique droit sur le fichier rav.zip, puis "Extraire Ici".

- Doucle-clique sur "rav.exe" pour lancer le fix.

- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)

- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.

- Ensuite : retire tes disques amovibles et redémarre le PC.

loic · Answer

est-ce normal que l'analyse soit si longue ?

Destrio5 · Answer

Il a trouvé quelque chose ?

loic · Answer

au tout debut il a trouve g:\autroun.inf et g\:nideiect.com ; il les a supprimé avec succes; et depuis j'ai le message l'odinateur est sain et l abande bleu qui va et vient comme s"il cherchait toujours

Destrio5 · Answer

Ok, quitte-le. Je te fais un script.

loic · Answer

ok je le quitte

Destrio5 · Answer

/!\ Seul loic peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :





KillAll::

File::
F:
ideiect.com 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"TkBellExe"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"SoundMan"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237cc8ac-aaf3-11dc-8f59-4d6564696130}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4399870e-a41f-11dc-8f4f-4d6564696130}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdb3df1-6e05-11dd-9080-4d6564696130}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5859fe4-8f7c-11db-8dad-4d6564696130}] 





---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

loic · Answer

tu en penses quoi ? c'est tres grave encore ?

Destrio5 · Answer

ComboFix déconne en ce moment donc fais ceci :

- Crée un fichier Bloc-notes avec le texte qui se trouve ci-dessous (copie/colle): 



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"SoundMan"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237cc8ac-aaf3-11dc-8f59-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4399870e-a41f-11dc-8f4f-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdb3df1-6e05-11dd-9080-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5859fe4-8f7c-11db-8dad-4d6564696130}] 



- Enregistre ce fichier dans : Bureau
- Nom du fichier : fix.reg
- Type : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc-notes

Utilisation du fichier : fix.reg :
Double-clique sur le fichier (Bureau) / Accepte l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valide le message disant que la fusion est terminée.

loic · Answer

voila, c'est fait

Destrio5 · Answer

Poste un nouveau rapport HijackThis.

loic · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:53, on 13/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\TechSmith\Camtasia Studio\CamtasiaStudio.exe
C:\Program Files\TechSmith\Camtasia Studio\TSCHelp.exe
C:\Program Files\TechSmith\Camtasia Studio\CamRecorder.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran40perso.IEPlugIn - {397B3223-7D10-11D6-ABC6-00B0D094B576} - C:\Program Files\Systran\4_0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
pjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
pjpi150_01.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9F4AA2-1E80-4E21-8C91-8E3B8F1EF84B}: NameServer = 81.253.149.1 80.10.246.3
O20 - Winlogon Notify: wmmres32 - C:\WINDOWS\SYSTEM32\wmmres32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing)
O24 - Desktop Component 0: (no name) - http://perso.orange.fr/scl/images/CDAmourAnarchie1.jpg

Destrio5 · Answer

---> Télécharge OTMoveIt2 à partir du lien ci-dessous : 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move.



C:\WINDOWS\SYSTEM32\wmmres32.dll



---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES. 

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

loic · Answer

DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\wmmres32.dll
C:\WINDOWS\SYSTEM32\wmmres32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\wmmres32.dll moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09132008_173028

Destrio5 · Answer

---> Mets à jour Internet Explorer :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)     

O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file) 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')     

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')     

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')     

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)     

O20 - Winlogon Notify: wmmres32 - C:\WINDOWS\SYSTEM32\wmmres32.dll 

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)     

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)     

O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing) 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Installe Antivir :
https://www.mediafire.com/?sharekey=1ab12433e284b403d2db6fb9a8902bda

---> Redémarre ton PC et poste un nouveau rapport HijackThis

Destrio5 · Answer

Avant d'installer Antivir, utilise ce logiciel :
http://dlpro.antivir.com/down/windows/tool_en.exe

Destrio5 · Answer

Je me suis trompé de logiciel :
https://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml#download

Destrio5 · Answer

Tu as déjà installé cet antivirus ?

loic · Answer

il me semble mais pas completement ,avant avast ; mais je le trouve installé nullepart

Destrio5 · Answer

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

Destrio5 · Answer

Installe la version gratuite d'AVG 8 à ce moment-là.

Destrio5 · Answer

Fais un scan complet avec AVG.

Destrio5 · Answer

Poste un nouveau rapport HijackThis.

Destrio5 · Answer

Fix ces deux lignes :

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing)

Destrio5 · Answer

Redémarre ton PC et vois si les lignes sont toujours là ou pas.

Destrio5 · Answer

---> Menu démarrer > Exécuter > cmd > OK

---> Dans la fenêtre noire, tape sc delete gusvc

---> Normalement, tu vas avoir un message pour t'indiquer que ça a été fait

Destrio5 · Answer

Maintenant, fais pareil avec sc delete wmmres32

Destrio5 · Answer

Poste un nouveau rapport HijackThis maintenant.

Destrio5 · Answer

Tu as encore des problèmes ou on peut passer à la dernière étape ?

Destrio5 · Answer

Comment ça, ça va ?

Dis-moi, je t'écoute si tu as un truc qui te tracasse.

loic · Answer

tout a l'air de bien marcher

Destrio5 · Answer

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport. 
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

Destrio5 · Answer

Clique sur Suppression.

Destrio5 · Answer

Tu peux supprimer Tools Cleaner.

Des questions ?

loic · Answer

non, je te remercie vraiment pour tout ça ! merci de ta disponibilité

Avast edition familiale

51 réponses

Discussions similaires

Newsletters