Sujet Précédent Sujet Suivant

AshAvast.exe pas une application Win32 valide

Résolu/Fermé
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008 - 17 nov. 2008 à 08:38
 Utilisateur anonyme - 17 nov. 2008 à 13:54
Bonjour,

Mon anti-virus Avast disparait de la barre de taches et lorsque je clique sur l'icone avast dans tous les programmes, j'ai une fenetre avec la croix rouge qui s'affiche : C:Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide.
Quelqu'un pourrait-il m'aider SVP ?

Merci.

15 réponses

Réponse 1 / 15
tristan155 Messages postés 119 Date d'inscription lundi 24 décembre 2007 Statut Membre Dernière intervention 21 juin 2012 3
17 nov. 2008 à 08:42
lu!


jte conseille de désinstaller avast et de le changer.. Prends AVIRA Antivir, c'est gratuit, simple, taux de détection élévé (bien mieux qu'AVAST)

donnes moi de tes nouvelles
0
Réponse 2 / 15
Utilisateur anonyme
17 nov. 2008 à 08:49
Salut,


Telecharge FindyKill sur ton bureau :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque



0
Réponse 3 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 08:56
Chiquitine,

voici le rapport FindyKill



----------------- FindyKill V4.700 ------------------

* User : Ad‚lie - ADELIE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 8:53:00 le 17/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\Prefetch\THOTKEY.EXE-38837008.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [17/11/2008 08:29] - C:\WINDOWS\system32\mdelk.exe
Found ! [17/11/2008 08:29] - C:\WINDOWS\system32\wintems.exe
Found ! [17/11/2008 08:30] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [17/11/2008 08:28] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [17/11/2008 08:28] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [14/10/2006 04:08] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [17/11/2008 08:32] - "C:\WINDOWS\system32\drivers\downld"
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\102031.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\124359.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\125953.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\135156.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\13920578.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\13921875.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\13944500.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\13952609.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\13955875.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\13959078.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\143750.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14762640.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14763953.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14799359.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14826531.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14829750.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14853906.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\14877265.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\150078.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\15185015.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\15193171.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\15200390.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\15201921.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\155656.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\157312.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\157578.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\159500.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\160156.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\160921.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\178375.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\180171.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\187468.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\193468.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\194781.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\195906.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\196421.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\200609.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\202687.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\206078.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\212468.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\214843.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\217125.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\218671.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\222312.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\228921.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\239093.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\240250.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\263296.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\265890.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\274281.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\280000.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\281734.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\284078.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\288609.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\288781.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\295171.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\295890.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\296390.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\296984.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\300250.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\300265.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\301656.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\302140.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\303078.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\303812.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\305390.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\308140.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\308968.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\309328.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\309687.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\310718.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\313625.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\315031.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\319437.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\320796.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\345187.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\353562.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\357203.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\392656.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\401031.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\412484.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\415937.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\416546.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\420453.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\425359.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\491562.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\499437.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\79963812.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\79991609.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\79992750.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80017343.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80019828.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80023437.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80027968.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80031953.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80097156.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80132546.exe
Found ! [17/11/2008 08:32] C:\WINDOWS\system32\drivers\downld\80144890.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Ad‚lie\Application Data

Found ! [17/11/2008 08:30] - "C:\Documents and Settings\Ad‚lie\Application Data\m\flec006.exe"
Found ! [17/11/2008 08:30] - "C:\Documents and Settings\Ad‚lie\Application Data\m\list.oct"
Found ! [17/11/2008 08:31] - "C:\Documents and Settings\Ad‚lie\Application Data\m\data.oct"
Found ! [17/11/2008 08:31] - "C:\Documents and Settings\Ad‚lie\Application Data\m\srvlist.oct"
Found ! [17/11/2008 08:31] - "C:\Documents and Settings\Ad‚lie\Application Data\m\shared"
Found ! [10/11/2008 17:26] - "C:\Documents and Settings\Ad‚lie\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\ADLIE~1\LOCALS~1\Temp

Found ! - C:\DOCUME~1\ADLIE~1\LOCALS~1\Temp\Rar$EX00.422\Direct_MIDI_to_MP3_Converter_3.0.10.0_Key+Serial.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5
0
Réponse 4 / 15
Utilisateur anonyme
17 nov. 2008 à 08:58
le rapport est incomplet
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 09:00
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\0SZ11LIT\b64[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\0SZ11LIT\b64_2[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\0SZ11LIT\b64_2[2].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\0SZ11LIT\b64_3[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\0SZ11LIT\b64_3[2].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\0SZ11LIT\b64_3[3].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\21GCH1IW\b64[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\21GCH1IW\b64_1[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\21GCH1IW\b64_2[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\21GCH1IW\b64_3[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\21GCH1IW\b64_3[2].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\21GCH1IW\b64_3[3].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\580I0AV1\b64_1[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\580I0AV1\b64_3[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\580I0AV1\b64_3[2].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\580I0AV1\b64_3[3].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\580I0AV1\b64_3[4].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\5FSGU5IQ\mxd[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\6MJ31PTG\b64[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\921EKPBC\b64_2[1].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\921EKPBC\b64_2[2].jpg
Found ! - C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5\921EKPBC\b64_3[1].jpg
0
Réponse 6 / 15
Utilisateur anonyme
17 nov. 2008 à 09:04
ok


si tu as encore ce crack : Direct_MIDI_to_MP3_Converter_3.0.10.0_Key+Serial.exe --> supprime le


désinstal messenger car infecté

ensuite :


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ le pc va redémarrer , laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

0
Réponse 7 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 09:26
voic le rapport de suppression



----------------- FindyKill V4.700 ------------------

* User : Ad‚lie - ADELIE
* executed from : C:\Program Files\FindyKill
* Update on 13/11/08 par Chiquitine29
* Start at 9:16:41 the 17/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\THOTKEY.EXE-38837008.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\102031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\124359.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\125953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\135156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\13920578.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\13921875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\13944500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\13952609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\13955875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\13959078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\143750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14762640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14763953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14799359.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14826531.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14829750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14853906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14877265.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\150078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15185015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15193171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15200390.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15201921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\155656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\157312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\157578.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\159500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\160156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\160921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\178375.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\180171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\187468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\193468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\195906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\196421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\200609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\202687.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\206078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\214843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\217125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\218671.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\222312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\228921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\239093.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\240250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\263296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\265890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\274281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\280000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\281734.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\284078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\288609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\288781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\295171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\295890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\296390.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\296984.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\300250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\300265.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\301656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\302140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\303078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\303812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\305390.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\308140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\308968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\309328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\309687.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\310718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\313625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\315031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\319437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\320796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\345187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\353562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\357203.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\392656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\401031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\412484.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\415937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\416546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\420453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\425359.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\491562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\499437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\79963812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\79991609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\79992750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80017343.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80019828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80023437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80027968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80031953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80097156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80132546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80144890.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\Ad‚lie\Application Data

Deleted ! - "C:\Documents and Settings\Ad‚lie\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Ad‚lie\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Ad‚lie\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Ad‚lie\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\2P_Barcode_Creator_2.16.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Absolute Europe Mega Screen Saver 2.0 (Serial).zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Activity_Time_Tracker_1.0.7.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Actual_Shut_Down_2003_1.9.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Adobe_Photoshop_7.0_Update_7.0.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\ADSS Tray Pop-up Window 1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Advanced_Web_Photo_Gallery_1.0.0_(Key).zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Adventuria_1.2.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Adware_Spyware_Be_Gone_2.51.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Alterlife_Creations_Iris_1.08_Alpha.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Amigo 3.8.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Art_Clock_Screensaver_2.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Athens_2004_Screensaver.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Atrise_ToHTML_1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\AudioPlayer_2.6.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\BG.-.Dajana.(2006).-.Pravo.v.celta.(by.PANDA_1960).zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Bill_Central_Time_Billing_2004.05_KeyGen.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\BitNami Liferay Stack 5.0.1-0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Blue Rose 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\BSNL_Telecom_INDIA_News_0.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\BT Reminder Buddy 2.1.2.29.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\BTPlayer_1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Building A Virtual Corporation 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Cacidi LiveBrowse 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Calendarmate 2.02.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\CanonWebcam 1.0.0.51.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\CDRoller_7.00.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\ChangeUnits_3.2.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Chronic_2005_1.2.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Dark Vengeance Updater 1.2.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Desktop_Renamer_1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Digital_Photos_Screensaver_Maker_3.1.0.2_[Cracked].zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Display_Calibrator_0.9.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Documenter 1.0.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\DownloadControl Library 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Dtop_Blizzard_Screensaver_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\dvdXsoft DVD Ripper 1.10.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Dylan Online 2.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Easy Music Composer 9.42.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\EjGSoftwareWeather_1.0.0.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\eKitaab eBook Manager 0.5.5.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\EZ-ACH_4.0.4.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Ezefee_usa_6.0_Serial.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\FOREX_Currency_Exchange_Trading_Station_II_01.02.080406.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\GPSCAD_Transfer_1.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\GraphicMaster 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Ground_Control_1.0.0.7_to_1.0.0.8_patch.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Half-Life_2_DM_Temple_2_map.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Halifax Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Hurricanesoft Internet Security 2006 Free Edition 3.1.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\HyperCurve_1.1_(Patch).zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\HyperJoint ZoomButtons 2.02.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\ImageView_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Interest_Calculator_2.10.4.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\IOXperts_802.11b_Driver_X_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\IrfanView_3.98.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\iRod_3d_Desktop_Toy_1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\ISA_Monitor_1.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Javascript Obfuscator 3.0.5.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\JHtml2Printf 2.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\JPG File Sizer 1.6.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\KASPERSKY.V6.0.300.French.+.KEY.2007.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\KUMO_Browser_1.3.8.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Leprechaun Dance Screensaver.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Lighthouse.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\LingvoSoft_Suite_Deluxe_2007_English_-_Portuguese_2.0.24_With_Crack.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Lord_Of_The_Rings_Two_Towers_Special_Extended_DVD_Screensaver_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Magic_Math_Adventure_Tour_for_ages_9_to_10_2.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MDCM (Mini Disc Cover Maker) 1.1.0 Beta.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MediaRECOVER Advanced FAT NTFS Data Recovery 0.10.0.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MeowCdMp3_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Microsoft Virtual Earth 3D 2.5 Beta [Updated].zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MineStream_Prospector_Personal_Edition_1.2.1.14_(KeyGen).zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MoreClicks 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MP3 Multiplexer 4.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\MyOwnPlan_3.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\NDNoise_0.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Network+_practice_tests_2.7.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Norton.Antivirus.2006.Completo.Con.6.AÇños.De.SuscripciÇün.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Open HTTP Proxy Scanner 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Outlook Express ActiveX Control 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\PatchWise Free 3.29.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Pointstone Internet Accelerator 1.40.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Polyglossum 3.2.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Postscript to Text Converter 2.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Prime Option 2.2.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\PrintDirect Anywhere 2.00.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\PrintFolders 2.21 Cracked.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\RegScanner_1.51.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Remote_Manager_1.0.0_(Serial).zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\ReplaceMagic VisioOnly Standard 2.0.5.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\RevaSQL_2.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\RNDGen_1.2.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Roadkil's_ToneGen_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\RSS_Proxy_1.0_Alpha_3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Sentry_4.09.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Server Monitor Lite 1.0.19326.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Shared_Serial_Ports_2.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Show Password 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\SigmaXL_4.041.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Simnor Stopwatch 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Slashdotter_1.8.9.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\SmarterStats_Free_Edition_3.3.2761_Patch.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Space Battle Screen Saver 3.1.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Space_Skramble_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Stream Explorer 1.0.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Super Typing Wizard 4.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Swiftpage_for_QuickBooks_1.3.2.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Symantec.Antivirus.Corporate.Edition.v10.0.0.359.French.Iso-ASFiX.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Tab Minus 0.6.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\TextInsert 1.00.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Thai_Food_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Thumb_Buddy_2.1a_[Key].zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Time_Entry_1.0.0.4_With_Crack.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Traffik Driver 2.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Tray_Commander_2.3.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Tray_Play_1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Unreal_Tournament_2004_CTF_Lavagiant_Classic_map.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\USPS_Tracking_Tool_1.32_[Crack].zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\VizCalculator_(Polar_and_Rectangular_Conversion)_1.0_[Serial].zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\VLFullScreen_1.00_build_0047.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\VoMail_1.02.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Winc_2.2_build_1492.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Windows API hooking SDK 2.15.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\WinOne_-_Super_Command_Shell_for_Win32_7.2_Serial.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\Wise Registry Cleaner 2.91 Build 94.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\World Cup Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\XLReporting_6.zip
Deleted ! - C:\Documents and Settings\Ad‚lie\Application Data\m\shared\ZipItFast! 3.0.zip
Deleted ! - "C:\Documents and Settings\Ad‚lie\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Ad‚lie\Application Data\m"

»»»» Supression files in C:\DOCUME~1\ADLIE~1\LOCALS~1\Temp

Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\Local AppWizard-Generated Applications\Direct_MIDI_to_MP3_Converter_3.0.10.0_Key+Serial
Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\bisoft
Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-2418506660-1554663365-2186893940-1005\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Direct_MIDI_to_MP3_Converter_3.0.10.0_Key+Serial
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse

»»»» Supression files in C:\Documents and Settings\Ad‚lie\Local Settings\Temporary Internet Files\Content.IE5
0
Réponse 8 / 15
Utilisateur anonyme
17 nov. 2008 à 09:30
telecharge RSIT:

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

ensuite :


-> Redémarre en mode sans échec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

-> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/



Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

redémarre en mode normal puis :

Poste le contenu de log.txt (<<qui sera affiché)

NB : Les rapports sont sauvegardés dans le dossier C:\rsit


0
Réponse 9 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 09:42
voici le fichier log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Adélie at 2008-11-17 09:41:38
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 54 GB (57%) free of 95 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:48, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Adélie\Local Settings\Temporary Internet Files\Content.IE5\AJETPQ8S\RSIT[1].exe
C:\Program Files\trend micro\Adélie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2af7f8b5104657aa.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 10 / 15
Utilisateur anonyme
17 nov. 2008 à 09:47
désinstal ét réinstal avast ou :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php


alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->Antivir le telecharger


tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

Pour désinstaller Avast telecharge cet outil



ensuite :


Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


0
Réponse 11 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 12:38
Rapport Malwarebytes

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1403
Windows 5.1.2600 Service Pack 2

17/11/2008 12:31:24
mbam-log-2008-11-17 (12-31-24).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 151340
Temps écoulé: 2 hour(s), 17 minute(s), 31 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adélie\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\150953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\153234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\153265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\156062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\162578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\166343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\168375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\180031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\188312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\189812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\199140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\206578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\211750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\218578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\219328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\223734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\224906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\225593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\232031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\237750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\242890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\246890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\249406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\258515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\261515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\268609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\280140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\293750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\295109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\296843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\299000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\299203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\302750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\310125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\312968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\313984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\323859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\333000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\338375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\348921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\354640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\359015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\370109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\375812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\378609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\386203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\387187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\397328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adélie\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adélie\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Adélie\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Adélie\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.


Par contre, je n'arrive pas à télécharger Antivir
0
Réponse 12 / 15
Utilisateur anonyme
17 nov. 2008 à 12:44
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau


-> Double clique sur killbagle.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.


Une fois fait, sur ton bureau double-clic sur killbagle.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)


-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 13 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 13:35
voici le rapport combo

ComboFix 08-11-16.05 - Adélie 2008-11-17 13:25:28.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.579 [GMT 1:00]
Lancé depuis: c:\documents and settings\Adélie\Bureau\killbagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Michel\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\ban_list.txt
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\system32\drivers\winfilse.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-17 au 2008-11-17 ))))))))))))))))))))))))))))))))))))
.

2008-11-17 10:09 . 2008-11-17 10:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 10:09 . 2008-11-17 10:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-17 10:09 . 2008-11-17 10:09 <REP> d-------- c:\documents and settings\Adélie\Application Data\Malwarebytes
2008-11-17 10:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 10:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 09:41 . 2008-11-17 09:41 <REP> d-------- C:\rsit
2008-11-17 09:41 . 2008-11-17 09:41 <REP> d-------- c:\program files\trend micro
2008-11-17 09:23 . 2008-11-17 12:34 7,168 --a------ c:\windows\system32\drivers\srosa2.sys
2008-11-17 08:52 . 2008-11-17 09:19 <REP> d-------- c:\program files\FindyKill
2008-11-16 18:02 . 2008-11-16 18:02 <REP> d-------- c:\program files\ma-config.com
2008-11-16 18:02 . 2008-11-16 18:02 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-12 17:45 . 2008-11-15 18:58 <REP> d-------- c:\program files\GPLGS
2008-11-12 17:42 . 2008-11-12 17:42 <REP> d-------- c:\program files\Acro Software
2008-11-11 14:44 . 2008-11-11 14:44 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-11 14:44 . 2008-11-11 14:44 1,409 --a------ c:\windows\QTFont.for
2008-11-10 16:00 . 1998-02-06 21:37 299,520 --a------ c:\windows\uninst.exe
2008-11-10 15:42 . 2008-11-10 15:47 <REP> d-------- c:\program files\MidiMeow
2008-11-08 10:15 . 2008-11-08 10:15 <REP> d-------- c:\documents and settings\Michel\Application Data\Media Player Classic
2008-11-08 09:37 . 2008-11-08 09:37 <REP> d-------- c:\documents and settings\Michel\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 16:21 --------- d-----w c:\program files\eMule
2008-10-21 15:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-28 16:51 --------- d-----w c:\documents and settings\Adélie\Application Data\EPSON
2008-09-28 16:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-28 16:34 --------- d-----w c:\program files\EPSON
2008-09-25 15:17 --------- d-----w c:\program files\Finale 2006c
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-05-30 18:21 176,872 ----a-w c:\program files\instala-emule.exe
2007-12-20 00:58 36,888 -c--a-w c:\documents and settings\Adélie\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 19:05 14,991,120 ----a-w c:\program files\setupfre.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [BU]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-11-20 283888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 185896]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 1777664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 21:58 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-17 08:24 118784 c:\program files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-01-26 13:36 495616 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-18 16:36 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys [2008-11-17 7168]
R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-09-22 7040]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-02 195752]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-12-25 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-12-25 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-12-25 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-12-25 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-12-25 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-12-25 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-12-25 90800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1af94b32-9691-11db-bb03-00a0d15ce10e}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1af94b33-9691-11db-bb03-00a0d15ce10e}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{205622d0-93f8-11db-bafe-00a0d15ce10e}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3278e56-7d49-11dc-bc7f-00a0d15ce10e}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Adélie\Application Data\Mozilla\Firefox\Profiles\sdb6an2u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 13:26:28
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-17 13:33:28
ComboFix-quarantined-files.txt 2008-11-17 12:33:25

Avant-CF: 56,759,001,088 octets libres
Après-CF: 56,513,503,232 octets libres

184 --- E O F --- 2008-11-16 18:53:02
0
Réponse 14 / 15
mistral6759 Messages postés 9 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 17 novembre 2008
17 nov. 2008 à 13:51
chiquitine,

J'ai réussi à installer Antivir...

Je pense que cela fonctionne correctement. Je ferme le point.

Merci pour ton aide
0
Réponse 15 / 15
Utilisateur anonyme
17 nov. 2008 à 13:54
Copie le texte ci-dessous :

File::
c:\windows\system32\drivers\srosa2.sys

Driver::
sK9Ou0s



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

S'il n'y a pas de rédémarrage, poste quand même le rapport
0

Discussions similaires

"Aucune application permettant d'ouvrir cette URL"
sidojaice -
JIP -

24 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses
Nom de champs du tableau croisé dynamique non valide
Kazooie123 -
SajDri -

6 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Installer une application non vérifiée Microsoft Store
Camtajoie -
Kori-Kori -

11 réponses