virus trojan et virtumonde Fermé

Question

Bonjour,
J'ai été infecté par deux virus : trojan et virtumonde et apres avoir utilisé c cleaner et ad aware il sont toujours la . Quelqu'un pourrait - il m'aider a m'en debarrasser????

archet9 · Answer

bonsoir

Commence par poster un rapport HijackThis stp, 
>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis 
- Lance le programme, puis sélectionne < do a system scan and save a logfile > 
- Enregistre le rapport sur ton bureau. 
Et envoie, par copier/coller, ton log Hijackthis sur le forum, 


A+ 

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

archet9 · Answer

Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) : 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/ 

- Enregistre-le sur le bureau 

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée 

- Un rapport sera généré, poste-le dans ta prochaine réponse. 

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*] 

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de 
a+

archet9 · Answer

OK

Fais un scan avec cet antispyware : 

Telecharge malwarebytes + tutoriel : 

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

Tu l´installes: le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide''Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

cynthiaak · Answer

Les mises a jour microsoft sont désactivés et je n'arrive pas a les réactiver. Est-ce que ca a un rapport avec mon virus??




Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1493
Windows 5.1.2600 Service Pack 3

12/12/2008 19:49:22
mbam-log-2008-12-12 (19-49-22).txt

Type de recherche: Examen rapide
Eléments examinés: 55072
Temps écoulé: 10 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 27
Fichier(s) infecté(s): 70

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUkHAQj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBuRKed.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39be49c6-7542-4ee0-a911-cdb9e18e80de} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39be49c6-7542-4ee0-a911-cdb9e18e80de} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81df3341-a2a0-4734-b9e7-cb77cee3dc71} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{81df3341-a2a0-4734-b9e7-cb77cee3dc71} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81df3341-a2a0-4734-b9e7-cb77cee3dc71} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e49a9fcb-faa9-4c1f-a1c1-54920da2cca4} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware370 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware370 (Adware.Starware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvukhaqj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvukhaqj  -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_6 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_7 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_8 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Paroles (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Radio_FR (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Recherche_de_musique (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Telechargement (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\uewltb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkHAQj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jQAHkUvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jQAHkUvw.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp
sb2A.tmp\System.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\563_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\572_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\573_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Button_60.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Button_70.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\Button_80.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_6\Button_6Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_6\Button_6Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_7\Button_7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_7\Button_7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_8\Button_8Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Button_8\Button_8Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Paroles\ParolesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Paroles\ParolesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Radio_FR\Radio_FROptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Radio_FR\Radio_FROptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Telechargement\TelechargementOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Telechargement\TelechargementOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware370\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBuRKed.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxxearr_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxxearr_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
vs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

cynthiaak · Answer

Le lien ne renvoit a rien??!!!

cynthiaak · Answer

C'est bon j'ai trouvé un moyen. voici le rapport:


--------- Logfile of AD-Remover 1.0.7.6 by C_XX ---------

# START at: 22:25:02 | Sam 13/12/2008 | Microsoft® Windows XP™   (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)

# DRIVE(S): 
- C:\  (File System: NTFS)
- D:\  (File System: FAT32)

# Internet Explorer v7.0.5730.11

--------- [ RUNNING PROCESSES: 36 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\PROGRA~1\MICROS~4apimgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSLAUNCH.EXE
C:\WINDOWS\system32
tvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
.
[28/09/2008 16:30|d--------] C:\PROGRA~1\EoRezo
[28/09/2008 16:30|d--------] C:\PROGRA~1\EoRezo\EoAdv
[28/09/2008 16:18|--a------] C:\PROGRA~1\EoRezo\EoAdv\eoAdv.url
[25/01/2007 09:22|--a------] C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.OLD
[28/09/2008 16:30|d--------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\cmhost.cyp
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\CONFME~1.CYP
[28/09/2008 16:28|d--------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\db
[28/09/2008 16:28|d--------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\EODESK~1
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\host.cyp
[28/09/2008 16:30|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\user.cyp
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\db\cat.cyp
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\EODESK~1\config.xml
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[28/09/2008 16:28|--a------] C:\DOCUME~1\COMPAQ~1\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| Messenger Skinner Elements found :

.

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\z388z6z2.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.18 ~~~~

Start Page :  "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

+----------+


+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

Iomega Automatic Backup Pro	REG_SZ	"C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
MsnMsgr	REG_SZ	"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Start WingMan Profiler	REG_SZ	"C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
H/PC Connection Agent	REG_SZ	"C:\PROGRA~1\MICROS~4\wcescomm.exe"
ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

QuickTime Task	REG_SZ	"C:\Program Files\QuickTime\qttask.exe" -atboottime
ISUSPM Startup	REG_SZ	c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
F-Secure Manager	REG_SZ	"C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
F-Secure TNB	REG_SZ	"C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

+--[HKEY_USERS\.DEFAULT\..\Run]


+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.fr/

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

- "C:\AD-report-13.12.2008.log" (5465 octets)

[ END at: 22:25:19 | 13/12/2008 ] - [ Time elapsed: 16.8 seconds ]

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 105 lines ]
+---------------------------------------------------------------------------+

Lyonnais92 · Answer

Bonjour,

archet9 a décidé qu'il ne poursuivait pas cette désinfection.

Ferme toutes les applications en cours, y compris ton navigateur
.
Relance "Ad-remover".

Au menu principal choisis l'option B.
https://i75.servimg.com/u/f75/11/05/93/83/ad-r210.jpg

A l'écran de sélection, choisis de tout supprimer et Entrée.

Si nécessaire renouvelle pour chaque choix.

Tape S pour effectuer le nettoyage.

Poste le rapport qui apparait à la fin.
Il est sauvegardé ici : C:\Ad-report(date).log

===========================

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

cynthiaak · Answer

--------- Logfile of AD-Remover 1.0.7.6 by C_XX ---------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
Messenger Skinner
Sweetim

******************

# START at: 18:01:19 | Dim 14/12/2008 | Microsoft® Windows XP™   (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)

# DRIVE(S): 
- C:\  (File System: NTFS)
- D:\  (File System: FAT32)

# Internet Explorer v7.0.5730.11

--------- [ RUNNING PROCESSES: 36 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\PROGRA~1\MICROS~4apimgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSLAUNCH.EXE
C:\WINDOWS\system32
tvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Boonty/Boonty Games Elements Deleted :

.

+-----------------------| Eorezo Elements Deleted :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
.
[28/09/2008 16:30|d--------] C:\Program Files\EoRezo
[28/09/2008 16:30|d--------] C:\Documents and Settings\Compaq_Propri‚taire\Application Data\EoRezo

+-----------------------| Everest Poker Elements Deleted :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.

+-----------------------| Messenger Skinner Elements Deleted :

.

+-----------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\z388z6z2.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.18 ~~~~

Start Page :  "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

+----------+

+--[HKEY_CURRENT_USER\..\Run]

Iomega Automatic Backup Pro	REG_SZ	"C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
MsnMsgr	REG_SZ	"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Start WingMan Profiler	REG_SZ	"C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
H/PC Connection Agent	REG_SZ	"C:\PROGRA~1\MICROS~4\wcescomm.exe"
ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

QuickTime Task	REG_SZ	"C:\Program Files\QuickTime\qttask.exe" -atboottime
ISUSPM Startup	REG_SZ	c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
F-Secure Manager	REG_SZ	"C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
F-Secure TNB	REG_SZ	"C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

+--[HKEY_USERS\.DEFAULT\..\Run]


+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-14.12.2008.log" (4727 octets)

[ END at: 18:06:05 | 14/12/2008 ] - [ Time elapsed: 4 minutes, 45 seconds ]

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 102 lines ]
+---------------------------------------------------------------------------+
info.txt logfile of random's system information tool 1.04 2008-12-14 18:09:27

======Uninstall list======

-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
Ahead Nero Burning ROM-->C:\Program Files\Ahead
ero\uninstall\UNNERO.exe /UNINSTALL
Ahead NeroMediaPlayer-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Ahead NeroVision Express-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Amélioration de nos services-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036 
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Companion wizard-->C:\Program Files\Common Files\Companion Wizard\compwiz.exe -u
Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036 
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Galerie de photos Windows Live (bêta)-->MsiExec.exe /X{B229A0D2-F322-4A30-8E0F-F4AEA3000A14}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"J:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP iPAQ Setup Assistant v1.0.7.0-->C:\Program Files\HP\HP iPAQ Setup Assistant\Uninst.exe
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Iomega Automatic Backup Pro-->MsiExec.exe /X{6ABAF1E2-BEB6-4C32-BD9F-0CA733EE7453}
Iomega Product Registration-->MsiExec.exe /X{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}
iPAQ WebReg-->MsiExec.exe /I{D37C6152-89DF-4D29-83CF-666200D5F398}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kikoo-->C:\Program Files\Kikoo\Uninstal.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x40c 
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Mah-Jong 3D-->"C:\Program Files\Anuman Interactive\Mah-Jong 3D\unins000.exe"
MahJongg Master 3-->C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Micro Application - 3D Architecte Expert CAD 2008-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB6179CC-DE5B-46DF-8CDD-8939B638B932}\setup.exe" -l0x40c 
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{A853BEB2-B270-4645-AAAA-9D83C2233BD3}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe
Pack sécurité-->"C:\Program Files\SFR\Pack Sécurité\FSGUI\PostInstall.exe"  /tUnInstall
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1036 
Realtek High Definition Audio Driver-->RtlUpd.exe -r
Secured eMule 0.47c-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
UNO© Freeware-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\UNO Freeware\UnInst.log" "/APPNAME=UNO© Freeware"
Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
Windows Live Mail-->MsiExec.exe /I{DA0FC90D-5D87-445E-90B4-B938C57FE16F}
Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
Windows Live Toolbar Beta-->MsiExec.exe /X{F096941B-2D07-48A0-A9D7-54B254CFABCA}
Windows Live Writer-->MsiExec.exe /X{8FD194E6-C4B1-4AFA-BC74-7773FF9BAB4C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WorldMate 2006 Standard Edition-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7255D37E-4393-421D-BD47-9DDCB2767264}\setup.exe" -l0x40c  -removeonly
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Pack sécurité 8.00 (disabled)
FW: Pack sécurité 8.00 (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-12-14 18:09:22
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 106 GB (58%) free of 185 GB
Total RAM: 959 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:26, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\PROGRA~1\MICROS~4apimgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSLAUNCH.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Lyonnais92 · Answer

Re,

Ouvre Hijackthis (cherche C:\Program Files	rend micro\Jonas.exe  par l'explorateur windows et fais un double clic)

Choisi Open the misc tools section.

Clique sur Open ADS Spy

Vérifie que Quick scan et calculate MD5 sont cochés.

Clique sur scan.

En fin de scan, clique sur save log.

Donne lui un nom, édite le avec le Bloc-notes et poste son contenu ici.

=========================

tu connais C:\WINDOWS\Kyor.ini  installé le 21 novembre ?

==========================
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\abf617c8-.txt

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse. 

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant 

==============

Recommence avec C:\WINDOWS\Kyor.ini

================
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

=======================
Ouvre le Bloc Notes.
Copie le texte ci-dessous   (copie/colle) :
 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m] 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m.sys]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"=- 
 
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes

Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

=================
Ouvre l'explorateur wondows et cherche :

 C:\Program Files\WinAntiVirus Pro 2006\Updater.exe

Clic droit et Supprimer.

Vide la Corbeille.

=====================

Fais redémarrer l'ordi et remets un rapport RSIT.

cynthiaak · Answer

Quand j'essais de faire le scan ds hijackthis rien ne se passe. Il marque directement scan complete.
La fusion du fichier fix.reg ne fonctionne pas. il me met impossible de fusionner car le fichier n'est pas un script du registre. Par contre j'ai les rapport virus total et celuis de usb fix

c/windows/system32/abf617c8-.txt

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.2 2008.12.14 -
AntiVir 7.9.0.45 2008.12.14 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.14 -
CAT-QuickHeal 10.00 2008.12.13 -
ClamAV 0.94.1 2008.12.14 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.14 -
eSafe 7.0.17.0 2008.12.14 -
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.14 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.14 -
Ikarus T3.1.1.45.0 2008.12.14 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.14 -
McAfee 5463 2008.12.13 -
McAfee+Artemis 5463 2008.12.13 -
Microsoft 1.4205 2008.12.14 -
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.14 -
Rising 21.07.62.00 2008.12.14 -
SecureWeb-Gateway 6.7.6 2008.12.14 -
Sophos 4.36.0 2008.12.14 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.14 -
TheHacker 6.3.1.4.187 2008.12.13 -
TrendMicro 8.700.0.1004 2008.12.12 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.12.1514 2008.12.12 -
VirusBuster 4.5.11.0 2008.12.14 -
Information additionnelle
File size: 14 bytes
MD5...: 5d75f2c7351ee753b2a83028dd5cc27d
SHA1..: 655e7fd4c8e5c4dc844319d312e37c644686f101
SHA256: 89fd5b75111b401860deefb2930df94f92e067d4adc1800cdc59d5ac379786a4
SHA512: 28de2827c4c1ceccda514bfadc0c497a51ceb96757779960a02f382483c5d4ab
9672e5e2098cc22d21b0e4c34c1dcd015ab99f8d57ab8c0b61c705bda2712b32

ssdeep: 3:165S:16c

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

c/windows/kyor.ini

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.2 2008.12.14 -
AntiVir 7.9.0.45 2008.12.14 -
Authentium 5.1.0.4 2008.12.14 -
Avast 4.8.1281.0 2008.12.14 -
AVG 8.0.0.199 2008.12.14 -
BitDefender 7.2 2008.12.14 -
CAT-QuickHeal 10.00 2008.12.13 -
ClamAV 0.94.1 2008.12.14 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.14 -
eSafe 7.0.17.0 2008.12.14 -
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.14 -
F-Prot 4.4.4.56 2008.12.14 -
F-Secure 8.0.14332.0 2008.12.14 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.14 -
Ikarus T3.1.1.45.0 2008.12.14 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.14 -
McAfee 5463 2008.12.13 -
McAfee+Artemis 5463 2008.12.13 -
Microsoft 1.4205 2008.12.14 -
NOD32 3691 2008.12.14 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.14 -
PCTools 4.4.2.0 2008.12.14 -
Prevx1 V2 2008.12.14 -
Rising 21.07.62.00 2008.12.14 -
SecureWeb-Gateway 6.7.6 2008.12.14 -
Sophos 4.36.0 2008.12.14 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.14 -
TheHacker 6.3.1.4.187 2008.12.13 -
TrendMicro 8.700.0.1004 2008.12.12 -
VBA32 3.12.8.10 2008.12.14 -
ViRobot 2008.12.12.1515 2008.12.12 -
VirusBuster 4.5.11.0 2008.12.14 -
Information additionnelle
File size: 23 bytes
MD5...: 1cbc2458131f39b1ef9b59cd6183eccf
SHA1..: ba2fa571a6fe0f617fac48be11fd19b85341a38e
SHA256: 8d91b122b3297fd4ad78135526df6fe5e7fe1fba5445d9601536accd38983d9f
SHA512: 1768fb68dbb1c71126cff9eab4151b920d4045a26fe29688dfe7427b692d8b4f
eea216747a1ee0e5d2627329eb1ca5e0faf5c7b84ef336b2d1470d55a80cd776

ssdeep: 3:LpEQe0Ss:GQH

PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -

hangelog UsbFix établit le 2 decembre 2008
outils créé par Chiquitine29 , aide aux mises a jours -> Chimay8

>>>>>>in "ProgramFiles"<<<<<<<<<

Internet Explorer\Connection Wizard\icwconn1\rada
Internet Explorer\Connection Wizard\icwconn1\rade
Internet Explorer\Connection Wizard\icwconn1\radf
Internet Explorer\Connection Wizard\icwconn1\rad5
Internet Explorer\Connection Wizard\icwconn1\rad0
Internet Explorer\Connection Wizard\icwconn1\rad9
Internet Explorer\Connection Wizard\icwconn1\rad4
Internet Explorer\Connection Wizard\icwconn1\rad1
Internet Explorer\Connection Wizard\icwconn1
Movie Maker\explorer.exe
Internet Explorer\explorer.exe

>>>>>>in "Windows"<<<<<<<<<

autorun.inf
autorun.exe
autorun.vbs
autorun.reg
autorun.ini
autorun.fcb
autorun.bat
autorun.com
AdobeR.exe
Alecks.vbs
bittorrent.exe
cmd32.exe
CwbRmDir.bat
Fonts\Fonts.exe
FS6519.dll.vbs
funny.exe
GMOGLFEO.exe
hiqalowo.inf
icapy.scr
ilezyvu.bin
Lany.vbs
lumy.exe
manulopa.reg
MS32DLL.dll.vbs
MyMP3.vbs
nar.vbs
osok.inf
osotilasiq.pif
oxafa.com
qobo.dat
rundll32.vbe
sleep.vbe
SysRes.vbs
takice.lib
tusoha.exe
unahafiwik.exe
waol.exe
waziqepehi.ban
WillPolo.vbs
Win32DLL.vbs
win.vbe
window.exe
wyzeha.com
xcopy.exe
yjilu.inf
ylacupyb.dll

RECYCLER\systems.com

temp\039.tmp

>>>>>>in "Windows\system32"<<<<<<<<<

agucuri.vbs
ahr.exe
Alecks.vbs
antinul.vbe
amvo.exe
amvo0.dll
amvo1.dll
amvo2.dll
autorun.bat
Autorun.com
autorun.exe
autorun.fcb
autorun.inf
autorun.ini
autorun.reg
autorun.vbs
Autoruns.exe
avpo.exe
avpo0.dll
avpo1.dll
Bitkvo.exe
Bitkv0.dll
Bitkv1.dll
cftmonn.exe
Christina.jpg
Christina.vbs
ckvo.exe
ckvo0.dll
ckvo1.dll
ckvo2.dll
cradle_of_filth.vbe
delself.bat
FS6519.dll.vbs
GMOGLFEO.exe
icf.exe.exe
ie.exe
jvvo.exe
jvvo0.dll
jvvo1.dll
jvvo2.dll
jvvo3.dll
j3ewro.exe
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
jwedsfdo3.dll
jxnraqjxg.exe
kavo.exe
kamsoft.exe
kav0.dll
kav1.dll
kav2.dll
kav3.dll
kavo0.dll
kavo1.dll
kavo2.dll
kavo3.dll
kdkfm.exe
KEYBOARD.exe
keygen.exe
kulitut.bat
kulitut.vbs
kxvo.exe
kxvo0.dll
kxvo1.dll
kxvo2.dll
kxvo3.dll
lExplore.exe
loader.exe
logoneui.exe
LOVE-LETTER-FOR-YOU.HTM
LOVE-LETTER-FOR-YOU.TXT.vbs
msfun80.exe
msime82.exe
MSKernel32.vbs
ne0kS.dll.wsf
ne0kS.exe
OeApi.vbs
pubnet.vbs
rs32net.exe
SemiAntiVirus.vbs
Sexy Girls.scr
SpiderH.bmp
SpiderH.jpeg
SpiderH.vbs
sys.vbs
Syso.vbs
SysRes.vbs
syx.exe
taso.exe
tavo.exe
tavo0.dll
tavo1.dll
tavo2.dll
tavo3.dll
temp1.exe
temp2.exe
temp?.exe
text.txt
Ecran.exe
THe Girls
tmp.reg
tmp.txt
t.txt
vb@dock.vbs
vl@dock.vbs
Win32.vbs
winudp64.exe

dllcache\Default.exe

>>>>>>in "Windows\system32\drivers"<<<<<<<<<

._Sanaa style-1 les formes.exe
0hct8ybw.exe
1ere partie du projet modifier.exe
abdelali lahrach.exe
Analyse transactionnelle.exe
AutoRun.exe
Bernoulli01215.exe"
Cahiers français Quels modes de financement pour les entreprises - La Documentation française.exe
Copie de Devoir I.exe
e-ticket Juba Paris.exe
fdfp2.exe
fihi ghizlane Rapport de stage.exe
graphic.exe
intel.exe
isew32.exe
kheireddine.exe
le_cadeau_du_sud(1).exe
LEADERSHIP SKILLS FINAL.exe
lettre de motivation.exe
MSDS.exe
Note.exe
PREMIER CHAPITRE modifié.exe
Raila Odinga.exe

Lyonnais92 · Answer

Re,

pour le fix.reg, c'est ma faute, j'ai oublié une ligne.

Utilise ce texte :

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m] 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork
m.sys]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"=- 

et recommence comme dit.

===============

Pour USBFix, tu ne fais pas correctement quelqiue chose :

a) tu télécharges

b) tu installes

c) tu branches les supports amovibles

d) tu cliques sur le raccourci sur le Bureau (pas sur le fichier téléchargé, sur celui créé par l'installation).

cynthiaak · Answer

Je n'arrive pas a trouver le fichier a supprimer
C:\Program Files\WinAntiVirus Pro 2006\Updater.exe

Changelog UsbFix établit le 2 decembre 2008
outils créé par Chiquitine29 , aide aux mises a jours -> Chimay8

>>>>>>in "ProgramFiles"<<<<<<<<<

Internet Explorer\Connection Wizard\icwconn1\rada
Internet Explorer\Connection Wizard\icwconn1\rade
Internet Explorer\Connection Wizard\icwconn1\radf
Internet Explorer\Connection Wizard\icwconn1\rad5
Internet Explorer\Connection Wizard\icwconn1\rad0
Internet Explorer\Connection Wizard\icwconn1\rad9
Internet Explorer\Connection Wizard\icwconn1\rad4
Internet Explorer\Connection Wizard\icwconn1\rad1
Internet Explorer\Connection Wizard\icwconn1
Movie Maker\explorer.exe
Internet Explorer\explorer.exe

>>>>>>in "Windows"<<<<<<<<<

autorun.inf
autorun.exe
autorun.vbs
autorun.reg
autorun.ini
autorun.fcb
autorun.bat
autorun.com
AdobeR.exe
Alecks.vbs
bittorrent.exe
cmd32.exe
CwbRmDir.bat
Fonts\Fonts.exe
FS6519.dll.vbs
funny.exe
GMOGLFEO.exe
hiqalowo.inf
icapy.scr
ilezyvu.bin
Lany.vbs
lumy.exe
manulopa.reg
MS32DLL.dll.vbs
MyMP3.vbs
nar.vbs
osok.inf
osotilasiq.pif
oxafa.com
qobo.dat
rundll32.vbe
sleep.vbe
SysRes.vbs
takice.lib
tusoha.exe
unahafiwik.exe
waol.exe
waziqepehi.ban
WillPolo.vbs
Win32DLL.vbs
win.vbe
window.exe
wyzeha.com
xcopy.exe
yjilu.inf
ylacupyb.dll

RECYCLER\systems.com

temp\039.tmp

>>>>>>in "Windows\system32"<<<<<<<<<

agucuri.vbs
ahr.exe
Alecks.vbs
antinul.vbe
amvo.exe
amvo0.dll
amvo1.dll
amvo2.dll
autorun.bat
Autorun.com
autorun.exe
autorun.fcb
autorun.inf
autorun.ini
autorun.reg
autorun.vbs
Autoruns.exe
avpo.exe
avpo0.dll
avpo1.dll
Bitkvo.exe
Bitkv0.dll
Bitkv1.dll
cftmonn.exe
Christina.jpg
Christina.vbs
ckvo.exe
ckvo0.dll
ckvo1.dll
ckvo2.dll
cradle_of_filth.vbe
delself.bat
FS6519.dll.vbs
GMOGLFEO.exe
icf.exe.exe
ie.exe
jvvo.exe
jvvo0.dll
jvvo1.dll
jvvo2.dll
jvvo3.dll
j3ewro.exe
jwedsfdo0.dll
jwedsfdo1.dll
jwedsfdo2.dll
jwedsfdo3.dll
jxnraqjxg.exe
kavo.exe
kamsoft.exe
kav0.dll
kav1.dll
kav2.dll
kav3.dll
kavo0.dll
kavo1.dll
kavo2.dll
kavo3.dll
kdkfm.exe
KEYBOARD.exe
keygen.exe
kulitut.bat
kulitut.vbs
kxvo.exe
kxvo0.dll
kxvo1.dll
kxvo2.dll
kxvo3.dll
lExplore.exe
loader.exe
logoneui.exe
LOVE-LETTER-FOR-YOU.HTM
LOVE-LETTER-FOR-YOU.TXT.vbs
msfun80.exe
msime82.exe
MSKernel32.vbs
ne0kS.dll.wsf
ne0kS.exe
OeApi.vbs
pubnet.vbs
rs32net.exe
SemiAntiVirus.vbs
Sexy Girls.scr
SpiderH.bmp
SpiderH.jpeg
SpiderH.vbs
sys.vbs
Syso.vbs
SysRes.vbs
syx.exe
taso.exe
tavo.exe
tavo0.dll
tavo1.dll
tavo2.dll
tavo3.dll
temp1.exe
temp2.exe
temp?.exe
text.txt
Ecran.exe
THe Girls
tmp.reg
tmp.txt
t.txt
vb@dock.vbs
vl@dock.vbs
Win32.vbs
winudp64.exe

dllcache\Default.exe

>>>>>>in "Windows\system32\drivers"<<<<<<<<<

._Sanaa style-1 les formes.exe
0hct8ybw.exe
1ere partie du projet modifier.exe
abdelali lahrach.exe
Analyse transactionnelle.exe
AutoRun.exe
Bernoulli01215.exe"
Cahiers français Quels modes de financement pour les entreprises - La Documentation française.exe
Copie de Devoir I.exe
e-ticket Juba Paris.exe
fdfp2.exe
fihi ghizlane Rapport de stage.exe
graphic.exe
intel.exe
isew32.exe
kheireddine.exe
le_cadeau_du_sud(1).exe
LEADERSHIP SKILLS FINAL.exe
lettre de motivation.exe
MSDS.exe
Note.exe
PREMIER CHAPITRE modifié.exe
Raila Odinga.exe
Rapport NADIA.exe
spectro_masse1.exe
td de reacteur.exe
these-223.exe
xyw9tmdj.exe

>>>>>>in "Documents and Settings"<<<<<<<<<

tazebama.dl_
hook.dl_

>>>>>>in "appdata"<<<<<<<<<

fetomiv.vbs
gumugy.vbs
jicapikase.vbs
mobyhikaja.vbs
nebohozi.com
orimuwy.exe
sidymyvig.vbs
tazebama\tazebama.log
tazebama\zPharaoh.dat
tazebama

>>>>>>in "Temp files"<<<<<<<<<

1.reg
2.dll
6257890.exe
fq9.dll
help.exe
help1.rar
inst.exe
system.dll
w2e.sys
winhqqo.exe
wintoift.exe
xhjb.dll
xxx6042.exe
zb5ok.dll

>>>>>>in "All Drives"<<<<<<<<<

._autorun.inf
autorun.inf
autorun.ini
autorun.reg
autorun.bat
autorun.vbs
autorun2.inf
autosys.exe
00hoeav.com
096.bat
0gjn3yw.exe
0qx0sc6.bat
0tmhoc.cmd
0u.cmd
0w.com
0wk2.cmd
108i.cmd
1aq1obb.bat
1bbvq96y.com
1dg.exe
1i.com
1nkbd8h.bat
1rfw8hjr.com
1u0o8bnq.cmd
1weicxa.com
1XXEC.exe
22xo.exe
2ifetri.cmd
2y8la.exe
30ed3.exe
33gmhso.bat
39lpji.com
3o.exe
3wcxx91.cmd
3xXx31.exe
4vzjaw3o.sys
62oop0ak.bat
68.exe
6tkoyhx.cmd
6x8be16.cmd
8e9gmih.bat
8ng8w.com
93vx0c.com
9yqusig.bat
22wcb21o.exe
31n3b2h.exe
39lpji.com
80avp08.com
82r9.cmd
83fgj.com
83l3v.cmd
8df.exe >
8h3hh3m.exe
8tss2gwq.bat
90imhpnc.exe
92j11sm.com
9es.com
a1.bat
a9.com
abk.bat
activexdebugger32.exe
Administrateur_Fichiers.exe
admp.exe
adobeR.exe
Akon.exe
Alecks.vbs
antihost.exe
antinul.vbe
aoutfq.exe
ar.exe
Atisetup.exe
auto.exe
autorum.exe
AutoRun\Demo.exe
autorun.exe
autorun.pif
autoruns.exe
AutoScr.exe
ay8p6v3.cmd
Ayame.exe
b3b9u.com
bicsxk03.com
bittorrent.exe
bndafai.exe
bo1dhu.bat
bobm.exe
boot.exe
bootin.exe
bplrl98.cmd
buis.exe
bwpncb6.com
bxuup9r.bat c18vk.exe
c9.com
c9hehpa.bat
camp.exe
cayfq2.cmd
cd8idoyl.com
cdr.exe
ceb6eu98.bat
cekbru.pif
clear.bat
ClickMe.exe
cftmonn.exe
cfv90h.com
Christina.vbs
cjq.exe
commands.txt
comment.htt
copetttt.com
copy.exe
cradle_of_filth.vbe
cqdis.cmd
cvqkuk.exe
d3bn0j.exe
ddyikr.cmd
delautorun.bat
DFD34719171.bat
DFD34719375.bat
DFD34719609.bat
DFD34723328.bat
DFD34723375.bat
DFD34723781.bat
DFD34724390.bat
DFD34719609.bat
DFD34724531.bat
DFD34724656.bat
DFD34725125.bat
DFD34725218.bat
DFD34726312.bat
DFD34724390.bat
DFD34726328.bat
DFD34729609.bat
DFD34730531.bat
DFD34730937.bat
DFD34734937.bat
DFD34739859.bat
DFD34741421.bat
DFD34741734.bat
DFD34741843.bat
DFD*.bat
dhv2u8.cmd
DPFMate.exe
dstart.exe
dtqlv.exe
dynrn6e.cmd
e898.com
e9ehn1m8.com
eb9ehyh.exe
Ecran.exe
ek.com
ekf6dbg0.com
ekugb3.bat
erdeIect.com
esta ig.vbs
ev60a2.cmd
explorer.exe
exqmmle.exe
f0.cmd
f2ir.com
fe.bat
ffojc.com
fi.cmd
FLIPART.EXE
folder.exe
Folder.htt
fooool.exe
Form5.exe
forSV.exe
FS6519.dll.vbs
fucker.vbs
fun.xls.exe
g2p3s.exe
g2pfnid.com
g83816.com
gdmae.bmp
Ghost.pif
gkyzcijfb.exe
GMOGLFEO.exe
gqsk.bat
graphic.exe
gsxlexd.cmd
gxlxknou.exe
gy.cmd
h0s2.bat h2.com
hfhludy.exe
hgu.bat
hni.cmd
host.exe
hsomklg.exe
hxt9.bat
i0.cmd
i8.cmd
ie.exe
igxv.cmd
ij.bat
ilpg9ejd.com
info.exe
infrom.exe
ino6.com
install.exe
intel.exe
intro.exe
ipy.cmd
iq0ecwcj.cmd
lsass.exe
itsduel.exe
iwjj.com
j4c8t8b5l3a6.exe
j8q8d.cmd
jbfqv8j.cmd
jdhc2x2.com
jdwx.exe
jfjsipw.exe
jfvkcsy.bat
jiwsxh39.exe
JJJ.exe
Jojo.exe
jwwgtuh.exe
jxnraqjxg.exe
jxpiinstall.exe
k6wkwon2.exe
ka1nk.bat
kaq86asx.bat
kayira.bat
kbqbptn.exe
kdkfm.exe
kdy.cmd
kfmyoc.pif
khbph.exe
killVBS.vbs
kk3.bat
KM.exe
kmd.exe
kn6jhgc.cmd
kqnns.exe
kqsr.exe
krg62.cmd
kulitut.bat
kulitut.vbs
kxax.cmd
l2f.cmd
l9dwu8.bat
lExplore.exe
lgcadwx.bat
lgrncie.bat
lky.exe
ln9.exe
lo.exe
loader.exe
logoneui.exe
Long.exe
LOVE.PIF
ltljrg.exe
lumy.exe
lurjlnps.exe
lvxvo1xg.cmd
m1t8ta.com
m9j.com
mail.exe
manulopa.reg
mcxa.exe
Menu.exe
mgjpcfdg.cm
mnl6on3.com
mp.bat
mp.cmd
mp.com
Movie1.exe
mrsne.bat
MS-DOS.com
MS32DLL.dll.vbs
MSd040.vbs
MSdC64.vbs
MSdFB7.vbs
MSd141.vbs
MSd191.vbs
MSd49A.vbs
MSdE78.vbs
MSd*.vbs
mshta.exe
MSKernel32.vbs
muniu.exe
MyMP3.vbs
n1detect.com
n2de.cmd
n6j.com
n6j6pc0.com
n6t1h.cmd
nansy ajram.vbs
nar.vbs
ne0kS.exe
nemesis.exe
nemesis.inf
nfdmg.com
nideiect.com
niu.exe
njibyekk.com
nl.com
nncu6kk.com
NoLimit.exe
np.exe
nq0cq.cmd
nqvarn.pif
nriljal.exe
ntde1ect.com
ntdelect.com
nq.bat
nq0cq.cmd
nqgcd.com
nsv.bat
nw0t1l0d.exe
o2yf0w.bat
o9o2u.bat
o6opnro.bat
OeApi.vbs
oegbi.exe
ogcikeq.com
oka3yrf.bat
oq.cmd
oskkofa.exe
osotilasiq.pif
osy3.sys
otyh.cmd
oufddh.exe
oxafa.com
p3r1ud.exe
p83gjy.exe
p9.exe
pa39xth.cmd
pagefile.pif
pbwkwj.com
pefbutr.exe
pkxfkrki.bat
ph.com
phgr1j.bat
phim_nguoi_lon.exe
pnc.exe
prhyper.exe
psqrhqn.exe
pxka.exe
q3v.com
q83iwmgf.bat
q8sywiva.cmd
qcwpung.exe
qd.cmd
qjfl.exe
qkarc.exe
qquq.bat
qqzjnhuoi.exe
qpe6.com
qobo.dat
qrkugxtw.exe
qxbx9blb.com
r1y1.bat
r2nl.com
r6r.exe
r813.bat
Raila Odinga.exe
Raila Odinga.gif
ranvrgn.exe
ravmon.exe
ravmon.log
ReadMe.exe
RecInfo\RecInfo.exe
Recycle.exe
Recycled\ctfmon.exe
RECYCLED\INFO.exe
Recycled.exe
RECYCLER\Lock Folder.exe
RECYCLER\RECYCLER.exe
RECYCLER\*.exe
regxpcom.exe
resycled\boot.com
resycled\ctfmon.exe
revo.exe
rggbw.exe
rjiybg.exe
rn.exe
rombkaewl.exe
rosftpm.exe
rqq2v.bat
rs.cmd
rt.exe
Run.exe
runaut~1\autorun.pif
RunDll32.exe
rxukgcm.exe
s38k.exe
sal.xls.exe
sasyg1y8.com
script.bat
scriptlo.txt
scvhosts.exe
sdcvhost.exe
SemiAntiVirus.vbs
smkjd.cmd
smss.exe
semo2x.exe
spq.bat
serivces.exe
server.exe
server.inf
Sex City.jpg.wsf
sowar.vbs
SpiderH.vbs
sq.com
sqlserv.exe
SSVICHOSST.exe
stwi.com
svch0st.exe
scvhosts.exe
svdioajm.cmd
sxs.exe
sydp.exe
sys.vbs
Syso.vbs
SysRes.vbs
system.exe
system32.exe
systems.com
systems.exe
t82e2v.cmd
TAE7ESLP.exe
taipingtianguov1.1.exe
takice.lib
tel.xls.exe
temp.bat
temp.exe
temp.temp
temp1.exe
temp2.exe
test.exe
testfile.bat
testflo.bat
tfk8.exe
The_Cars.vbs
THe Girls
tknapl.exe
tknn6.bat
tmf3w3g0.com
TMMDW8LP.exe
Toy.exe
tusoha.exe
tyktjfww.exe
u18vxqle.com
u6k.cmd
u9dyi.exe
udnnnvq.exe
UFO.exe
ufuaugwq.exe
uis.com
uis.exe
um.cmd
un9.cmd
unahafiwik.exe
UnplugDrive.exe
uorys.cmd
update.exe
uqhqx1.cmd
usdeiect.com
userinit.exe
utdetect.com
uxdeiect.com
u?de?ect.com
v2h3.exe
v3pif.bat
VB6FR.DLL
vb@dock.vbs
vfpkkbq.exe
vksucydrh.exe
vl@dock.vbs
vmhr.bat
vmyphd.bat
vva0hc0p.cmd
vxl.exe
w0o.com
w0owgn.bat
w32sys.exe
w3dn9f.bat
waziqepehi.ban
wa6.vbs
Wallpaper.vbs
WallpaperMEHDI.vbs
wfhth.exe
whi.com
WillPolo.vbs
WINDOWS.EXE
Windows.scr
winfile.exe
winglogon.exe
winrun.vbs
winstall.exe
wjlfhtfm.cmd
wol.exe
wsctf.exe
wtbcccq.exe
x0.cmd
XAdeIect.com
xcopy.exe
xfoolavp.com
xih9.cmd
xj.bat
xk2n.bat
xlk9.com
xlu8a8sy.exe
xmnm2.cmd
xn1i9x.com
xnynrnh.exe
xo8wr9.exe
xp19.com
xpbkh.com
xqf.com
xvlyb.exe
xyhav.pif
y82td3td.com
ybj8df.exe
yew.bat
yg.cmd
yjilu.inf
ylacupyb.dl
ylr.exe
yjkjfuo.cmd
yjvmtaa.exe
ynfs9ks.cmd
yssjnngm.cmd
yvmkdwn.exe
zPharaoh.exe
0.cmd
1.cmd
2.cmd
3.cmd
4.cmd
5.cmd
6.cmd
7.cmd
8.cmd
9.cmd
0.bat
1.bat
2.bat
3.bat
4.bat
5.bat
6.bat
7.bat
8.bat
9.bat
0.exe
1.exe
2.exe
3.exe
4.exe
5.exe
6.exe
7.exe
8.exe
9.exe
0.com
1.com
2.com
3.com
4.com
5.com
6.com
7.com
8.com
9.com
0.vbs
1.vbs
2.vbs
3.vbs
4.vbs
5.vbs
6.vbs
7.vbs
8.vbs
9.vbs
a.com
b.com
c.com
d.com
e.com
f.com
g.com
h.com
i.com
j.com
k.com
l.com
m.com
n.com
o.com
p.com
q.com
r.com
s.com
t.com
u.com
v.com
w.com
x.com
y.com
z.com
a.bat
b.bat
c.bat
d.bat
e.bat
f.bat
g.bat
h.bat
i.bat
j.bat
k.bat
l.bat
m.bat
n.bat
o.bat
p.bat
q.bat
r.bat
s.bat
t.bat
u.bat
v.bat
w.bat
x.bat
y.bat
z.bat
a.cmd
b.cmd
c.cmd
d.cmd
e.cmd
f.cmd
g.cmd
h.cmd
i.cmd
j.cmd
k.cmd
l.cmd
m.cmd
n.cmd
o.cmd
p.cmd
q.cmd
r.cmd
s.cmd
t.cmd
u.cmd
v.cmd
w.cmd
x.cmd
y.cmd
z.cmd
a.exe
b.exe
c.exe
d.exe
e.exe
f.exe
g.exe
h.exe
i.exe
j.exe
k.exe
l.exe
m.exe
n.exe
o.exe
p.exe
q.exe
r.exe
s.exe
t.exe
u.exe
v.exe
w.exe
x.exe
y.exe
z.exe
a.vbs
b.vbs
c.vbs
d.vbs
e.vbs
f.vbs
g.vbs
h.vbs
i.vbs
j.vbs
k.vbs
l.vbs
m.vbs
n.vbs
o.vbs
p.vbs
q.vbs
r.vbs
s.vbs
t.vbs
u.vbs
v.vbs
w.vbs
x.vbs
y.vbs
z.vbs
*.dll.vbs

>>Dossiers :

AutoRun
autorun.inf
fsc.tmp
RecInfo
Recycled\Recycled
Recycler\Recycler
resycled
runaut~1
sdlflzoip

>>>>>>"Registry"<<<<<<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Window Title"=-
"Start Page"=-
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="https://www.msn.com/fr-fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"fucker"=-
"SysDir"=-
"ms32dll"=-
"cftmonn"=-
"Lany"=-
"Zip"=-
"RavAV"=-
"cmd32"=-
"Install.exe"=-
"FIXEDFON.FON"=-
"MS-RAD0"=-
"MS-RAD1"=-
"MS-RAD2"=-
"MS-RAD3"=-
"MS-RAD4"=-
"MS-RAD5"=-
"MS-RAD6"=-
"MS-RAD7"=-
"MS-RAD8"=-
"MS-RAD9"=-
"MS-RADA"=-
"MS-RADB"=-
"MS-RADC"=-
"MS-RADD"=-
"MS-RADE"=-
"MS-RADF"=-
"MS-RADG"=-
"MS-RADH"=-
"MS-RADI"=-
"MS-RADJ"=-
"MS-RADK"=-
"MS-RADL"=-
"MS-RADM"=-
"MS-RADN"=-
"MS-RADO"=-
"MS-RADP"=-
"MS-RADQ"=-
"MS-RADR"=-
"MS-RADS"=-
"MS-RADT"=-
"MS-RADU"=-
"MS-RADV"=-
"MS-RADW"=-
"MS-RADX"=-
"MS-RADY"=-
"MS-RADZ"=-
" "=-
"winrun.dll"=-
"loader.exe"=-
"recinfo49"=-
"System"=-
"System Updater Machine"=-
"SpiderH"=-
"winudp64.exe"=-
"System12"=-
"System64"=-
"IMJPMIG8.2"=-
"CARPService"=-
"039.tmp"=-
"userd"=-
"nar"=-
"MSKernel32"=-
"WillPolo"=-
"MyMP3"=-
"FS6519"=-
"Windows\SysRes.vbs"=-
"SysRes"=-
"Raila Odinga"=-
"reginit"=-
"lnternet Update"=-
"GMOGLFEO"=-
"WintelUpdate"=-
"Pubnet"=-
"antihost"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"System Updater Machine"=-
"Win32DLL"=-
"lnternet Update"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" "=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=-
"amva"=-
"kava"=-
"tava"=-
"avpa"=-
"internet_explorer"=-
"anti-virus 2007"=-
"Mp3 player"=-
"kxvo"=-
"EXPLORER.EXE"=-
"wsctf.exe"=-
"loader.exe"=-
"jvvo"=-
"taso"=-
"Avg_AntiHost"=-
"jvsoft"=-
"tasoft"=-
"SpiderH"=-
"MsServer"=-
"MSFox"=-
"msn"=-
"????r"=-
"Windows Update"=-
"Microsoft Debug Manager"=-
"protect_autorun"=-
"Le Petit Robert Hyperappel"=-
"firewall 2008"=-
" "=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
" "=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"test"=-
"Msn"=-
"MsnHost"=-
"MsnLoad"=-
"MsnConvert"=-
"MsnMessendger"=-
"sys"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultUserName"=-
"LegalNoticeCaption"=-
"LegalNoticeText"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\NoChangingWallPaper]

-------------------------------------------------------------------------------------------------------------

Mises a jours du 5 decembre 2008

>>>>>>in "All Drives"<<<<<<<<<

6xdgw26.com
6xig.com
8386nac.com
8e.com
8u.com
8uot.exe
arun.exe
asneg.com
bpu.exe
br1e.com
cdwfql2v.com
ceqfqp.bat
cm0.com
d1y36.com
dh66ln.cmd
dpu1.exe
dyr2j6mv.exe
ermvu8.cmd
fblfnthuh.exe
fn20.exe
fufb6tq3.cmd
g2o1n.exe
gx.com h3hi1k3.exe
i8.com
ivcvknr.bat
jv.exe
kernel32.dll.vbs
kg2v.com
klp8j6i.com
ktnquo.exe
l1.cmd
lp3c.bat
m0g8sqx.cmd
m6dqm2vd.exe
m8wafly.com
m9as2c.cmd
MicrosoftPowerPoint.exe
MSd30D.vbs
msnmsgr_plus.exe
ncyrf.bat
ntdeIect.com
ntnq.exe
ntphyy.com
NTsys.exe
o6pq1n8.com
okhr.exe
ous.exe
ox.cmd
p1f6b.exe
program.exe
qeoc6sj.exe
qwultj1.bat
rcukd.cmd
rdsfk.com
rjx0.exe
rqb0v2ot.bat
scene.exe
Server082.exe
tigi.cmd
uh31.exe
uwlmj.com
uxkktr.cmd
vd91t29.exe
w2qagd.com
welcome.exe
WindowsXP.exe
winsys3.exe
ypjq1.cmd

.MGT_reg32.dll.vbs
achitasin.dll.vbs
autoupdate.dll.vbs
bat32.txt
happy.vbs
ie.vbs
killgodzilla.vbs
maskrider.dll.vbs
maskrider2001.vbs
msiexec.dll.vbs
MsUpdate.sys.vbs
nohack.vbs
RUNDLL64.dll.vbs
setup.dll.vbs
VBRuntime32.dll.vbs
viva.dll.vbs
Win32.dll.vbs
winconfig.dll.vbs
xepet.html
xepet.txt

>>>>>>in "Windows"<<<<<<<<<

.MGT_reg32.dll.vbs
achitasin.dll.vbs
autoupdate.dll.vbs
bat32.txt
boot.ini
happy.vbs
ie.vbs
killgodzilla.vbs
maskrider.dll.vbs
maskrider2001.vbs
msiexec.dll.vbs
MsUpdate.sys.vbs
nohack.vbs
RUNDLL64.dll.vbs
setup.dll.vbs
VBRuntime32.dll.vbs
viva.dll.vbs
Win32.dll.vbs
winconfig.dll.vbs
xepet.html
xepet.txt

>>>>>>in "Windows\system32"<<<<<<<<<

kdyul.exe
gasretyw0.dll
gasretyw1.dll
gasretyw2.dll
gasretyw3.dll
DC4491.DLL

>>>>>>"Registry"<<<<<<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winboot"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UC"=-
"r4n694-24y"=-
"kernel32"=-
"MSConfigs"=-
"Microsoft"=-
"MGT_reg"=-
"Winboot"=-
"Winamp"=-
"Macromedia"=-
"WINFIX"=-
"winconfig"=-
"Achitasin"=-
"mcafee"=-
"wscript32dll"=-
"Batch32"=-
"maskrider"=-
"autoupdate"=-
"KILLMS32DLL"=-
"WinExpress"=-
"WinDebugger"=-
"C:\WINDOWS\system32\kdyul.exe"=-

mises a jours du 6 Décembre 2008

>>>>>>in "All Drives"<<<<<<<<<

lgrncie.bat
info.bat
iqosrtk.bat
0oyl662q.cmd
eb.bat
New Folder.exe
Setup_ver1.1779.2.exe
Setup_ver*.exe

>>>>>>in "Windows"<<<<<<<<<

SSVICHOSST.exe

>>>>>>in "Windows\system32"<<<<<<<<<

SSVICHOSST.exe
kdxkt.exe
kdjay.exe
kdwzh.exe
msiconf.exe

>>>>>>"Registry"<<<<<<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"MsUpdate"=-
"C:\WINDOWS\system32\kdxkt.exe"=-
"C:\WINDOWS\system32\kdjay.exe"=-
"C:\WINDOWS\system32\kdwzh.exe"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"msiexec.exe"=-
"Yahoo Messengger"=-

mises a jours du 11 Décembre 2008

>>>>>>in "All Drives"<<<<<<<<<

Secret.exe
hupxj.bat
fphj6j31.bat
shell.exe
Installer.exe
fvbk.exe
snaoc9i.exe
bt8vuaw.com
wjlc.exe
6fnlpetp.exe
g8rruyw.exe
o1.com
yannh.cmd
1t6yxlxx.cmd
2h60k.cmd
3rl3lqbq.bat
ewatr.cmd
Maradona.exe
iw.bat
m2nl.bat
ov.cmd
pnt.com
t1ypkh.exe
grgarevn.inf
microsvn.inf
refsanvn.inf
Zidan vs Tito.exe
desktop.exe
omsirutnarg.exe
Alisa.exe
blazzers.exe
burimi.exe
nfd.exe
repppp.exe
wax.exe
wny.exe
msv2008.exe
GETBOOTD.BAT
tbm9.bat
08dgu.com

>>>>>>in "Windows\system32"<<<<<<<<<

vamsoft.exe
vbsdfe0.dll
vbsdfe1.dll
vbsdfe2.dll
vbsdfe3.dll
syx.exe

>>>>>>"Registry"<<<<<<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Host Process for Windows Services"=-
"Advanced DHTML Enable"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\runServices]
"Host Process for Windows Services"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Runonce"=-
"vamsoft"=-

Lyonnais92 · Answer

Re,

je ne sais pas ce que tu fais avec USBFix, mais tu ne l'exécutes pas. Tu copies la liste des programmes qu'il traite (le changelog).

Relis la procédure et exécute la pas à pas.

cynthiaak · Answer

Ben quand je le lance ca marche mais quan le pc se rallume ca me met kil ne trouve pas le fichier. Mais c'est vraiment important ca parceque quand jai eu le virus javais rien d'allumé....

Lyonnais92 · Answer

Boinjour,

reposte un nouveau rapport RSIT

cynthiaak · Answer

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-12-15 18:38:29
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 106 GB (57%) free of 185 GB
Total RAM: 959 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:45, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\SFR\Pack Sécurité\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SFR\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\SFR\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\SFR\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsus.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\SFR\Pack Sécurité\FSGUI\scanwizard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Lyonnais92 · Answer

Re,

fais ceci :

Démarrer, Exécuter, tapes combofix /u dans la zone de saisie et OK.


On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

cynthiaak · Answer

quand j'appuie sur ok combofix se charge puis ya une message d'erreur ki met vousne pouvez pas renommer combofix 1. Veuillz choisir une autre nom

Lyonnais92 · Answer

fais ceci :

Démarrer, Exécuter, tapes

combofix /u

dans la zone de saisie et OK.


On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

=================

je ne vois pas pourquoi tu veux renommer Combofix.

cynthiaak · Answer

en fait javais fait executer et pas enregistrer du coup ca voulais renommer. Bref voila le rapport.

ComboFix 08-12-15.04 - Compaq_Propriétaire 2008-12-16 12:15:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.959.527 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
c:\documents and settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\DriveCleaner 2006.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Mode d'emploi en ligne de DriveCleaner 2006.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Page d´accueil de DriveCleaner 2006.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free\Support en ligne de DriveCleaner 2006.lnk
C:\WA6P
c:\windows\pack.epk
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 13:01 . 2008-12-15 13:04 1,393 --a------ c:\windows\imsins.BAK
2008-12-14 20:04 . 2008-12-14 20:05 <REP> d-------- c:\program files\Windows Live Toolbar
2008-12-14 20:04 . 2008-12-14 20:04 <REP> d-------- c:\program files\Windows Live Favorites
2008-12-14 19:57 . 2008-12-14 21:42 <REP> d-------- c:\windows\SxsCaPendDel
2008-12-14 18:09 . 2008-12-14 18:09 <REP> d-------- C:\rsit
2008-12-13 22:23 . 2008-12-14 18:06 <REP> d-------- c:\program files\Ad-remover
2008-12-13 10:17 . 2008-12-14 18:25 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Tracing
2008-12-13 10:17 . 2008-12-14 18:25 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Tracing
2008-12-13 09:53 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-13 09:48 . 2008-12-13 09:48 <REP> d-------- c:\program files\Microsoft
2008-12-13 09:46 . 2008-12-14 20:05 <REP> d-------- c:\program files\Windows Live
2008-12-13 09:38 . 2008-12-13 09:38 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-12 18:46 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-12 18:05 . 2008-12-12 18:05 <REP> d-------- c:\program files\Trend Micro
2008-12-12 17:52 . 2008-12-12 17:52 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 17:52 . 2008-12-12 17:52 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-12-12 17:52 . 2008-12-12 17:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-12 17:52 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 17:52 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-08 21:05 . 2008-12-08 21:05 30,856 --a------ c:\windows\system32\drivers\fsbts.sys
2008-12-08 13:12 . 2008-09-23 14:35 79,904 --a------ c:\windows\system32\drivers\fsdfw.sys
2008-12-08 13:09 . 2008-12-08 13:09 <REP> d-------- c:\program files\SFR
2008-12-08 13:03 . 2008-12-08 13:03 <REP> d-------- c:\documents and settings\All Users\Application Data\fssg
2008-12-06 19:36 . 2008-12-06 19:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-06 18:07 . 2008-12-06 18:07 <REP> d-------- c:\program files\Lavasoft
2008-12-06 18:07 . 2008-12-06 18:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 18:06 . 2008-12-06 18:06 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-06 17:45 . 2008-12-06 17:46 <REP> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 19:01 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-12-14 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-08 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2008-12-08 12:06 --------- d-----w c:\program files\Pack Securite
2008-11-14 21:43 5,774 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-11-10 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse
2008-11-07 08:05 --------- d-----w c:\program files\eMule
2008-10-30 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-10-30 19:48 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Zylom
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-05 13:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090520080906\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup Pro"="c:\program files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2005-07-01 18968576]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"H/PC Connection Agent"="c:\progra~1\MICROS~4\wcescomm.exe" [2006-06-26 1211176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-25 155648]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2008-09-23 957024]

c:\documents and settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Compaq_Propri‚taire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-13 143360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2008-12-08 30856]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-08 79904]
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\DRIVERS\IABFilt.sys [2006-06-15 25344]
R1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [2008-12-08 66720]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [2008-12-08 72288]
R3 FSORSPClient;F-Secure ORSP Client;"c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe" [2008-12-08 55904]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\SFR\Pack Sécurité\Anti-Virus\Win2K\FSfilter.sys [2008-12-08 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\SFR\Pack Sécurité\Anti-Virus\Win2K\FSrec.sys [2008-12-08 25184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2b54a8a-8c62-11db-af7e-b17ad092d25b}]
\Shell\AutoRun\command - L:\readme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9125dea-3b64-11db-af59-e4d81afed5b9}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-16 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL

c:\windows\Downloaded Program Files\Rawflow.ocx - O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00}
hxxp://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab

c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}
hxxp://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\z388z6z2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lo.st
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 12:21:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "c:\program files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(796)
c:\program files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(708)
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdc32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
c:\program files\SFR\Pack Sécurité\Common\FSMA32.EXE
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32.exe
c:\program files\SFR\Pack Sécurité\Common\FSMB32.EXE
c:\program files\SFR\Pack Sécurité\Common\FCH32.EXE
c:\program files\SFR\Pack Sécurité\Common\FAMEH32.EXE
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsqh.exe
c:\program files\SFR\Pack Sécurité\FSPC\fspc.exe
c:\program files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
c:\program files\SFR\Pack Sécurité\FWES\program\fsdfwd.exe
c:\program files\SFR\Pack Sécurité\FSAUA\program\fsus.exe
c:\progra~1\SFR\PACKSC~1\ANTI-V~1\fsav32.exe
c:\documents and settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
c:\documents and settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
c:\program files\Hp\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Heure de fin: 2008-12-16 12:26:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-16 11:26:04

Avant-CF: 111 570 227 200 octets libres
Après-CF: 111,659,515,904 octets libres

236 --- E O F --- 2008-12-15 12:05:05

Lyonnais92 · Answer

Re,

tes supports amovibles sont infectés.

fais ceci :

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

cynthiaak · Answer

Quand le pc redemarre il me met un message d'erreur disant qu'il ne trouve pas l'emplacement c:/program Voila kan meme le rapport Changelog UsbFix établit le 2 decembre 2008 outils créé par Chiquitine29 , aide aux mises a jours -> Chimay8 >>>>>>in "ProgramFiles"<<<<<<<<< Internet Explorer\Connection Wizard\icwconn1 ada Internet Explorer\Connection Wizard\icwconn1 ade Internet Explorer\Connection Wizard\icwconn1 adf Internet Explorer\Connection Wizard\icwconn1 ad5 Internet Explorer\Connection Wizard\icwconn1 ad0 Internet Explorer\Connection Wizard\icwconn1 ad9 Internet Explorer\Connection Wizard\icwconn1 ad4 Internet Explorer\Connection Wizard\icwconn1 ad1 Internet Explorer\Connection Wizard\icwconn1 Movie Maker\explorer.exe Internet Explorer\explorer.exe >>>>>>in "Windows"<<<<<<<<< autorun.inf autorun.exe autorun.vbs autorun.reg autorun.ini autorun.fcb autorun.bat autorun.com AdobeR.exe Alecks.vbs bittorrent.exe cmd32.exe CwbRmDir.bat Fonts\Fonts.exe FS6519.dll.vbs funny.exe GMOGLFEO.exe hiqalowo.inf icapy.scr ilezyvu.bin Lany.vbs lumy.exe manulopa.reg MS32DLL.dll.vbs MyMP3.vbs nar.vbs osok.inf osotilasiq.pif oxafa.com qobo.dat rundll32.vbe sleep.vbe SysRes.vbs takice.lib tusoha.exe unahafiwik.exe waol.exe waziqepehi.ban WillPolo.vbs Win32DLL.vbs win.vbe window.exe wyzeha.com xcopy.exe yjilu.inf ylacupyb.dll RECYCLER\systems.com temp\039.tmp >>>>>>in "Windows\system32"<<<<<<<<< agucuri.vbs ahr.exe Alecks.vbs antinul.vbe amvo.exe amvo0.dll amvo1.dll amvo2.dll autorun.bat Autorun.com autorun.exe autorun.fcb autorun.inf autorun.ini autorun.reg autorun.vbs Autoruns.exe avpo.exe avpo0.dll avpo1.dll Bitkvo.exe Bitkv0.dll Bitkv1.dll cftmonn.exe Christina.jpg Christina.vbs ckvo.exe ckvo0.dll ckvo1.dll ckvo2.dll cradle_of_filth.vbe delself.bat FS6519.dll.vbs GMOGLFEO.exe icf.exe.exe ie.exe jvvo.exe jvvo0.dll jvvo1.dll jvvo2.dll jvvo3.dll j3ewro.exe jwedsfdo0.dll jwedsfdo1.dll jwedsfdo2.dll jwedsfdo3.dll jxnraqjxg.exe kavo.exe kamsoft.exe kav0.dll kav1.dll kav2.dll kav3.dll kavo0.dll kavo1.dll kavo2.dll kavo3.dll kdkfm.exe KEYBOARD.exe keygen.exe kulitut.bat kulitut.vbs kxvo.exe kxvo0.dll kxvo1.dll kxvo2.dll kxvo3.dll lExplore.exe loader.exe logoneui.exe LOVE-LETTER-FOR-YOU.HTM LOVE-LETTER-FOR-YOU.TXT.vbs msfun80.exe msime82.exe MSKernel32.vbs ne0kS.dll.wsf ne0kS.exe OeApi.vbs pubnet.vbs rs32net.exe SemiAntiVirus.vbs Sexy Girls.scr SpiderH.bmp SpiderH.jpeg SpiderH.vbs sys.vbs Syso.vbs SysRes.vbs syx.exe taso.exe tavo.exe tavo0.dll tavo1.dll tavo2.dll tavo3.dll temp1.exe temp2.exe temp?.exe text.txt Ecran.exe THe Girls tmp.reg tmp.txt t.txt vb@dock.vbs vl@dock.vbs Win32.vbs winudp64.exe dllcache\Default.exe >>>>>>in "Windows\system32\drivers"<<<<<<<<< ._Sanaa style-1 les formes.exe 0hct8ybw.exe 1ere partie du projet modifier.exe abdelali lahrach.exe Analyse transactionnelle.exe AutoRun.exe Bernoulli01215.exe" Cahiers français Quels modes de financement pour les entreprises - La Documentation française.exe Copie de Devoir I.exe e-ticket Juba Paris.exe fdfp2.exe fihi ghizlane Rapport de stage.exe graphic.exe intel.exe isew32.exe kheireddine.exe le_cadeau_du_sud(1).exe LEADERSHIP SKILLS FINAL.exe lettre de motivation.exe MSDS.exe Note.exe PREMIER CHAPITRE modifié.exe Raila Odinga.exe Rapport NADIA.exe spectro_masse1.exe td de reacteur.exe these-223.exe xyw9tmdj.exe >>>>>>in "Documents and Settings"<<<<<<<<< tazebama.dl_ hook.dl_ >>>>>>in "appdata"<<<<<<<<< fetomiv.vbs gumugy.vbs jicapikase.vbs mobyhikaja.vbs nebohozi.com orimuwy.exe sidymyvig.vbs tazebama azebama.log tazebama\zPharaoh.dat tazebama >>>>>>in "Temp files"<<<<<<<<< 1.reg 2.dll 6257890.exe fq9.dll help.exe help1.rar inst.exe system.dll w2e.sys winhqqo.exe wintoift.exe xhjb.dll xxx6042.exe zb5ok.dll >>>>>>in "All Drives"<<<<<<<<< ._autorun.inf autorun.inf autorun.ini autorun.reg autorun.bat autorun.vbs autorun2.inf autosys.exe 00hoeav.com 096.bat 0gjn3yw.exe 0qx0sc6.bat 0tmhoc.cmd 0u.cmd 0w.com 0wk2.cmd 108i.cmd 1aq1obb.bat 1bbvq96y.com 1dg.exe 1i.com 1nkbd8h.bat 1rfw8hjr.com 1u0o8bnq.cmd 1weicxa.com 1XXEC.exe 22xo.exe 2ifetri.cmd 2y8la.exe 30ed3.exe 33gmhso.bat 39lpji.com 3o.exe 3wcxx91.cmd 3xXx31.exe 4vzjaw3o.sys 62oop0ak.bat 68.exe 6tkoyhx.cmd 6x8be16.cmd 8e9gmih.bat 8ng8w.com 93vx0c.com 9yqusig.bat 22wcb21o.exe 31n3b2h.exe 39lpji.com 80avp08.com 82r9.cmd 83fgj.com 83l3v.cmd 8df.exe > 8h3hh3m.exe 8tss2gwq.bat 90imhpnc.exe 92j11sm.com 9es.com a1.bat a9.com abk.bat activexdebugger32.exe Administrateur_Fichiers.exe admp.exe adobeR.exe Akon.exe Alecks.vbs antihost.exe antinul.vbe aoutfq.exe ar.exe Atisetup.exe auto.exe autorum.exe AutoRun\Demo.exe autorun.exe autorun.pif autoruns.exe AutoScr.exe ay8p6v3.cmd Ayame.exe b3b9u.com bicsxk03.com bittorrent.exe bndafai.exe bo1dhu.bat bobm.exe boot.exe bootin.exe bplrl98.cmd buis.exe bwpncb6.com bxuup9r.bat c18vk.exe c9.com c9hehpa.bat camp.exe cayfq2.cmd cd8idoyl.com cdr.exe ceb6eu98.bat cekbru.pif clear.bat ClickMe.exe cftmonn.exe cfv90h.com Christina.vbs cjq.exe commands.txt comment.htt copetttt.com copy.exe cradle_of_filth.vbe cqdis.cmd cvqkuk.exe d3bn0j.exe ddyikr.cmd delautorun.bat DFD34719171.bat DFD34719375.bat DFD34719609.bat DFD34723328.bat DFD34723375.bat DFD34723781.bat DFD34724390.bat DFD34719609.bat DFD34724531.bat DFD34724656.bat DFD34725125.bat DFD34725218.bat DFD34726312.bat DFD34724390.bat DFD34726328.bat DFD34729609.bat DFD34730531.bat DFD34730937.bat DFD34734937.bat DFD34739859.bat DFD34741421.bat DFD34741734.bat DFD34741843.bat DFD*.bat dhv2u8.cmd DPFMate.exe dstart.exe dtqlv.exe dynrn6e.cmd e898.com e9ehn1m8.com eb9ehyh.exe Ecran.exe ek.com ekf6dbg0.com ekugb3.bat erdeIect.com esta ig.vbs ev60a2.cmd explorer.exe exqmmle.exe f0.cmd f2ir.com fe.bat ffojc.com fi.cmd FLIPART.EXE folder.exe Folder.htt fooool.exe Form5.exe forSV.exe FS6519.dll.vbs fucker.vbs fun.xls.exe g2p3s.exe g2pfnid.com g83816.com gdmae.bmp Ghost.pif gkyzcijfb.exe GMOGLFEO.exe gqsk.bat graphic.exe gsxlexd.cmd gxlxknou.exe gy.cmd h0s2.bat h2.com hfhludy.exe hgu.bat hni.cmd host.exe hsomklg.exe hxt9.bat i0.cmd i8.cmd ie.exe igxv.cmd ij.bat ilpg9ejd.com info.exe infrom.exe ino6.com install.exe intel.exe intro.exe ipy.cmd iq0ecwcj.cmd lsass.exe itsduel.exe iwjj.com j4c8t8b5l3a6.exe j8q8d.cmd jbfqv8j.cmd jdhc2x2.com jdwx.exe jfjsipw.exe jfvkcsy.bat jiwsxh39.exe JJJ.exe Jojo.exe jwwgtuh.exe jxnraqjxg.exe jxpiinstall.exe k6wkwon2.exe ka1nk.bat kaq86asx.bat kayira.bat kbqbptn.exe kdkfm.exe kdy.cmd kfmyoc.pif khbph.exe killVBS.vbs kk3.bat KM.exe kmd.exe kn6jhgc.cmd kqnns.exe kqsr.exe krg62.cmd kulitut.bat kulitut.vbs kxax.cmd l2f.cmd l9dwu8.bat lExplore.exe lgcadwx.bat lgrncie.bat lky.exe ln9.exe lo.exe loader.exe logoneui.exe Long.exe LOVE.PIF ltljrg.exe lumy.exe lurjlnps.exe lvxvo1xg.cmd m1t8ta.com m9j.com mail.exe manulopa.reg mcxa.exe Menu.exe mgjpcfdg.cm mnl6on3.com mp.bat mp.cmd mp.com Movie1.exe mrsne.bat MS-DOS.com MS32DLL.dll.vbs MSd040.vbs MSdC64.vbs MSdFB7.vbs MSd141.vbs MSd191.vbs MSd49A.vbs MSdE78.vbs MSd*.vbs mshta.exe MSKernel32.vbs muniu.exe MyMP3.vbs n1detect.com n2de.cmd n6j.com n6j6pc0.com n6t1h.cmd nansy ajram.vbs nar.vbs ne0kS.exe nemesis.exe nemesis.inf nfdmg.com nideiect.com niu.exe njibyekk.com nl.com nncu6kk.com NoLimit.exe np.exe nq0cq.cmd nqvarn.pif nriljal.exe ntde1ect.com ntdelect.com nq.bat nq0cq.cmd nqgcd.com nsv.bat nw0t1l0d.exe o2yf0w.bat o9o2u.bat o6opnro.bat OeApi.vbs oegbi.exe ogcikeq.com oka3yrf.bat oq.cmd oskkofa.exe osotilasiq.pif osy3.sys otyh.cmd oufddh.exe oxafa.com p3r1ud.exe p83gjy.exe p9.exe pa39xth.cmd pagefile.pif pbwkwj.com pefbutr.exe pkxfkrki.bat ph.com phgr1j.bat phim_nguoi_lon.exe pnc.exe prhyper.exe psqrhqn.exe pxka.exe q3v.com q83iwmgf.bat q8sywiva.cmd qcwpung.exe qd.cmd qjfl.exe qkarc.exe qquq.bat qqzjnhuoi.exe qpe6.com qobo.dat qrkugxtw.exe qxbx9blb.com r1y1.bat r2nl.com r6r.exe r813.bat Raila Odinga.exe Raila Odinga.gif ranvrgn.exe ravmon.exe ravmon.log ReadMe.exe RecInfo\RecInfo.exe Recycle.exe Recycled\ctfmon.exe RECYCLED\INFO.exe Recycled.exe RECYCLER\Lock Folder.exe RECYCLER\RECYCLER.exe RECYCLER\*.exe regxpcom.exe resycled\boot.com resycled\ctfmon.exe revo.exe rggbw.exe rjiybg.exe rn.exe rombkaewl.exe rosftpm.exe rqq2v.bat rs.cmd rt.exe Run.exe runaut~1\autorun.pif RunDll32.exe rxukgcm.exe s38k.exe sal.xls.exe sasyg1y8.com script.bat scriptlo.txt scvhosts.exe sdcvhost.exe SemiAntiVirus.vbs smkjd.cmd smss.exe semo2x.exe spq.bat serivces.exe server.exe server.inf Sex City.jpg.wsf sowar.vbs SpiderH.vbs sq.com sqlserv.exe SSVICHOSST.exe stwi.com svch0st.exe scvhosts.exe svdioajm.cmd sxs.exe sydp.exe sys.vbs Syso.vbs SysRes.vbs system.exe system32.exe systems.com systems.exe t82e2v.cmd TAE7ESLP.exe taipingtianguov1.1.exe takice.lib tel.xls.exe temp.bat temp.exe temp.temp temp1.exe temp2.exe test.exe testfile.bat testflo.bat tfk8.exe The_Cars.vbs THe Girls tknapl.exe tknn6.bat tmf3w3g0.com TMMDW8LP.exe Toy.exe tusoha.exe tyktjfww.exe u18vxqle.com u6k.cmd u9dyi.exe udnnnvq.exe UFO.exe ufuaugwq.exe uis.com uis.exe um.cmd un9.cmd unahafiwik.exe UnplugDrive.exe uorys.cmd update.exe uqhqx1.cmd usdeiect.com userinit.exe utdetect.com uxdeiect.com u?de?ect.com v2h3.exe v3pif.bat VB6FR.DLL vb@dock.vbs vfpkkbq.exe vksucydrh.exe vl@dock.vbs vmhr.bat vmyphd.bat vva0hc0p.cmd vxl.exe w0o.com w0owgn.bat w32sys.exe w3dn9f.bat waziqepehi.ban wa6.vbs Wallpaper.vbs WallpaperMEHDI.vbs wfhth.exe whi.com WillPolo.vbs WINDOWS.EXE Windows.scr winfile.exe winglogon.exe winrun.vbs winstall.exe wjlfhtfm.cmd wol.exe wsctf.exe wtbcccq.exe x0.cmd XAdeIect.com xcopy.exe xfoolavp.com xih9.cmd xj.bat xk2n.bat xlk9.com xlu8a8sy.exe xmnm2.cmd xn1i9x.com xnynrnh.exe xo8wr9.exe xp19.com xpbkh.com xqf.com xvlyb.exe xyhav.pif y82td3td.com ybj8df.exe yew.bat yg.cmd yjilu.inf ylacupyb.dl ylr.exe yjkjfuo.cmd yjvmtaa.exe ynfs9ks.cmd yssjnngm.cmd yvmkdwn.exe zPharaoh.exe 0.cmd 1.cmd 2.cmd 3.cmd 4.cmd 5.cmd 6.cmd 7.cmd 8.cmd 9.cmd 0.bat 1.bat 2.bat 3.bat 4.bat 5.bat 6.bat 7.bat 8.bat 9.bat 0.exe 1.exe 2.exe 3.exe 4.exe 5.exe 6.exe 7.exe 8.exe 9.exe 0.com 1.com 2.com 3.com 4.com 5.com 6.com 7.com 8.com 9.com 0.vbs 1.vbs 2.vbs 3.vbs 4.vbs 5.vbs 6.vbs 7.vbs 8.vbs 9.vbs a.com b.com c.com d.com e.com f.com g.com h.com i.com j.com k.com l.com m.com n.com o.com p.com q.com r.com s.com t.com u.com v.com w.com x.com y.com z.com a.bat b.bat c.bat d.bat e.bat f.bat g.bat h.bat i.bat j.bat k.bat l.bat m.bat n.bat o.bat p.bat q.bat r.bat s.bat t.bat u.bat v.bat w.bat x.bat y.bat z.bat a.cmd b.cmd c.cmd d.cmd e.cmd f.cmd g.cmd h.cmd i.cmd j.cmd k.cmd l.cmd m.cmd n.cmd o.cmd p.cmd q.cmd r.cmd s.cmd t.cmd u.cmd v.cmd w.cmd x.cmd y.cmd z.cmd a.exe b.exe c.exe d.exe e.exe f.exe g.exe h.exe i.exe j.exe k.exe l.exe m.exe n.exe o.exe p.exe q.exe r.exe s.exe t.exe u.exe v.exe w.exe x.exe y.exe z.exe a.vbs b.vbs c.vbs d.vbs e.vbs f.vbs g.vbs h.vbs i.vbs j.vbs k.vbs l.vbs m.vbs n.vbs o.vbs p.vbs q.vbs r.vbs s.vbs t.vbs u.vbs v.vbs w.vbs x.vbs y.vbs z.vbs *.dll.vbs >>Dossiers : AutoRun autorun.inf fsc.tmp RecInfo Recycled\Recycled Recycler\Recycler resycled runaut~1 sdlflzoip >>>>>>"Registry"<<<<<<<<< [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Window Title"=- "Start Page"=- "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN] "Start Page"="https://www.msn.com/fr-fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "fucker"=- "SysDir"=- "ms32dll"=- "cftmonn"=- "Lany"=- "Zip"=- "RavAV"=- "cmd32"=- "Install.exe"=- "FIXEDFON.FON"=- "MS-RAD0"=- "MS-RAD1"=- "MS-RAD2"=- "MS-RAD3"=- "MS-RAD4"=- "MS-RAD5"=- "MS-RAD6"=- "MS-RAD7"=- "MS-RAD8"=- "MS-RAD9"=- "MS-RADA"=- "MS-RADB"=- "MS-RADC"=- "MS-RADD"=- "MS-RADE"=- "MS-RADF"=- "MS-RADG"=- "MS-RADH"=- "MS-RADI"=- "MS-RADJ"=- "MS-RADK"=- "MS-RADL"=- "MS-RADM"=- "MS-RADN"=- "MS-RADO"=- "MS-RADP"=- "MS-RADQ"=- "MS-RADR"=- "MS-RADS"=- "MS-RADT"=- "MS-RADU"=- "MS-RADV"=- "MS-RADW"=- "MS-RADX"=- "MS-RADY"=- "MS-RADZ"=- " "=- "winrun.dll"=- "loader.exe"=- "recinfo49"=- "System"=- "System Updater Machine"=- "SpiderH"=- "winudp64.exe"=- "System12"=- "System64"=- "IMJPMIG8.2"=- "CARPService"=- "039.tmp"=- "userd"=- "nar"=- "MSKernel32"=- "WillPolo"=- "MyMP3"=- "FS6519"=- "Windows\SysRes.vbs"=- "SysRes"=- "Raila Odinga"=- "reginit"=- "lnternet Update"=- "GMOGLFEO"=- "WintelUpdate"=- "Pubnet"=- "antihost"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "System Updater Machine"=- "Win32DLL"=- "lnternet Update"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] " "=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "kamsoft"=- "amva"=- "kava"=- "tava"=- "avpa"=- "internet_explorer"=- "anti-virus 2007"=- "Mp3 player"=- "kxvo"=- "EXPLORER.EXE"=- "wsctf.exe"=- "loader.exe"=- "jvvo"=- "taso"=- "Avg_AntiHost"=- "jvsoft"=- "tasoft"=- "SpiderH"=- "MsServer"=- "MSFox"=- "msn"=- "????r"=- "Windows Update"=- "Microsoft Debug Manager"=- "protect_autorun"=- "Le Petit Robert Hyperappel"=- "firewall 2008"=- " "=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] " "=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "test"=- "Msn"=- "MsnHost"=- "MsnLoad"=- "MsnConvert"=- "MsnMessendger"=- "sys"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultUserName"=- "LegalNoticeCaption"=- "LegalNoticeText"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\NoChangingWallPaper] ------------------------------------------------------------------------------------------------------------- Mises a jours du 5 decembre 2008 >>>>>>in "All Drives"<<<<<<<<< 6xdgw26.com 6xig.com 8386nac.com 8e.com 8u.com 8uot.exe arun.exe asneg.com bpu.exe br1e.com cdwfql2v.com ceqfqp.bat cm0.com d1y36.com dh66ln.cmd dpu1.exe dyr2j6mv.exe ermvu8.cmd fblfnthuh.exe fn20.exe fufb6tq3.cmd g2o1n.exe gx.com h3hi1k3.exe i8.com ivcvknr.bat jv.exe kernel32.dll.vbs kg2v.com klp8j6i.com ktnquo.exe l1.cmd lp3c.bat m0g8sqx.cmd m6dqm2vd.exe m8wafly.com m9as2c.cmd MicrosoftPowerPoint.exe MSd30D.vbs msnmsgr_plus.exe ncyrf.bat ntdeIect.com ntnq.exe ntphyy.com NTsys.exe o6pq1n8.com okhr.exe ous.exe ox.cmd p1f6b.exe program.exe qeoc6sj.exe qwultj1.bat rcukd.cmd rdsfk.com rjx0.exe rqb0v2ot.bat scene.exe Server082.exe tigi.cmd uh31.exe uwlmj.com uxkktr.cmd vd91t29.exe w2qagd.com welcome.exe WindowsXP.exe winsys3.exe ypjq1.cmd .MGT_reg32.dll.vbs achitasin.dll.vbs autoupdate.dll.vbs bat32.txt happy.vbs ie.vbs killgodzilla.vbs maskrider.dll.vbs maskrider2001.vbs msiexec.dll.vbs MsUpdate.sys.vbs nohack.vbs RUNDLL64.dll.vbs setup.dll.vbs VBRuntime32.dll.vbs viva.dll.vbs Win32.dll.vbs winconfig.dll.vbs xepet.html xepet.txt >>>>>>in "Windows"<<<<<<<<< .MGT_reg32.dll.vbs achitasin.dll.vbs autoupdate.dll.vbs bat32.txt boot.ini happy.vbs ie.vbs killgodzilla.vbs maskrider.dll.vbs maskrider2001.vbs msiexec.dll.vbs MsUpdate.sys.vbs nohack.vbs RUNDLL64.dll.vbs setup.dll.vbs VBRuntime32.dll.vbs viva.dll.vbs Win32.dll.vbs winconfig.dll.vbs xepet.html xepet.txt >>>>>>in "Windows\system32"<<<<<<<<< kdyul.exe gasretyw0.dll gasretyw1.dll gasretyw2.dll gasretyw3.dll DC4491.DLL >>>>>>"Registry"<<<<<<<<< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Winboot"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UC"=- "r4n694-24y"=- "kernel32"=- "MSConfigs"=- "Microsoft"=- "MGT_reg"=- "Winboot"=- "Winamp"=- "Macromedia"=- "WINFIX"=- "winconfig"=- "Achitasin"=- "mcafee"=- "wscript32dll"=- "Batch32"=- "maskrider"=- "autoupdate"=- "KILLMS32DLL"=- "WinExpress"=- "WinDebugger"=- "C:\WINDOWS\system32\kdyul.exe"=- mises a jours du 6 Décembre 2008 >>>>>>in "All Drives"<<<<<<<<< lgrncie.bat info.bat iqosrtk.bat 0oyl662q.cmd eb.bat New Folder.exe Setup_ver1.1779.2.exe Setup_ver*.exe >>>>>>in "Windows"<<<<<<<<< SSVICHOSST.exe >>>>>>in "Windows\system32"<<<<<<<<< SSVICHOSST.exe kdxkt.exe kdjay.exe kdwzh.exe msiconf.exe >>>>>>"Registry"<<<<<<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] "MsUpdate"=- "C:\WINDOWS\system32\kdxkt.exe"=- "C:\WINDOWS\system32\kdjay.exe"=- "C:\WINDOWS\system32\kdwzh.exe"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion un] "msiexec.exe"=- "Yahoo Messengger"=- mises a jours du 11 Décembre 2008 >>>>>>in "All Drives"<<<<<<<<< Secret.exe hupxj.bat fphj6j31.bat shell.exe Installer.exe fvbk.exe snaoc9i.exe bt8vuaw.com wjlc.exe 6fnlpetp.exe g8rruyw.exe o1.com yannh.cmd 1t6yxlxx.cmd 2h60k.cmd 3rl3lqbq.bat ewatr.cmd Maradona.exe iw.bat m2nl.bat ov.cmd pnt.com t1ypkh.exe grgarevn.inf microsvn.inf refsanvn.inf Zidan vs Tito.exe desktop.exe omsirutnarg.exe Alisa.exe blazzers.exe burimi.exe nfd.exe repppp.exe wax.exe wny.exe msv2008.exe GETBOOTD.BAT tbm9.bat 08dgu.com >>>>>>in "Windows\system32"<<<<<<<<< vamsoft.exe vbsdfe0.dll vbsdfe1.dll vbsdfe2.dll vbsdfe3.dll syx.exe >>>>>>"Registry"<<<<<<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] "Host Process for Windows Services"=- "Advanced DHTML Enable"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion unServices] "Host Process for Windows Services"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion un] "Runonce"=- "vamsoft"=-

Lyonnais92 · Answer

Re,

ce n'est pas le rapport.

Cherches c:\UsbFix.txt, ouvre le avec le Bloc-Notes et post son contenu.

cynthiaak · Answer

c ce ke javais fait. j'ai recherché usbfix.txt et ca trouve ca changelog usbfix. C'est tout ce ke j'ai....

Lyonnais92 · Answer

Re,

je pense que tu as installé USBFix mais que tu ne l'as pas exécuté (en cliquant sur l'icône sur le Bureau).

N'oublie pas de connecter tes supports amovibles.

Tu choisiras Nettoyer et non Vacciner.

cynthiaak · Answer

Je sais pas si ca a marché parce ke ca me demande de mettre un cd ds le lecteur.... donc jai du annuler...
voila le rapport
-------------- UsbFix V2.413.4 ---------------

* User : Compaq_Propri‚taire - NOM-EB85C523610
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:02:48 le 16/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11 
  
  
--------------- [ Processus actifs ] ----------------   
  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
c:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
  
--------------- [ Informations lecteurs ] ----------------   
  
C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

J: - Lecteur fixe

 
+- Contenu de l'autorun : E:\autorun.inf  

[autorun]
 open=SWSETUP\APPINSTL\setup.exe
 icon=SWSETUP\APPINSTL\setup.exe,0

Lyonnais92 · Answer

Re,

mets un CD dans le lecteur (pas un réinscriptible).

Et refais tourner USBFix.

Virus trojan et virtumonde

27 réponses

Discussions similaires

Newsletters