Pub sur internetFermé

Question

Bonjour, 
J' ai un gros problème.
Quand je suis sur mon ordinateur (jeu, devoir, ... et même quand il tourne tout seul) il y a des pub qui s' ouvre.
J' ai lu que ça pouvais être un "CID" (c' est quoi?)
J' avais Erezo mais je l' ais désinstaller

Enfin vous voyez le problème.

Merci d' avance.
Dark

Configuration: Windows XP / Firefox 3.6.16

Darkvadortb · Answer

L' historique du la page pub c' est ADS.PHP

Utilisateur anonyme · Answer

Re,

* Télécharge de AD-Remover sur ton Bureau. 
http://www.teamxscript.org/adremoverTelechargement.html 

/!\ Ferme toutes applications en cours /!\ 

- Double-clique sur l'icône Ad-remover située sur ton Bureau. 
- Sur la page, clique sur le bouton « chercher » 
- Confirme lancement du scan 
- Laisse travailler l'outil. 
- Poste le rapport qui apparaît à la fin. 

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt) 

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

@+

Darkvadortb · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 14:47:14 le 26/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 2 (X86) 
thibaut 2_2@YOUR-09B1565C2E ( ) 
 
============== RECHERCHE ==============

Service: "sdmBackupIP" Présent 

Dossier trouvé: C:\Program Files\Installer
Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp
Fichier trouvé: C:\WINDOWS\system32\Utils.dll
Dossier trouvé: C:\WINDOWS\BackupIP
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\conduit
Fichier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\searchplugins\conduit.xml
Fichier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\searchplugins\web-search.xml
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Local Settings\Application Data\Conduit
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\CrazyLoader
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\PriceGong
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\Toolbar4
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Local Settings\Application Data
etworker
Dossier trouvé: C:\Documents and Settings	hibaut 2_2\Application Data\OfferBox

-- Fichier ouvert: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&Sea... 
Ligne trouvée: user_pref("extensions.vshare@toolbar.update.enabled", false); 
Ligne trouvée: user_pref("vshare.install.date", "1301097600000"); 
Ligne trouvée: user_pref("vshare.install.dumpFileCount", 0); 
Ligne trouvée: user_pref("vshare.install.dumpFileDisabled", false); 
Ligne trouvée: user_pref("vshare.install.finished", "1.0.0"); 
Ligne trouvée: user_pref("vshare.install.guid", "{d96f75b9-e4b4-40f8-a43a-53432b40568f}"); 
Ligne trouvée: user_pref("vshare.install.isDisabled", false); 
Ligne trouvée: user_pref("vshare.install.istoolbarhp", true); 
Ligne trouvée: user_pref("vshare.install.istoolbarsearch", true); 
Ligne trouvée: user_pref("vshare.install.laststatreq", "1301184000000"); 
Ligne trouvée: user_pref("vshare.install.newtab", true); 
Ligne trouvée: user_pref("vshare.install.overlayVersion", 1); 
Ligne trouvée: user_pref("vshare.install.userHPSettings", "hxxp://hpp.orange.fr/"); 
Ligne trouvée: user_pref("vshare.install.userSPSettings", ""); 
-- Fichier Fermé --
 

Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2095689
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2612669
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\Install Pedia Limited
Clé trouvée: HKLM\Software\OfferBox
Clé trouvée: HKCU\Software\freeCompressor
Clé trouvée: HKCU\Software\PriceGong
Clé trouvée: HKCU\Software\Spointer
Clé trouvée: HKCU\Software\AppDataLow\HavingFunOnline
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FLV Direct Player
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hotbar
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|installer
Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0 (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF} (Plugin Orange Installeur)

-- C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default --
Extensions\menu_contextuel_orange@orange.fr (Menu Contextuel Orange)
Extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} (Softonic_France Toolbar)
Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms} /)
Searchplugins\orange.xml (?)
Searchplugins\Search.xml (?)
Searchplugins\web-search.xml (?)
Prefs.js - browser.download.lastDir, C:\Documents and Settings\thibaut 2_2\Bureau\Thibaut.Boyer
Prefs.js - browser.search.defaultenginename, Web Search...
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}
Prefs.js - browser.startup.homepage, 
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9c5cb48b0000000000000010dccb0e5e&tlver=1.4.19.19&instlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Main|SearchMigratedDefaultURL - hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outp...
HKCU_Main|Search bar - hxxp://www.google.com/ie
HKCU_Main|Search Page - hxxp://www.google.com
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search bar - hxxp://www.google.com/ie
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)
HKCU_Toolbar\WebBrowser|{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} (x)
HKLM_Toolbar|{c9a6357b-25cc-4bcf-96c1-78736985d412} (mscoree.dll) (x)
HKLM_ElevationPolicy\926b0584-ac09-4046-aa8e-131f5c452a26 - C:\Program Files\Eazel-FR\Eazel-FRToolbarHelper.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (x)
HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\HyperCam Toolbar\TbHelper2.exe (x)
HKLM_Extensions\{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - "Packard Bell" (C:\Apps\IECustom\Face_IE.ico)
HKLM_Extensions\{2223664C-1942-4276-9A2D-E8D8F547C5D2} - "Suggestions" (C:\Program Files\Surfairy\win32sf32.ico)
HKLM_Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - "?" (?)
HKLM_Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949} - "Run IMVU" (C:\Documents and Settings	hibaut 2_2\Application Data\IMVUClient\imvu.ico)
HKLM_Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - "MoneySide" (C:\Program Files\Microsoft Money\System\mnyviewer.dll,209)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} - "Yahoo! Companion BHO" (C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx)
BHO\{1d970ed5-3eda-438d-bffd-715931e2775b} - "ToolbarOrange.InitToolbarBHO" (mscoree.dll) (x)
BHO\{465E08E7-F005-4389-980F-1D8764B3486C} (?)
BHO\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - "SurfairyBHO Class" (C:\Program Files\Surfairy\SurfairyHlp.dll)
BHO\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - "?" (C:\Program Files\Microsoft Money\System\mnyviewer.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 26/04/2011 14:47:54 (5790 Octet(s)) 

Fin à: 14:49:00, 26/04/2011 
 
============== E.O.F ==============

Utilisateur anonyme · Answer

1/

/!\ Ferme toutes applications en cours /!\

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour c

2/
Nous allons effectuer un diagnostic de ton PC: 
*Télécharge ZHPDiag sur ton bureau : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 
ou : 
http://www.premiumorange.com/zeb-help-process/zhpdiag.html 

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag" 

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur » 

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic ») 
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette 
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : 
http://pjjoint.malekal.com/ 

Si indisponible: 
http://www.cijoint.fr/ 

* Tuto zhpdiag : 
http://www.premiumorange.com/zeb-help-process/zhpdiag.html 


Hébergement de rapport sur pjjoint.malekal.com 

* Rends toi sur http://pjjoint.malekal.com/ 
* Clique sur le bouton Parcourir 
* Sélectionne le fichier que tu veux heberger et clique sur Ouvrir 
*Clique sur le bouton Envoyer 
* Un message de confirmation s'affiche, copie le lien dans ta prochaine réponse.

Darkvadortb · Answer

Searchplugins\orange.xml (?)
Searchplugins\Search.xml (?)
Prefs.js - browser.download.lastDir, C:\Documents and Settings\thibaut 2_2\Bureau\Thibaut.Boyer
Prefs.js - browser.search.defaultenginename, Web Search...
Prefs.js - browser.startup.homepage, 
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9c5cb48b0000000000000010dccb0e5e&tlver=1.4.19.19&instlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)
HKCU_Toolbar\WebBrowser|{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} (x)
HKLM_Toolbar|{c9a6357b-25cc-4bcf-96c1-78736985d412} (mscoree.dll) (x)
HKLM_ElevationPolicy\926b0584-ac09-4046-aa8e-131f5c452a26 - C:\Program Files\Eazel-FR\Eazel-FRToolbarHelper.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (x)
HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\HyperCam Toolbar\TbHelper2.exe (x)
HKLM_Extensions\{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - "Packard Bell" (C:\Apps\IECustom\Face_IE.ico)
HKLM_Extensions\{2223664C-1942-4276-9A2D-E8D8F547C5D2} - "Suggestions" (C:\Program Files\Surfairy\win32sf32.ico)
HKLM_Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - "?" (?)
HKLM_Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949} - "Run IMVU" (C:\Documents and Settings	hibaut 2_2\Application Data\IMVUClient\imvu.ico)
HKLM_Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - "MoneySide" (C:\Program Files\Microsoft Money\System\mnyviewer.dll,209)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} - "Yahoo! Companion BHO" (C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx)
BHO\{1d970ed5-3eda-438d-bffd-715931e2775b} - "ToolbarOrange.InitToolbarBHO" (mscoree.dll) (x)
BHO\{465E08E7-F005-4389-980F-1D8764B3486C} (?)
BHO\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - "SurfairyBHO Class" (C:\Program Files\Surfairy\SurfairyHlp.dll)
BHO\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - "?" (C:\Program Files\Microsoft Money\System\mnyviewer.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 50 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 26/04/2011 15:21:10 (8323 Octet(s)) 
C:\Ad-Report-CLEAN[2].txt - 26/04/2011 15:28:17 (1746 Octet(s)) 
C:\Ad-Report-SCAN[1].txt - 26/04/2011 14:47:54 (8413 Octet(s)) 

Fin à: 15:30:47, 26/04/2011 
 
============== E.O.F ==============

Utilisateur anonyme · Answer

1/
Ton rapport d'ad-remover n'est pas complet.Stp copies le continu du rapport dans C:\Ad-report (clean).Txt et colle le ici

2/
Pour ZHPDiag :

Clique sur le lien que je t'ai donné puis sur téléchager, ensuite suis les procedures indiquées ci-dessus

Darkvadortb · Answer

https://pjjoint.malekal.com/files.php?id=558d8133e071214

Darkvadortb · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 15:21:07 le 26/04/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 2 (X86) 
thibaut 2_2@YOUR-09B1565C2E ( ) 
 
============== ACTION(S) ==============

Service: "sdmBackupIP" Stoppé et supprimé 

Dossier supprimé: C:\Program Files\Installer
Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
Fichier supprimé: C:\WINDOWS\system32\Utils.dll
Dossier supprimé: C:\WINDOWS\BackupIP
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\conduit
Fichier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\searchplugins\conduit.xml
Fichier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\searchplugins\web-search.xml
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\CrazyLoader
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\PriceGong
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\Toolbar4
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Local Settings\Application Data
etworker
Dossier supprimé: C:\Documents and Settings	hibaut 2_2\Application Data\OfferBox

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default\Prefs.js --
Ligne supprimée: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&Sea... 
Ligne supprimée: user_pref("extensions.vshare@toolbar.update.enabled", false); 
Ligne supprimée: user_pref("vshare.install.date", "1301097600000"); 
Ligne supprimée: user_pref("vshare.install.dumpFileCount", 0); 
Ligne supprimée: user_pref("vshare.install.dumpFileDisabled", false); 
Ligne supprimée: user_pref("vshare.install.finished", "1.0.0"); 
Ligne supprimée: user_pref("vshare.install.guid", "{d96f75b9-e4b4-40f8-a43a-53432b40568f}"); 
Ligne supprimée: user_pref("vshare.install.isDisabled", false); 
Ligne supprimée: user_pref("vshare.install.istoolbarhp", true); 
Ligne supprimée: user_pref("vshare.install.istoolbarsearch", true); 
Ligne supprimée: user_pref("vshare.install.laststatreq", "1301184000000"); 
Ligne supprimée: user_pref("vshare.install.newtab", true); 
Ligne supprimée: user_pref("vshare.install.overlayVersion", 1); 
Ligne supprimée: user_pref("vshare.install.userHPSettings", "hxxp://hpp.orange.fr/"); 
Ligne supprimée: user_pref("vshare.install.userSPSettings", ""); 
-- Fichier Fermé --
 

Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2095689
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2612669
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\Install Pedia Limited
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKCU\Software\freeCompressor
Clé supprimée: HKCU\Software\PriceGong
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKCU\Software\AppDataLow\HavingFunOnline
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CrazyLoader
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FLV Direct Player
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hotbar
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|installer
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Softwarehelper


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.16 (fr)] ****

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0 (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF} (Plugin Orange Installeur)

-- C:\Documents and Settings	hibaut 2_2\Application Data\Mozilla\FireFox\Profiles\plp4tn91.default --
Extensions\menu_contextuel_orange@orange.fr (Menu Contextuel Orange)
Extensions\{364d4e0c-543f-4b85-abe3-19551139da4f} (Softonic_France Toolbar)
Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey)
Searchplugins\orange.xml (?)
Searchplugins\Search.xml (?)
Prefs.js - browser.download.lastDir, C:\Documents and Settings\thibaut 2_2\Bureau\Thibaut.Boyer
Prefs.js - browser.search.defaultenginename, Web Search...
Prefs.js - browser.startup.homepage, 
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=9c5cb48b0000000000000010dccb0e5e&tlver=1.4.19.19&instlRef=ss...

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)
HKCU_Toolbar\WebBrowser|{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} (x)
HKLM_Toolbar|{c9a6357b-25cc-4bcf-96c1-78736985d412} (mscoree.dll) (x)
HKLM_ElevationPolicy\926b0584-ac09-4046-aa8e-131f5c452a26 - C:\Program Files\Eazel-FR\Eazel-FRToolbarHelper.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (x)
HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files\HyperCam Toolbar\TbHelper2.exe (x)
HKLM_Extensions\{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - "Packard Bell" (C:\Apps\IECustom\Face_IE.ico)
HKLM_Extensions\{2223664C-1942-4276-9A2D-E8D8F547C5D2} - "Suggestions" (C:\Program Files\Surfairy\win32sf32.ico)
HKLM_Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - "?" (?)
HKLM_Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949} - "Run IMVU" (C:\Documents and Settings	hibaut 2_2\Application Data\IMVUClient\imvu.ico)
HKLM_Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - "MoneySide" (C:\Program Files\Microsoft Money\System\mnyviewer.dll,209)
BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} - "Yahoo! Companion BHO" (C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx)
BHO\{1d970ed5-3eda-438d-bffd-715931e2775b} - "ToolbarOrange.InitToolbarBHO" (mscoree.dll) (x)
BHO\{465E08E7-F005-4389-980F-1D8764B3486C} (?)
BHO\{BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} - "SurfairyBHO Class" (C:\Program Files\Surfairy\SurfairyHlp.dll)
BHO\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - "?" (C:\Program Files\Microsoft Money\System\mnyviewer.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 50 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 26/04/2011 15:21:10 (2956 Octet(s)) 
C:\Ad-Report-SCAN[1].txt - 26/04/2011 14:47:54 (8413 Octet(s)) 

Fin à: 15:23:52, 26/04/2011 
 
============== E.O.F ==============

Utilisateur anonyme · Answer

Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C ) 

[MD5.5B68D4E25382EA00BAFDCCD43E9531B2] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe   [106496]     
O2 - BHO: SurfairyBHO Class - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} . (.Divago Inc. & Komero Technologies Int. - SurfairyHlp Module.) -- C:\Program Files\Surfairy\SurfairyHlp.dll     
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) --  (.not file.)     
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe     
O9 - Extra button: Packard Bell - {2223664C-1942-4276-9A2D-E8D8F547C5D2} . (...) -- C:\Program Files\Surfairy\win32sfh.ico     
O9 - Extra button: Packard Bell - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (...) -- C:\Program Files\Surfairy\win32sfh.ico     
[HKCU\Software\Surfairy]     
[HKLM\Software\CrazyLoader]     
O43 - CFD: 12/09/2010 - 13:54:16 - [0] ----D- C:\Program Files\FreeCompressor     
O43 - CFD: 20/11/2002 - 14:28:18 - [192507] ----D- C:\Program Files\Surfairy     
O43 - CFD: 25/04/2011 - 13:42:58 - [142264] ----D- C:\Documents and Settings	hibaut 2_2\Local Settings\Application Data\freecompressor Air     
O47 - AAKE:Key Export SP - "C:\Program Files\CrazyLoader\crazyloader.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)     

FirewallRAZ
EmptyTemp
EmptyFlash



Puis Lance ZHPFix depuis le raccourci du bureau . 

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) . 

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent . 

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre. 

Clique sur le bouton  GO 

Copie/Colle le rapport à l'écran dans ton prochain message.

2/
* Telecharge et install UsbFix par El Desaparecido , C_XX & Chimay8 

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 

- Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris 

:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera 

automatiquement 

-Clique sur "Recherche" 

- Laisse travailler l'outil 

- A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse
 (il est aussi sauvegardé a la racine du disque dur)

Darkvadortb · Answer

Rapport de ZHPFix 1.12.3278 par Nicolas Coolman, Update du 21/04/2011
Fichier d'export Registre : C:\ZHPExportRegistry-26-04-2011-16-25-16.txt
Run by thibaut 2_2 at 26/04/2011 16:25:16
Windows XP Home Edition Service Pack 2 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Clé(s) du Registre ==========
O2 - BHO: SurfairyBHO Class - {BB9AAAF3-4F8D-48B5-A565-FF3E58433DC2} . (.Divago Inc. & Komero Technologies Int. - SurfairyHlp Module.) -- C:\Program Files\Surfairy\SurfairyHlp.dll  => Clé supprimée avec succès
O9 - Extra button: Packard Bell - {2223664C-1942-4276-9A2D-E8D8F547C5D2} . (...) -- C:\Program Files\Surfairy\win32sfh.ico  => Clé supprimée avec succès
O9 - Extra button: Packard Bell - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (...) -- C:\Program Files\Surfairy\win32sfh.ico  => Clé supprimée avec succès
HKCU\Software\Surfairy  => Clé supprimée avec succès
HKLM\Software\CrazyLoader  => Clé supprimée avec succès

========== Valeur(s) du Registre ==========
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (.Pas de propriétaire - Pas de description.) -- (.not file.)  => Valeur absente
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe  => Valeur supprimée avec succès
O47 - AAKE:Key Export SP - "C:\Program Files\CrazyLoader\crazyloader.exe" [Enabled] .(.) -- C:\Program Files\CrazyLoader\crazyloader.exe (.not file.)  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings	hibaut 2_2\Application Data\IMVUClient\1VivoxVoice.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings	hibaut 2_2\Local Settings\Temp\RarSFX3\hl.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Steam\Steam.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings	hibaut 2_2\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Documents and Settings	hibaut 2_2\Bureau\Counter\hl.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\gamigo\heroes in the sky\HIS.exe  => Valeur supprimée avec succès
FirewallRaz (SP) : C:\Program Files\Counter-Strike 2D\CounterStrike2D.exe  => Valeur supprimée avec succès
FirewallRaz : Aucune valeur présente dans la clé d'exception du registre

========== Dossier(s) ==========
Dossiers Flash Cookies supprimés : 1277

========== Fichier(s) ==========
Fichiers Flash Cookies supprimés : 759


========== Récapitulatif ==========
5 : Clé(s) du Registre
14 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)


End of the scan

Darkvadortb · Answer

############################## | UsbFix 7.044 | [Recherche]

Utilisateur: thibaut 2_2 (Administrateur) # YOUR-09B1565C2E [ ]
Mis à jour le 25/04/2011 par TeamXscript
Lancé à 16:27:14 | 26/04/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: AMD Athlon(tm) XP 2000+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
RAM -> 1023 Mo 
C:\ (%systemdrive%) -> Disque fixe # 54 Go (12 Go libre(s) - 21%) [HDD] # NTFS
Q:\ -> CD-ROM
R:\ -> CD-ROM

################## | Éléments infectieux |


Présent! C:\autorun.inf
Présent! C:\ws.exe
Présent! Q:\Autorun.inf

################## | Registre |

Présent! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{10a8fa24-1ab6-11dd-946c-0010dccb0e5e}
Shell\AutoRun\Command = F:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{10a8fa25-1ab6-11dd-946c-0010dccb0e5e}
Shell\AutoRun\Command = G:\9d6resf.exe
Shell\open\Command = G:\9d6resf.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{3d9b7776-2306-11d7-8c3f-806d6172696f}
Shell\AutoRun\Command = 12gn6id2.exe
Shell\open\Command = 12gn6id2.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{3d9b7777-2306-11d7-8c3f-806d6172696f}
Shell\AutoRun\Command = Q:\EAWXLauncher.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{56709b9e-598f-11dd-9545-0010dccb0e5e}
Shell\AutoRun\Command = D:\ws.exe
Shell\open\Command = D:\ws.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{6eab738a-c232-11dd-9796-0010dccb0e5e}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{737f5b88-6314-11dd-959a-0010dccb0e5e}
Shell\AutoRun\Command = D:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{737f5b89-6314-11dd-959a-0010dccb0e5e}
Shell\AutoRun\Command = E:\w9.exe
Shell\open\Command = E:\w9.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{aa03374a-77c8-11df-9cfc-0010dccb0e5e}
Shell\AutoRun\Command = D:\wyskq6lt.exe
Shell\open\Command = D:\wyskq6lt.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{eb126e5e-a047-11dd-96f0-0010dccb0e5e}
Shell\AutoRun\Command = D:\wyskq6lt.exe
Shell\open\Command = D:\wyskq6lt.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{f0790ade-bd3e-11dc-93bc-0010dccb0e5e}
Shell\AutoRun\Command = D:\r3fhr.exe
Shell\open\Command = D:\r3fhr.exe


################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par Panda USB Vaccine
Q:\Autorun.inf -> Vaccin créé par Panda USB Vaccine

################## | E.O.F |

Utilisateur anonyme · Answer

1/
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

- Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris

:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera

automatiquement

-Clique sur "Suppression"

- Laisse travailler l'outil

- A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse
(il est aussi sauvegardé a la racine du disque dur)

2/
*Télécharges Malwarebytes' (mbam) 

ICI >> Malwarebytes' (mbam) 

* installes + mise a jour 
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir 
* Lances--> Malwarebytes (MBAM) 
* Puis vas dans l'onglet "Recherche", coche >>Exécuter un examen complet 
* puis "Rechercher" 
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen" 
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport 
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection 
* S'il t' es demandé de redémarrer, clique sur "oui " 
* aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici 
!!! Ne pas vider la quarantaine de MBAM sans avis !!!

Darkvadortb · Answer

############################## | UsbFix 7.044 | [Suppression]

Utilisateur: thibaut 2_2 (Administrateur) # YOUR-09B1565C2E [ ]
Mis à jour le 25/04/2011 par TeamXscript
Lancé à 16:52:14 | 26/04/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: AMD Athlon(tm) XP 2000+
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
RAM -> 1023 Mo 
C:\ (%systemdrive%) -> Disque fixe # 54 Go (12 Go libre(s) - 21%) [HDD] # NTFS
Q:\ -> CD-ROM
R:\ -> CD-ROM

################## | Éléments infectieux |


Supprimé! C:\Recycler\S-1-5-21-2699939882-1774555873-248915221-1007
Supprimé! C:\Recycler\S-1-5-21-2699939882-1774555873-248915221-1008
Supprimé! C:\Recycler\S-1-5-21-2699939882-1774555873-248915221-1012
Supprimé! C:\Recycler\S-1-5-21-2699939882-1774555873-248915221-501
Supprimé! C:\autorun.inf
Supprimé! C:\ws.exe
Non supprimé ! Q:\Autorun.inf

################## | Registre |

Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{10a8fa24-1ab6-11dd-946c-0010dccb0e5e}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{3d9b7776-2306-11d7-8c3f-806d6172696f}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{56709b9e-598f-11dd-9545-0010dccb0e5e}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{6eab738a-c232-11dd-9796-0010dccb0e5e}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{737f5b89-6314-11dd-959a-0010dccb0e5e}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{aa03374a-77c8-11df-9cfc-0010dccb0e5e}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{eb126e5e-a047-11dd-96f0-0010dccb0e5e}

################## | Listing |

[30/06/2009 - 20:56:46 | D ] 	C:\.jagex_cache_32
[03/10/2004 - 14:58:44 | D ] 	C:\ACTIVDOC
[26/04/2011 - 15:23:52 | N | 8323] 	C:\Ad-Report-CLEAN[1].txt
[26/04/2011 - 15:30:48 | N | 4558] 	C:\Ad-Report-CLEAN[2].txt
[26/04/2011 - 14:49:00 | N | 8413] 	C:\Ad-Report-SCAN[1].txt
[05/07/2009 - 12:35:32 | N | 0] 	C:\AILog.txt
[14/07/2003 - 18:52:08 | D ] 	C:\APPS
[09/03/2011 - 20:56:53 | D ] 	C:\Avenger
[20/11/2002 - 14:19:50 | N | 198] 	C:\BOOT.BAK
[08/07/2009 - 10:45:35 | RASH | 296] 	C:\BOOT.INI
[28/08/2001 - 13:00:00 | N | 4952] 	C:\Bootfont.bin
[20/11/2002 - 14:37:51 | D ] 	C:\cmdcons
[28/08/2001 - 13:00:00 | N | 239920] 	C:\cmldr
[16/01/2003 - 18:35:22 | D ] 	C:\C_DILLA
[20/11/2002 - 15:12:18 | D ] 	C:\DIVTOOLS
[03/07/2009 - 16:40:14 | D ] 	C:\Documents and Settings
[24/07/2010 - 20:28:30 | D ] 	C:\Downloads
[14/07/2003 - 18:57:30 | D ] 	C:\DRIVERS
[20/11/2002 - 15:15:46 | N | 3841] 	C:\DWNLOG.TXT
[26/12/2007 - 10:49:41 | N | 25042] 	C:\error.log
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 10134] 	C:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 118] 	C:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17734] 	C:\eula.3082.txt
[22/04/2011 - 22:22:41 | D ] 	C:\Fraps
[28/04/2010 - 17:21:05 | N | 50896] 	C:\GDIPFONTCACHEV1.DAT
[07/11/2007 - 08:00:40 | N | 1110] 	C:\globdata.ini
[01/11/2008 - 16:35:42 | N | 1056] 	C:\hjofao30.sys
[07/11/2007 - 08:03:18 | N | 562688] 	C:\install.exe
[07/11/2007 - 08:00:40 | N | 843] 	C:\install.ini
[07/11/2007 - 08:03:18 | N | 76304] 	C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 96272] 	C:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 91152] 	C:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 97296] 	C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 95248] 	C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 81424] 	C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 79888] 	C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 75792] 	C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 96272] 	C:\install.res.3082.dll
[08/01/2003 - 14:45:25 | N | 0] 	C:\IO.SYS
[14/01/2004 - 14:20:37 | N | 657] 	C:\IPH.PH
[08/01/2003 - 14:45:25 | N | 0] 	C:\MSDOS.SYS
[20/11/2002 - 14:28:06 | D ] 	C:\My Music
[07/07/2009 - 15:50:07 | RASH | 47564] 	C:\NTDETECT.COM
[07/07/2009 - 15:50:07 | N | 251712] 	C:
tldr
[09/07/2009 - 15:24:20 | D ] 	C:\NVIDIA
[26/04/2011 - 15:26:02 | ASH | 1609777152] 	C:\pagefile.sys
[26/04/2011 - 15:53:06 | N | 512] 	C:\PhysicalDisk0_MBR.bin
[20/11/2002 - 15:15:00 | D ] 	C:\PNP
[26/04/2011 - 16:24:04 | D ] 	C:\Program Files
[08/08/2006 - 18:29:27 | D ] 	C:\Programmes
[16/12/2004 - 20:32:55 | N | 129] 	C:\Raccourci vers Disquette 3½ (A).lnk
[26/04/2011 - 16:52:50 | SHD ] 	C:\RECYCLER
[07/01/2008 - 18:59:55 | N | 159] 	C:\Setup.log
[07/03/2011 - 14:45:54 | D ] 	C:\SG Interactive
[12/08/2010 - 20:08:51 | D ] 	C:\Sun
[07/07/2009 - 16:03:50 | SHD ] 	C:\System Volume Information
[20/03/2011 - 22:21:41 | D ] 	C:\Temp
[20/11/2002 - 14:19:28 | D ] 	C:\UC-LOGIC
[26/04/2011 - 16:52:50 | D ] 	C:\UsbFix
[26/04/2011 - 16:53:46 | A | 1246] 	C:\UsbFix.txt
[07/11/2007 - 08:00:40 | N | 5686] 	C:\vcredist.bmp
[07/11/2007 - 08:09:22 | N | 1442522] 	C:\VC_RED.cab
[07/11/2007 - 08:12:28 | N | 232960] 	C:\VC_RED.MSI
[23/04/2010 - 17:45:10 | N | 8657] 	C:\video.pass
[26/04/2011 - 15:21:45 | D ] 	C:\WINDOWS
[07/12/2008 - 17:35:33 | D ] 	C:\WUTemp
[26/04/2011 - 16:25:16 | N | 53206] 	C:\ZHPExportRegistry-26-04-2011-16-25-16.txt
[16/09/2006 - 05:20:00 | R | 57] 	Q:\Autorun.inf
[06/10/2006 - 01:16:01 | RD ] 	Q:\DirectX
[04/08/2006 - 22:58:00 | R | 22706524] 	Q:\EAWUpdate1_5.exe
[04/10/2006 - 08:49:49 | R | 4272128] 	Q:\EAWXLauncher.exe
[04/10/2006 - 08:49:56 | R | 552214] 	Q:\ISSetup.dll
[06/10/2006 - 01:15:58 | RD ] 	Q:\LecSetup
[06/10/2006 - 01:15:57 | RD ] 	Q:\XFire
[17/05/2006 - 20:21:08 | R | 373680] 	Q:\_setup.dll
[04/10/2006 - 08:50:06 | R | 5749981] 	Q:\data1.cab
[04/10/2006 - 08:50:04 | R | 24457] 	Q:\data1.hdr
[04/10/2006 - 08:56:56 | R | 224669696] 	Q:\data2.cab
[04/10/2006 - 09:01:04 | R | 335544320] 	Q:\data3.cab
[04/10/2006 - 09:01:44 | R | 65474889] 	Q:\data4.cab
[04/10/2006 - 09:01:44 | R | 2121] 	Q:\layout.bin
[24/05/2006 - 21:10:42 | R | 455600] 	Q:\setup.exe
[04/10/2006 - 08:49:56 | R | 541] 	Q:\setup.ini
[16/05/2006 - 23:44:50 | R | 31104] 	Q:\setup.isn
[06/10/2006 - 01:15:58 | RD ] 	Q:\setupdir
[04/10/2006 - 23:16:25 | R | 13373440] 	Q:\swfoc.exe

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
Q:\Autorun.inf -> Vaccin créé par Panda USB Vaccine

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_YOUR-09B1565C2E.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |

Darkvadortb · Answer

malwar à bugé je sais pas pouquoi (il bugé pas il y a 2 mois) je refait demain car ça prend trop de temps

Utilisateur anonyme · Answer

Re,

S'il buge de nouveau :

1) Démarre en Mode sans échec avec prise en charge réseau 
fais ainsi 

Pour cela, tu tapotes la touche F8 dès le début de l'allumage du pc sans t'arrêter 
Une fenêtre va s'ouvrir tu te déplaces avec les flèches du clavier sur >> démarrer enMode sans échec avec prise en charge réseau 
puis tape entrée. 
Une fois sur le bureau s'il n'y a pas toutes les couleurs et autres c'est normal ! 
(Si F8 ne marche pas utilise la touche F5) 


2/ Ensuite

Relance Malwarebytes et dis moi ce qui ce passe pour avancer... !


A demain

Darkvadortb · Answer

Steam il fait pas de pub? je viens de réinstaller (je fais malware demain)

Darkvadortb · Answer

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6457

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

27/04/2011 18:46:26
mbam-log-2011-04-27 (18-46-26).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 285462
Temps écoulé: 2 heure(s), 15 minute(s), 52 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 161

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP806\A1619886.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP806\A1619901.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP807\A1620038.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP808\A1620070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP808\A1620087.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP808\A1620098.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP808\A1620147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP809\A1620159.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP809\A1620182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP810\A1620200.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP810\A1620210.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP811\A1620238.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP811\A1620253.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP811\A1620270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP811\A1620277.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP812\A1620297.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP812\A1620309.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP812\A1620337.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP813\A1620373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP813\A1620379.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP814\A1620408.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP814\A1620426.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP814\A1620449.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP815\A1620478.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP815\A1620503.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP815\A1620525.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP817\A1620719.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP817\A1620738.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP817\A1621739.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP817\A1621746.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP817\A1621784.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP818\A1621799.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP818\A1621806.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1621817.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1621833.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1622209.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1622130.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1622154.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1622224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1622257.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP819\A1622270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP820\A1622319.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP820\A1622349.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP820\A1623346.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP820\A1622325.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP821\A1623356.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP821\A1623368.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP821\A1623391.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP822\A1623397.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP822\A1623625.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP822\A1623639.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP822\A1623655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP822\A1623672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP823\A1624672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP823\A1624695.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP823\A1625691.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP824\A1625711.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP824\A1625718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP824\A1625736.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP824\A1625749.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP825\A1625759.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP825\A1625771.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP826\A1625793.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP826\A1625778.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP826\A1625800.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP827\A1625827.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP827\A1625811.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP827\A1626827.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP828\A1626843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP828\A1626860.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP829\A1626880.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP830\A1626888.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP830\A1626914.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP830\A1626923.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1626936.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1626948.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1626956.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1627044.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1627074.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1627088.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP831\A1627104.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP832\A1627116.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP832\A1627136.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP833\A1627158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP833\A1627191.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP834\A1627202.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP834\A1627236.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP834\A1627253.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP835\A1628248.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP835\A1629302.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP835\A1628271.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP835\A1628303.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP835\A1630015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a51c5cde-3710-45ed-aeaf-4dbee7e77752}\RP835\A1631015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\C\program files\installer
etworker.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Joëlle\local settings\application data\assembly\dl3\MWP3T97K.5JR\J2N3E4Z8.OWJ\e7a93d04\004137a1_48eecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\02720c13_f2f2cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\0818140f_3203cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\10928e62_2af2cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\72f44f3f_ace5cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\7cf6407c_f403cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\7e4379aa_5ff7cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\7f21531b_dbefcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\8016ba46_a4fbcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\aad31a40_dbe2cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\ac7a5204_f6ebcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\b098b01e_16e6cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\b4037938_b1fecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\bc595d14_0bfacb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\bcdc6161_1002cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\52ece862_c1e4cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\54cb2818_a0ebcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\58fbc601_96e9cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\5a41d3e3_3be0cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\d0d5e8f9_0201cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\d20d2db1_82fbcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\d4f86286_b9efcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\d6295212_d5dfcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\d8dda851_ceeacb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\ece2a512_76dfcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\f435541c_abf6cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\f859cbd4_d2fecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\f85f4c78_0cf5cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\fc7d9b40_f4f1cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\fcced9b5_9f03cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\1edd0c0b_27eecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\24b82a73_b6e8cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\24bb8ae4_65e2cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\281faa80_e8e6cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\28f5405b_97e6cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\8c2dc69e_addecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\8c9ffcec_37f9cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\8ea3f15d_76eacb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\c2459a79_67f5cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\c8108443_47ebcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\c8ea3e51_e7eecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\ca2a820b_88ffcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\ca5211db_78f1cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\ca914cbf_f6f1cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\cad48831_8af4cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\6400d2c0_ba02cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\9278cfb7_4af6cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\92cf4135_9901cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\98a3fb11_65edcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\9c01e207_e6e7cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\9c162214_2fe3cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\9c5fe4d0_04e1cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\9c6f3b3e_05fdcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\a0caa6cc_2afccb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\a68d0cf6_6dfccb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\388442d4_ee01cc01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\38ac740c_85f7cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\40c539fe_2be7cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\123e2f78_74e9cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\12af8c67_defdcb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\14a78667_78f8cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\1630b1be_3ae7cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\18c271e9_d2e3cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\1a1ce7df_ffdecb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\e04f1136_a7f0cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings	hibaut 2_2\local settings\application data\assembly\dl3\G3L5P1Y1.4W5\MK7DJ3NY.J56\e7b59d40\e224eeae_8ae5cb01
etworker.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Re,

Lance Malwarebytes puis vide la quarentaine.

STP prépare un nouveau rapport ZHPDiag

Darkvadortb · Answer

je fais a nouveau ZHPDiag après avoir vidé la quarantaine?

Utilisateur anonyme · Answer

Re,

De rien!

Si tu veux terminer la désinfection, prépare un nouveau rapport ZHPDiag et je suis prêt pour continuer ...

Si tu ne peux pas continuer, il faut supprimer les outils 

de désinfection, pour cela  :

Télécharge DelFix  sur  ton  bureau.    
* Lance le, tape suppression puis valide   

Patiente pendant le scan jusqu'à l'ouverture du rapport.   

* Copie/Colle le contenu du rapport dans ta prochaine réponse.   

Note : Le rapport se trouve également sous C:\DelFix.txt   

tu peux le desinstaller   




Bonne nuit

Pub sur internet

20 réponses

Discussions similaires

Newsletters