Sujet Précédent Sujet Suivant

Bitdefender n es pa une application valide

Résolu/Fermé
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010 - 12 nov. 2008 à 16:04
 miss-suny - 14 nov. 2008 à 23:16
Bonjour,
bonjour je pense avoir choper un virus sur emule toute mes application comme bitdefender spybot meme msn ne voulai plu s ouvrir j ai fini par reussir a re avoir msn mais en englais car je l avais suprimer pour le reinstaller mais impossible d y arriver seule solution msn en anglais par contre je ne trouve pas de solution pour mes autre application je pense avoir etait infecter par un worm(enfin je pense ) que puis je faire???
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 17:12
FindyKill n'arrive pas à supprimer cette nouvelle version de Bagle, le créateur de FinyKill est actuellement en train d'y travailler.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Je te conseille vivement d'installer la Console de récupération.

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
1
miss-suny
12 nov. 2008 à 18:06
excuse pour l attente mais gros buComboFix 08-11-11.01 - Fanny 2008-11-12 17:18:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.644 [GMT 1:00]
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Fanny\Application Data\m
c:\documents and settings\Fanny\Application Data\m\flec006.exe
c:\documents and settings\Fanny\Application Data\ShoppingReport
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Fanny\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\program files\Glary Utilities\memdefrag.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\windows\dialerexe.ini
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004977_.tmp.dll
c:\windows\system32\_004978_.tmp.dll
c:\windows\system32\_004979_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004982_.tmp.dll
c:\windows\system32\_004985_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004992_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_005000_.tmp.dll
c:\windows\system32\_005001_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005006_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005011_.tmp.dll
c:\windows\system32\_005012_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005016_.tmp.dll
c:\windows\system32\_005017_.tmp.dll
c:\windows\system32\_005018_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005026_.tmp.dll
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 16:02 . 2008-11-12 16:52 <REP> d-------- c:\program files\FindyKill
2008-11-12 15:44 . 2008-11-12 15:44 <REP> d-------- c:\program files\Windows Live Favorites
2008-11-12 15:14 . 2008-11-12 15:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-11-12 15:13 . 2008-11-12 15:44 <REP> d-------- c:\program files\Windows Live Toolbar
2008-11-12 15:06 . 2008-11-12 15:00 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-12 14:50 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-12 14:50 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-12 14:50 . 2007-07-30 19:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-12 14:50 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-12 14:42 . 2008-11-12 15:27 <REP> d-------- c:\program files\Windows Installer Clean Up
2008-11-12 14:42 . 2008-11-12 14:42 <REP> d-------- c:\program files\MSECACHE
2008-11-12 14:36 . 2008-11-12 14:36 <REP> d-------- c:\program files\Microsoft Silverlight
2008-11-12 14:31 . 2008-11-12 15:27 <REP> d-------- c:\program files\MSN Messenger
2008-11-11 18:50 . 2008-11-11 18:50 <REP> d-------- c:\documents and settings\Fanny\Application Data\Zylom
2008-11-11 18:43 . 2008-11-11 19:34 <REP> d-------- c:\program files\Zylom Games
2008-11-11 18:43 . 2008-11-11 18:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Zylom
2008-11-09 13:48 . 2008-11-09 13:49 <REP> d-------- c:\program files\Lecteur CANALPLAY
2008-11-08 18:48 . 2008-11-12 15:14 <REP> d-------- c:\program files\Real
2008-11-08 18:48 . 2008-11-08 18:48 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-10-30 23:32 . 2008-10-30 23:32 <REP> d-------- c:\documents and settings\Fanny\Application Data\Apple Computer
2008-10-28 19:03 . 2008-10-28 19:03 <REP> d-------- c:\program files\Apple Software Update
2008-10-14 21:10 . 2008-10-15 17:41 <REP> d-------- c:\program files\Easy PDF Creator
2008-10-14 21:10 . 2004-01-28 16:50 57,344 --a------ c:\windows\system32\pdfmont.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 16:22 --------- d-----w c:\program files\Glary Utilities
2008-11-11 18:56 --------- d-----w c:\program files\eMule
2008-11-09 12:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 17:48 --------- d-----w c:\program files\Fichiers communs\Real
2008-10-23 07:26 --------- d-----w c:\program files\DivX
2008-10-17 19:26 --------- d-----w c:\program files\AOL 9.0
2008-10-15 17:18 --------- d-----w c:\program files\BitComet
2008-10-15 16:43 --------- d-----w c:\program files\Creative
2008-10-10 21:32 --------- d-----w c:\documents and settings\Fanny\Application Data\DivX
2008-10-02 20:07 --------- d-----w c:\program files\Horloge
2008-09-22 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-05-15 20:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051520080516\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2008-11-12 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-11-12 368640]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-08 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 17:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 18:34 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 19:34 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 09:52 36975 c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-03-01 22:22 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"XCOMM"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"VSSERV"=2 (0x2)
"usnjsvc"=3 (0x3)
"USBDeviceService"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LIVESRV"=2 (0x2)
"idsvc"=3 (0x3)
"bdss"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"11273:TCP"= 11273:TCP:BitComet 11273 TCP
"11273:UDP"= 11273:UDP:BitComet 11273 UDP
"5838:TCP"= 5838:TCP:messenger
"16602:TCP"= 16602:TCP:BitComet 16602 TCP
"16602:UDP"= 16602:UDP:BitComet 16602 UDP
R3 usbstor;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2004-10-25 59392]
S3 mtv1bus;Pimp My Mobile Composite Device driver (WDM);c:\windows\system32\DRIVERS\mtv1bus.sys [2006-09-11 63216]
S3 mtv1mdfl;Pimp My Mobile Modem Filter;c:\windows\system32\DRIVERS\mtv1mdfl.sys [2006-09-11 8368]
S3 mtv1mdm;Pimp My Mobile Modem Drivers;c:\windows\system32\DRIVERS\mtv1mdm.sys [2006-09-11 97520]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-06-20 436096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2008-11-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-04-09 12:22]

2008-11-12 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot\SpywareBot.exe []

2008-11-12 c:\windows\Tasks\SpywareBot Scheduled Scan.job
- c:\program files\SpywareBot []

2006-09-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-23 00:21]

2008-10-18 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-11-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-10-18 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-11-17 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Glary Memory Optimizer - c:\program files\Glary Utilities\memdefrag.exe
HKLM-Run-CanalPlayerHelper - c:\program files\Lecteur CANALPLAY\CanalPlayerHelper.exe
HKU-Default-RunOnce-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Fanny\Application Data\Mozilla\Firefox\Profiles\p9hsxa08.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\documents and settings\Fanny\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 17:34:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\program files\MSN Messenger\livecall.exe
.
**************************************************************************
.
Heure de fin: 2008-11-12 17:50:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-12 16:50:03

Avant-CF: 51,750,645,760 octets libres
Après-CF: 50,844,094,464 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

271
0
Réponse 2 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 18:08
---> Désinstalle FindyKill.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
1
miss-suny
12 nov. 2008 à 18:19
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Fanny\Bureau\FindyKill.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Fanny\Bureau\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
12 nov. 2008 à 18:22
----------------- FindyKill V4.600 ------------------

* User : Fanny - FANNETTE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 18:12:06 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Fanny\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\Fanny\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 3 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 18:27
---> Désinstalle FindyKill.

---> Menu Démarrer > Exécuter > Tape combofix /u et valide par Entrée.

---> Réinstalle tes applications infectées ("n'est pas une application win32 valide").

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
1
Réponse 4 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 16:06
Salut,

C'est bien un worm, c'est du Bagle.

--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
miss-suny
12 nov. 2008 à 16:17
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\120781.EXE-041CCBA0.pf
Found ! - C:\WINDOWS\prefetch\131921.EXE-21C5B40C.pf
Found ! - C:\WINDOWS\prefetch\15196203.EXE-27280AF7.pf
Found ! - C:\WINDOWS\prefetch\15216156.EXE-1C87EAF7.pf
Found ! - C:\WINDOWS\prefetch\313437.EXE-0645AD79.pf
Found ! - C:\WINDOWS\prefetch\73734.EXE-153833DE.pf
Found ! - C:\WINDOWS\prefetch\75609.EXE-366F4EDB.pf
Found ! - C:\WINDOWS\prefetch\78171.EXE-2E12547C.pf
Found ! - C:\WINDOWS\prefetch\80937.EXE-05C46467.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-39F5C09F.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [12/11/2008 15:30] - C:\WINDOWS\system32\mdelk.exe
Found ! [12/11/2008 15:30] - C:\WINDOWS\system32\wintems.exe
Found ! [12/11/2008 15:30] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [12/11/2008 15:29] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [12/11/2008 15:29] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [06/03/2005 08:10] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [12/11/2008 15:32] - "C:\WINDOWS\system32\drivers\downld"
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\109875.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\111750.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\114750.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\120781.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\131921.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\136531.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\137453.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\139250.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\143718.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\145125.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15202656.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15203796.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15216156.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15240921.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15248828.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\153406.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15348281.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\15350421.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\187328.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\209250.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\209312.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\213125.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\216656.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\221500.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\229937.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\261625.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\264765.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\272703.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\281859.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\313437.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\346062.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\50765.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\51984.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\61796.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\62781.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\722781.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\73734.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\75609.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\77328.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\78171.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\78281.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\80937.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\84234.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\87296.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\88140.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\89000.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\89953.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\93421.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\95156.exe
Found ! [12/11/2008 15:32] C:\WINDOWS\system32\drivers\downld\96437.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Fanny\Application Data

Found ! [12/11/2008 15:30] - "C:\Documents and Settings\Fanny\Application Data\m\flec006.exe"
Found ! [12/11/2008 15:30] - "C:\Documents and Settings\Fanny\Application Data\m\list.oct"
Found ! [12/11/2008 15:30] - "C:\Documents and Settings\Fanny\Application Data\m\data.oct"
Found ! [12/11/2008 15:31] - "C:\Documents and Settings\Fanny\Application Data\m\srvlist.oct"
Found ! [12/11/2008 15:31] - "C:\Documents and Settings\Fanny\Application Data\m\shared"
Found ! [12/11/2008 15:31] - "C:\Documents and Settings\Fanny\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\Fanny\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5

Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\00YALQR2\b64_3[1].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64[1].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64_3[1].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64_3[2].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\9SWBYCUU\b64_3[1].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\9SWBYCUU\b64_3[2].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\OPZB90AK\b64[1].jpg
Found ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\OPZB90AK\b64_1[1].jpg
--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
CanalPlayerHelper REG_SZ C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Glary Memory Optimizer REG_SZ "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba662030-24c3-11dc-b331-001921b3da06}\Shell\AutoRun\command


------------------- ! Fin du rapport ! --------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 16:18
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 1 redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
miss-suny
12 nov. 2008 à 16:35
----------------- FindyKill V4.500 ------------------

* User : Fanny - FANNETTE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Suppression effectuée à 16:15:17 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe

--------------- [ Fichiers / Dossiers infectieux ] ----------------


»»»» Supression des fichiers dans C:


»»»» Supression des fichiers dans C:\WINDOWS


»»»» Supression des fichiers dans C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\120781.EXE-041CCBA0.pf
Deleted ! - C:\WINDOWS\prefetch\131921.EXE-21C5B40C.pf
Deleted ! - C:\WINDOWS\prefetch\15196203.EXE-27280AF7.pf
Deleted ! - C:\WINDOWS\prefetch\15216156.EXE-1C87EAF7.pf
Deleted ! - C:\WINDOWS\prefetch\313437.EXE-0645AD79.pf
Deleted ! - C:\WINDOWS\prefetch\73734.EXE-153833DE.pf
Deleted ! - C:\WINDOWS\prefetch\75609.EXE-366F4EDB.pf
Deleted ! - C:\WINDOWS\prefetch\78171.EXE-2E12547C.pf
Deleted ! - C:\WINDOWS\prefetch\80937.EXE-05C46467.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-39F5C09F.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Supression des fichiers dans C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Not deleted !! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\109875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\111750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\114750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\120781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\131921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\136531.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\137453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\139250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\143718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\145125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15202656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15203796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15216156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15240921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15248828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\153406.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15348281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15350421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\187328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\209250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\209312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\213125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\216656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\221500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\229937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\261625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\264765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\272703.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\281859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\313437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\346062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\50765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\51984.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\61796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\62781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\722781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\73734.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\75609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\77328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\78171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\78281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\84234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\87296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\88140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\89000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\89953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\93421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\95156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\96437.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"
»»»» Supression des fichiers dans C:\Documents and Settings\Fanny\Application Data

Not deleted !! - "C:\Documents and Settings\Fanny\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Fanny\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Fanny\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Fanny\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\3DMF Workshop 0.6d.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Abaiko Disk Space Monitor 2.02.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\ABC's_of_Service_Management_4.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Acala_DivX_to_iPod_2.3.3.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Acronis_True_Image_Home_10.0_Build_4940.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\AGuardDog_Sheild_1.0.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Alert Phone 1.28.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Allspamaway for Outlook Express 1.0.0.98.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Andalib Organizer 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\antivirus.bitdefender.9.free.and.manual.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Antivirus.Panda.Platinium.2005.Esp.Crack.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Anyimax iPhone Video Converter Suite 1.51 Build 808.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\AtomPark_E-mail_Logger_v1.43.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\AudioTime_3.0_Cracked.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Autumn_Lake_Demo_Screensaver_1.0_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Avast_Professional_Edition_4.7.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Avira.Premium.Security.Suite.v7.00.00.47.GERMAN.Incl.Serial-NoBody.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Bill_Redirect_Serial_COMPort_to_Keyboard_3.0D_[Patch].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\bitdefender.plus.v10.+.serial.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\BlindWrite_Profiler_3.1.0.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Blog_Reader_Screensaver_1.1_[Cracked].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Blue_Satin_Skin_-_MorphVOX_Add-on_1.0.2.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\BLZ Extractor 1.0.1.148.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Borg_Clock_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Brutus 2006.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\ByteWasher 2.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\CafePress Search 1.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Calendar_DIY_1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\CBWallpaper_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\CL Command Clipper 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Click'n_Design_3D_5.1.4_Crack.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Club_Lab_1.00.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\ComGuard 0.12.0451.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Compare_It!_3.86_(Cracked).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Control_Icon_Collection_1.0_[With_Crack].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\DataGridView_Columns_.NET_2.0_assembly_1.04.3_(KeyGen).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Desktop Pulse 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\DiagramDraw 1.00.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Directors_NotePad_1.0a.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Don't Forget 3.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\E-mail_Saver_3.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Earthsim_browser_1.5.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\EasyPhotoImager_1.0_Cracked.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\EGTray_k7.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Employee_Planner_1.46.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\ESBCalc 5.1.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\ESET.NOD32.AV.Administrator.Edition.Win2KXP.v2.12.2.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Euromatic Expense (French) 1.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Excellence_Flash_Speed_200%_3.7.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\FaceShop Pro 3.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\FileSpy Pro 2.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Finders_Keepers_4.00.0_With_Crack.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Flash Menu Builder 1.0 (Cracked).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Flash_Terminal_4.2.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\FoxPro2MSSQL Pro 1.0.2 Cracked.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Funny Typing 1.6.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\GdPicture_Light_OCX_-_Image_Processing_ActiveX_2.9.1_[Key].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Go_Game_Hamete_and_Overplay_for_Symbian_Series_90_1.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Heroes of Might and Magic IV v2.2 to v3.0 patch.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Inspector-Parker_1.02.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Interactive Message Response System e2.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\IP_Manager_2.4.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\iShield_1.0.18.39_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\ISMSRAT 1.01.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\JuliaGenerator 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\K-Lite_Pro_2.0.0.1_KeyGen.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\kaspersky.anti-virus.for.server.windows.4.5.0.58.with.key.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Kaspersky.Antivirus.PACK.OF.5.Keys.expire.2008.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\KeepNTouch 1.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Kentuckiana_Weather_Radio_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Leadville_Astronaut_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\LingvoSoft_Dictionary_2007_English_-_Latvian_4.0.22_[Patch].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\MailList_King_6.06.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Math_Password_Recovery_1.0_[With_Crack].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Media Player Puppeteer for iTunes 2.0.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Mega Search 1.3.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\MidiSyn_1.7.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Midnight_Mars_Browser_1.4.6.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\MOBILedit!_Forensic_2.3.0.14_(Cracked).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Mobile_3GP_Converter_1.0.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Monterey Barcode Creator 3.0.7.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Multifunctional Analog Clock 1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Musicstacker 2.0.1 [Patch].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\MUTE File Sharing 0.5.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\My Calculator 2.994.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Newsgroups_Post_Master_8.8.8_[Key].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\NOD32.Anti-Virus.System.v.2.51.30.NT.2000.XP.2003.x64.ESP.+.RegFile_DnGnMsTr.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\On2_Flix_Standard_8.005.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\One-Year_Bible_Reading_Calendar_1.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Opell DVD to 3GP Converter 2.2.7.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Photo_Snap_2.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Picture_Window_Pro_4.0.1.6.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\PJCSearch_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Plato_Video_To_iPod_Converter_3.71_(Patch).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Pocket_Quran_1.5.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Port Monitor ActiveX Component 1.5.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Pricing and Breakeven Analysis Excel 2.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Recipes_Galore_5.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Replace and Rename 1.8.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Resource .NET 2.9.3017.28240.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\S10_RedEyes_2.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SC_BirthdayMinder_1.0a.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SelectView 2.2.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SelfEvaluator_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Sharepoint Administration Extension Pack 2003.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Shortcut_Doctor_3.1_(Serial).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SiteChange2Email 1.0.1.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\sitehelpdesk_7.2_[Patch].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Skeleton Constructor 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Skypify_Callbound_1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Smartworks - Project Planner 4.9.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Snappy PhotoCard Creator Professional 2.00.2181.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SocketWatch_3.5b_(Cracked).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Softabar Command Line Email Client 1.2.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\StereoStocker 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SV2_Page_Tracker_1.02b.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\SWF-AVI-GIF_Converter_1.02_[Serial].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Task Manager (Black Bench) 1.0 (Cracked).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\The_Daily_Murder_1.3.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\The_Sims_-_Kezz_Purple_Strip_skin.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Tiger Puzzle 1.10.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Url_Spider_Jeanie_3.3.8.0_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Vallen Zipper 1.60 Build 2005.0401.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Virtual Metronome 2.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\VS2005 Addins 1.02.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\WAP Proof 2.0 [With Crack].zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\WarehouseNet_2.18_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Webawy 1.0.zip
Deleted ! - C:\Documents and Settings\Fanny\Application Data\m\shared\Zoom_1.01.zip
Deleted ! - "C:\Documents and Settings\Fanny\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Fanny\Application Data\m"
»»»» Supression des fichiers dans C:\DOCUME~1\Fanny\LOCALS~1\Temp


»»»» Supression des fichiers dans C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\00YALQR2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\9SWBYCUU\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\9SWBYCUU\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\OPZB90AK\b64[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\OPZB90AK\b64_1[1].jpg

--------------- [ Registre / Clés infectieuses ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\Local AppWizard-Generated Applications\patch
Deleted ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-1073371833-4009808496-458566695-1005\Software\MuleAppData
--------------- [ Etat / Redémarage des services ] ----------------

+- Mode sans echec restauré !


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur amovible

F: - Lecteur amovible

K: - Lecteur amovible


+- Suppression des fichiers :


--------------- [ Registre / Moutpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba662030-24c3-11dc-b331-001921b3da06}\Shell\AutoRun\command

--------------- [ Recherche Cracks / Keygen ] ----------------



---------------- ! Fin du rapport ! ------------------
0
Réponse 6 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 16:18
Voilà ;)
0
Réponse 7 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 16:43
---> Refais l'option 1 de FindyKill et poste le rapport.
0
miss-suny
12 nov. 2008 à 16:47
----------------- FindyKill V4.500 ------------------

* User : Fanny - FANNETTE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 16:36:12 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [12/11/2008 15:30] - C:\WINDOWS\system32\mdelk.exe
Found ! [12/11/2008 15:30] - C:\WINDOWS\system32\wintems.exe
Found ! [12/11/2008 16:31] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [12/11/2008 16:15] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [06/03/2005 08:10] - C:\WINDOWS\system32\drivers\winfilse.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Fanny\Application Data

Found ! [12/11/2008 15:30] - "C:\Documents and Settings\Fanny\Application Data\m\flec006.exe"
Found ! [12/11/2008 16:16] - "C:\Documents and Settings\Fanny\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\Fanny\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
CanalPlayerHelper REG_SZ C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Glary Memory Optimizer REG_SZ "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

E: - Lecteur amovible

F: - Lecteur amovible

K: - Lecteur amovible


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 8 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 16:54
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 1 redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
miss-suny
12 nov. 2008 à 17:07
je sais pas si ces important enfin je pense que oui avant de finir l analyse le message:exception processing message c0000013 parametre 75afbf7c475afbf7c75afbf7c apparait dans une petite fenetre avec ecrit dessous ANNULER RECOMMENCER CONTINUER si je fait recommencer sa refait pareil si je fait continuer il faut que j appuy 5fois avant kque la fenetre ce ferme puis le message reapparait et je dois cliquer 3 fois de plus pour que l analyse ce termine
----------------- FindyKill V4.500 ------------------

* User : Fanny - FANNETTE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Suppression effectuée à 16:49:41 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe

--------------- [ Fichiers / Dossiers infectieux ] ----------------


»»»» Supression des fichiers dans C:
»»»» Supression des fichiers dans C:\WINDOWS


»»»» Supression des fichiers dans C:\WINDOWS\Prefetch


»»»» Supression des fichiers dans C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Not deleted !! - C:\WINDOWS\system32\drivers\winfilse.exe

»»»» Supression des fichiers dans C:\Documents and Settings\Fanny\Application Data

Not deleted !! - "C:\Documents and Settings\Fanny\Application Data\m\flec006.exe"
Not deleted !! - "C:\Documents and Settings\Fanny\Application Data\m"

»»»» Supression des fichiers dans C:\DOCUME~1\Fanny\LOCALS~1\Temp


»»»» Supression des fichiers dans C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\00YALQR2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\3ZQPEYC9\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\9SWBYCUU\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\9SWBYCUU\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\OPZB90AK\b64[1].jpg
Deleted ! - C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\OPZB90AK\b64_1[1].jpg

--------------- [ Registre / Clés infectieuses ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Redémarage des services ] ----------------

+- Mode sans echec restauré !
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur amovible

F: - Lecteur amovible

K: - Lecteur amovible


+- Suppression des fichiers :


--------------- [ Registre / Moutpoint2 ] ----------------


-> Not found !


--------------- [ Recherche Cracks / Keygen ] ----------------



---------------- ! Fin du rapport ! ------------------
0
Réponse 9 / 27
Utilisateur anonyme
12 nov. 2008 à 17:45
helo ,

pour suivre merci
0
Réponse 10 / 27
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
12 nov. 2008 à 19:01
dans executer il ne trouve pas combofix/u je doit partir travailler je ne revien que ver 22h si tu veut bien continuer a m aider je serai heureuse des mon arriver es ce que je continuer la suite de ton post meme si il na pas trouver combofix/u? je lirai ta reponse en rentrent es merci encore de m avoir accoder ton temps
0
Réponse 11 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 19:24
Il y a un espace entre combofix et le /u.
0
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
12 nov. 2008 à 22:20
je suis de retour bon j ai tout fait alors voila:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Fanny at 2008-11-12 22:15:50
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 52 GB (35%) free of 148 GB
Total RAM: 959 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15, on 2008-11-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\Fanny\Local Settings\Temporary Internet Files\Content.IE5\MKY43Y4X\RSIT[1].exe
C:\Program Files\trend micro\Fanny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B61A8602-0F7A-4535-B6C0-C47946ADF1E4}: NameServer = 80.10.246.2,80.10.246.129
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 12 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 23:15
- Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Au menu principal, choisis l'option "A".
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 13 / 27
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
12 nov. 2008 à 23:20
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------

START at: 23:18:36 | 2008-11-12
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 7.0.5730.13
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Fanny | PC: FANNETTE
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [572]
\??\C:\WINDOWS\system32\csrss.exe [652]
\??\C:\WINDOWS\system32\winlogon.exe [704]
C:\WINDOWS\system32\services.exe [748]
C:\WINDOWS\system32\lsass.exe [760]
C:\WINDOWS\system32\svchost.exe [932]
C:\WINDOWS\system32\svchost.exe [988]
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [1052]
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [1076]
C:\WINDOWS\System32\svchost.exe [1156]
C:\WINDOWS\system32\svchost.exe [1200]
C:\WINDOWS\system32\svchost.exe [1396]
C:\WINDOWS\system32\svchost.exe [1444]
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [1516]
C:\WINDOWS\system32\spoolsv.exe [1712]
C:\WINDOWS\Explorer.EXE [2044]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [264]
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [288]
C:\WINDOWS\system32\ctfmon.exe [336]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [348]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [356]
C:\WINDOWS\System32\svchost.exe [476]
C:\WINDOWS\eHome\ehRecvr.exe [496]
C:\WINDOWS\eHome\ehSched.exe [516]
C:\WINDOWS\system32\svchost.exe [1340]
C:\WINDOWS\system32\svchost.exe [1876]
C:\WINDOWS\ehome\mcrdsvc.exe [364]
C:\WINDOWS\system32\dllhost.exe [2288]
C:\WINDOWS\System32\alg.exe [2432]
C:\WINDOWS\System32\svchost.exe [2652]
C:\WINDOWS\system32\wscntfy.exe [2688]
C:\Program Files\MSN Messenger\usnsvc.exe [3068]
C:\WINDOWS\System32\svchost.exe [3280]
C:\Program Files\MSN Messenger\livecall.exe [1228]
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe [3604]
C:\Program Files\Internet Explorer\IEXPLORE.EXE [2728]
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe [828]

---------------------------- [~> 37]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+


+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\p9hsxa08.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.3 ~~~~

Start Page : "https://start.mozilla.org/fr/"

+----------+


+---------------------------------------------------------------------------+


+---------- Added scan ...

+-----[HKLM\...\Run]

TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

+-----[HKCU\...\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
Start Page : hxxp://www.live.com/\0\0

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://runonce.msn.com/

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 96 lines ]
+---------------------------------------------------------------------------+

[ END at: 23:19:36 | 2008-11-12 ] - [ Time elapsed: 59.8 seconds ]
0
Réponse 14 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 23:25
/!\ Déconnecte-toi et ferme toutes applications en cours /!\

- Clique droit sur AD-Remover et choisis Exécuter en tant qu'administrateur : au menu principal choisi l'option "B".

--> Le programme va travailler...

- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
0
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
12 nov. 2008 à 23:36
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------

START at: 23:29:55 | 2008-11-12
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 7.0.5730.13
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Fanny | PC: FANNETTE
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [564]
\??\C:\WINDOWS\system32\csrss.exe [644]
\??\C:\WINDOWS\system32\winlogon.exe [704]
C:\WINDOWS\system32\services.exe [748]
C:\WINDOWS\system32\lsass.exe [760]
C:\WINDOWS\system32\svchost.exe [936]
C:\WINDOWS\system32\svchost.exe [984]
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [1056]
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [1072]
C:\WINDOWS\System32\svchost.exe [1156]
C:\WINDOWS\system32\svchost.exe [1200]
C:\WINDOWS\system32\svchost.exe [1392]
C:\WINDOWS\system32\svchost.exe [1444]
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [1512]
C:\WINDOWS\system32\spoolsv.exe [1704]
C:\WINDOWS\Explorer.EXE [120]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [276]
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [272]
C:\WINDOWS\system32\ctfmon.exe [336]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [348]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [364]
C:\WINDOWS\System32\svchost.exe [472]
C:\WINDOWS\eHome\ehRecvr.exe [504]
C:\WINDOWS\eHome\ehSched.exe [516]
C:\WINDOWS\system32\svchost.exe [1872]
C:\WINDOWS\system32\svchost.exe [1936]
C:\WINDOWS\ehome\mcrdsvc.exe [268]
C:\WINDOWS\system32\dllhost.exe [2280]
C:\WINDOWS\System32\alg.exe [2432]
C:\WINDOWS\System32\svchost.exe [2616]
C:\WINDOWS\system32\wscntfy.exe [2756]
C:\WINDOWS\System32\svchost.exe [3244]
C:\Program Files\MSN Messenger\usnsvc.exe [3504]
C:\Program Files\MSN Messenger\livecall.exe [1308]
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe [684]
C:\Program Files\Internet Explorer\IEXPLORE.EXE [2400]
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe [1900]

---------------------------- [~> 37]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED
+---------------------------------------------------------------------------+


+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED
+---------------------------------------------------------------------------+


(!) ---- Temp files deleted.

(!) ---- Recycle bin emptied in all drives.



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\p9hsxa08.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.3 ~~~~

Start Page : "https://start.mozilla.org/fr/"

+----------+



+---------- Added scan ...

+-----[HKLM\...\Run]

TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

+-----[HKCU\...\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157
Start Page : hxxp://www.live.com/\0\0

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://runonce.msn.com/

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 95 lines ]
+---------------------------------------------------------------------------+

[ END at: 23:34:18 | 2008-11-12 ] - [ Time elapsed: 4 minutes, 22 seconds ]
0
Réponse 15 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
12 nov. 2008 à 23:40
---> Désinstalle AD-Remover.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Je repasse demain.
0
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
13 nov. 2008 à 15:36
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1395
Windows 5.1.2600 Service Pack 3

2008-11-13 15:33:14
mbam-log-2008-11-13 (15-33-14).txt

Type de recherche: Examen rapide
Eléments examinés: 49914
Temps écoulé: 9 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 15
Fichier(s) infecté(s): 157

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Fanny\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\SpywareBot\Log\2007 Oct 06 - 08_34_49 PM_578.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\SpywareBot\Log\2007 Oct 06 - 08_34_51 PM_859.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\SpywareBot\Settings\ScanResults.pie (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fanny\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
0
Réponse 16 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
13 nov. 2008 à 15:46
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Supprime le dossier RSIT situé dans C:\

---> Relance RSIT et poste les deux rapports.
0
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
13 nov. 2008 à 17:30
Logfile of random's system information tool 1.04 (written by random/random)
Run by Fanny at 2008-11-13 17:27:04
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 52 GB (35%) free of 148 GB
Total RAM: 959 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27, on 2008-11-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Documents and Settings\Fanny\Bureau\RSIT.exe
C:\Program Files\trend micro\Fanny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B61A8602-0F7A-4535-B6C0-C47946ADF1E4}: NameServer = 80.10.246.2,80.10.246.129
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 17 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
14 nov. 2008 à 15:54
1/

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Désinstalle le programme suivant :
- J2SE Runtime Environment 5.0 Update 4


2/

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:services
MEMSWEEP2

:files
C:\WINDOWS\system32\CF7349.exe
C:\WINDOWS\system32\CF3286.exe
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

:commands
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log


3/

---> Supprime le dossier RSIT situé dans C:\

---> Refais un scan RSIT et poste les deux rapports.
0
miss-suny
14 nov. 2008 à 17:28
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service MEMSWEEP2 stopped successfully.
Service MEMSWEEP2 deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\CF7349.exe moved successfully.
C:\WINDOWS\system32\CF3286.exe moved successfully.
File/Folder C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Fanny\LOCALS~1\Temp\~DF4192.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Fanny\LOCALS~1\Temp\~DF51F7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_172027

Files moved on Reboot...
File C:\DOCUME~1\Fanny\LOCALS~1\Temp\~DF4192.tmp not found!
File C:\DOCUME~1\Fanny\LOCALS~1\Temp\~DF51F7.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_9bc.dat not found!
0
Réponse 18 / 27
miss-suny
14 nov. 2008 à 17:33
Logfile of random's system information tool 1.04 (written by random/random)
Run by Fanny at 2008-11-14 17:29:28
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 52 GB (35%) free of 148 GB
Total RAM: 959 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29, on 2008-11-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Fanny\Bureau\RSIT.exe
C:\Program Files\trend micro\Fanny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B61A8602-0F7A-4535-B6C0-C47946ADF1E4}: NameServer = 80.10.246.2,80.10.246.129
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 19 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
14 nov. 2008 à 17:36
---> Lance ce fichier : C:\Program Files\trend micro\Fanny.exe

---> Choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)

O24 - Desktop Component 0: (no name) - (no file)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Ferme HijackThis.

---> Lance ce fichier : C:\Program Files\trend micro\Fanny.exe

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
0
miss-suny Messages postés 16 Date d'inscription lundi 1 octobre 2007 Statut Membre Dernière intervention 23 octobre 2010
14 nov. 2008 à 17:43
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\Fanny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B61A8602-0F7A-4535-B6C0-C47946ADF1E4}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - (no file)
0
Réponse 20 / 27
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
14 nov. 2008 à 18:05
Ton PC va comment ?

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0

Discussions similaires

"Aucune application permettant d'ouvrir cette URL"
sidojaice -
JIP -

24 réponses
Nom de champs du tableau croisé dynamique non valide
Kazooie123 -
SajDri -

6 réponses
Blocage sur tableau Excel par la mention "La référence n'est pas valide
OBP-P75 -
DjiDji59430 -

1 réponse
Installer une application non vérifiée Microsoft Store
Camtajoie -
Kori-Kori -

11 réponses
Impossible d'ouvrir des liens via mon Samsung A71
bleuenn29 -
Pierr10 -

4 réponses