Avast ne fonctionne plusRésolu/Fermé

Question

Bonjour,
J'ai Avast qui ne fonctionne pas depuis un peu plus d'une semaine et qui n'apparaît non plus dans la barre des tâches. J'ai voulu donc désinstaller ( c'était un calvaire jusqu'à ce que j'utilise aswclear) et télécharger à nouveau  mais pareil.  Je reçois toujours le même message disant que l'application win32 n'est pas valide.
J'ai essayé plusieurs solutions ici mais rien. Cependant, la dernière que j'ai utilisé était celle ou on demandait de reparer,mais à la fin de l'opération il est demandé de retrouver Avast dans l'onglet démarrage et Avast n'y est pas .
SVP aidez moi
Merci d'avance.

Utilisateur anonyme · Accepted Answer

hé bien ,

tu as bien fait de venir nous voir , il y a encore d autres infections mais rien de grave :

Télécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) : 

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes applications en cours ! 

* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut . 
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil . 
* Au menu principal choisis l'option "A" et tape sur [entrée] . 

Laisse travailler l'outil et ne touche à rien ... 

--> Poste le rapport qui apparait à la fin . 

( le rapport est sauvegardé aussi sous C:\Ad-report.log ) 

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note :"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

Tuto (aides) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/crbst_0.html

jlpjlp · Answer

slt
a mon avis tu as téléchargé des crack et tu es infecté par le fameux bagle!

vire tes cracks 

puis




Telecharge FindyKill sur ton bureau : 

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

titanj-84 · Answer

Merci,
j'ai lancé l'installation mais lorsque je double clique sur le raccourci je ne vois pas de menu principale ni rien sauf une page noire avec un felin remerciements a mOne avec des trucs langues en dessous du genre 
F:Français
C:castellano
etc 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque j'y comprend pas grand chose


ps: je suis novice dans le monde informatique

jlpjlp · Answer

tu choisi francais!


pour le rapport la racine du disque c'est aller dans poste de travail puis C  puis tu auras le rapport  FindyKill.txt

titanj-84 · Answer

Voilà ce que j'ai pu ressortir




Nom	Type	Taille	Temps
c2d2c52db2ba019bcdfa76	Dossier		26/06/2008 14:01:05
Config.Msi	Dossier		06/04/2009 15:54:05
d90f126414d95bfb28c5	Dossier		10/09/2008 09:44:42
Documents and Settings	Dossier		22/05/2008 14:59:25
FindyKill	Dossier		17/04/2009 16:52:44
MSOCache	Dossier		29/09/2008 16:26:27
My PageManager	Dossier		06/03/2009 10:25:26
Program Files	Dossier		11/04/2009 10:57:36
QUARANTINE	Dossier		06/01/2009 07:58:20
RECYCLER	Dossier		27/05/2008 17:21:08
System Volume Information	Dossier		17/04/2009 15:38:32
WINDOWS	Dossier		17/04/2009 11:55:52
07.Christophe Maé - C'est ma terre.mp3	Audio MPEG 3	3 605 ko	31/03/2009 09:06:23
any dwg to pdf converter 2008 [incl crack by ROR].zip	Archive WinRAR ZIP	255 ko	31/03/2009 09:01:34
AUTOEXEC.BAT	Fichier de commande MS-DOS	0 o	22/05/2008 14:54:35
boot.ini	Paramètres de configuration	212 o	17/04/2009 14:18:22
Bootfont.bin	Fichier BIN	5 ko	28/08/2001 10:00:00
Christophe Maé -A qui la faute.mp3	Audio MPEG 3	5 166 ko	31/03/2009 09:09:40
Christophe Maë - Parce Qu'On Ne Sait Jamais.mp3	Audio MPEG 3	3 005 ko	31/03/2009 09:07:56
CONFIG.SYS	Fichier système	0 o	22/05/2008 14:54:35
IO.SYS	Fichier système	0 o	22/05/2008 14:54:35
Matt Pokora - Ma Number One.mp3	Audio MPEG 3	4 158 ko	30/03/2009 14:05:19
Matt Pokora - Pas Sans Toi.mp3	Audio MPEG 3	6 173 ko	30/03/2009 14:13:56
Matt Pokora - Tu m'as quitté.mp3	Audio MPEG 3	3 989 ko	30/03/2009 14:12:25
MSDOS.SYS	Fichier système	0 o	22/05/2008 14:54:35
NTDETECT.COM	Application MS-DOS	47 ko	03/08/2004 22:38:34
ntldr	Fichier	247 ko	17/09/2008 10:29:52
pagefile.sys	Fichier système	0 o	17/04/2009 15:37:16
sqmdata00.sqm	Fichier SQM	268 o	22/05/2008 15:21:28
sqmdata01.sqm	Fichier SQM	268 o	22/05/2008 15:33:20
sqmdata02.sqm	Fichier SQM	208 o	22/05/2008 15:39:56
sqmdata03.sqm	Fichier SQM	280 o	22/05/2008 19:18:05
sqmdata04.sqm	Fichier SQM	268 o	04/07/2008 10:46:09
sqmdata05.sqm	Fichier SQM	268 o	18/07/2008 13:18:27
sqmdata06.sqm	Fichier SQM	268 o	18/07/2008 14:01:16
sqmdata07.sqm	Fichier SQM	268 o	18/07/2008 14:24:56
sqmnoopt00.sqm	Fichier SQM	244 o	22/05/2008 15:21:28
sqmnoopt01.sqm	Fichier SQM	244 o	22/05/2008 15:33:20
sqmnoopt02.sqm	Fichier SQM	172 o	22/05/2008 15:39:56
sqmnoopt03.sqm	Fichier SQM	244 o	22/05/2008 19:18:05
sqmnoopt04.sqm	Fichier SQM	244 o	04/07/2008 10:46:09
sqmnoopt05.sqm	Fichier SQM	244 o	18/07/2008 13:18:27
sqmnoopt06.sqm	Fichier SQM	244 o	18/07/2008 14:01:16
sqmnoopt07.sqm	Fichier SQM	244 o	18/07/2008 14:24:56
YServer.txt	Document texte	150 o	12/06/2008 16:32:45

jlpjlp · Answer

non c'est pas cela!


refais

titanj-84 · Answer

On reprend lentement svp. Je m'excuse mais je suis trop nulle dans ce domaine.
1-poste de travail( j'ai deux lecteurs de disque dur C & D)
2- j'ouvre le C (j'ai une liste de programmes avec en dessous parcourir et un peu plus en bas ok et annuler)
là je suis coincée je fais quoi par la suite svp?

jlpjlp · Answer

dans C tu ouvre ce fichier:   FindyKill.txt


et tu me mets le rapport

Utilisateur anonyme · Answer

salut , tuto ici : http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_recherche.html

jlpjlp · Answer

slt chiki!

titanj-84 · Answer

Bonjour,
Merci chiquitine ;)

J'espère que c'est le bon rapport jlpjlp


############################## [ FindyKill V4.724 ] 

# User : SECRETARIAT (Administrateurs) # POSTE2
# Update on 15/04/09 by Chiquitine29
# Start at: 10:30:36 | 18/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,35 Go (13,28 Go free) # NTFS
# D:\ # Disque fixe local # 9,95 Go (9,7 Go free) # NTFS
# E:\ # Disque CD-ROM
 
############################## [ Processus actifs ] 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe
C:\Documents and Settings\SECRETARIAT\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\documents and settings\secretariat\local settings\application data\sgusowm.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
################## [ Processus infectieux stoppés ]  

"C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe"  (2096)
"C:\Documents and Settings\SECRETARIAT\Application Data\m\flec006.exe"  (2104)
"C:\WINDOWS\system32\wintems.exe"  (2132)
 
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ] 
 
Found ! C:\WINDOWS\Prefetch\1021109.EXE-376933EB.pf  
Found ! C:\WINDOWS\Prefetch\1024968.EXE-2E28E61C.pf  
Found ! C:\WINDOWS\Prefetch\1056703.EXE-06C5FE94.pf  
Found ! C:\WINDOWS\Prefetch\1069171.EXE-1414D2BF.pf  
Found ! C:\WINDOWS\Prefetch\1070281.EXE-0D489F90.pf  
Found ! C:\WINDOWS\Prefetch\1072437.EXE-0716C11E.pf  
Found ! C:\WINDOWS\Prefetch\1528796.EXE-10A74FAE.pf  
Found ! C:\WINDOWS\Prefetch\15665828.EXE-2B5CB64B.pf  
Found ! C:\WINDOWS\Prefetch\15848375.EXE-086B1DBB.pf  
Found ! C:\WINDOWS\Prefetch\16087031.EXE-008157C1.pf  
Found ! C:\WINDOWS\Prefetch\16121031.EXE-1FF82654.pf  
Found ! C:\WINDOWS\Prefetch\16511796.EXE-0175821A.pf  
Found ! C:\WINDOWS\Prefetch\1692015.EXE-3129DABE.pf  
Found ! C:\WINDOWS\Prefetch\19357484.EXE-0601AE73.pf  
Found ! C:\WINDOWS\Prefetch\19621046.EXE-10AC43AE.pf  
Found ! C:\WINDOWS\Prefetch\19641062.EXE-253DCD42.pf  
Found ! C:\WINDOWS\Prefetch\19653000.EXE-0AB8B5F4.pf  
Found ! C:\WINDOWS\Prefetch\20065000.EXE-391902C3.pf  
Found ! C:\WINDOWS\Prefetch\274718.EXE-2E60778F.pf  
Found ! C:\WINDOWS\Prefetch\307500.EXE-2EC5F735.pf  
Found ! C:\WINDOWS\Prefetch\308593.EXE-0ABE4B02.pf  
Found ! C:\WINDOWS\Prefetch\31149078.EXE-1244CDF6.pf  
Found ! C:\WINDOWS\Prefetch\31273296.EXE-265B1E0B.pf  
Found ! C:\WINDOWS\Prefetch\343515.EXE-128320EE.pf  
Found ! C:\WINDOWS\Prefetch\387859.EXE-31C7DFDC.pf  
Found ! C:\WINDOWS\Prefetch\4352140.EXE-385CA161.pf  
Found ! C:\WINDOWS\Prefetch\4363968.EXE-001066F4.pf  
Found ! C:\WINDOWS\Prefetch\4398734.EXE-1D5F9CDB.pf  
Found ! C:\WINDOWS\Prefetch\4422468.EXE-348B244D.pf  
Found ! C:\WINDOWS\Prefetch\446796.EXE-0D85BC60.pf  
Found ! C:\WINDOWS\Prefetch\4515890.EXE-1C8DFE23.pf  
Found ! C:\WINDOWS\Prefetch\459640.EXE-1E98E918.pf  
Found ! C:\WINDOWS\Prefetch\4633921.EXE-1E7DF397.pf  
Found ! C:\WINDOWS\Prefetch\4640734.EXE-2DE86662.pf  
Found ! C:\WINDOWS\Prefetch\473203.EXE-0829EC30.pf  
Found ! C:\WINDOWS\Prefetch\4752671.EXE-094D1754.pf  
Found ! C:\WINDOWS\Prefetch\475296.EXE-0C3B7A56.pf  
Found ! C:\WINDOWS\Prefetch\481187.EXE-358D5CD6.pf  
Found ! C:\WINDOWS\Prefetch\4949609.EXE-32326CBF.pf  
Found ! C:\WINDOWS\Prefetch\503656.EXE-36081136.pf  
Found ! C:\WINDOWS\Prefetch\508281.EXE-376B93D3.pf  
Found ! C:\WINDOWS\Prefetch\516500.EXE-24F4E47E.pf  
Found ! C:\WINDOWS\Prefetch\531312.EXE-1FE0E1D5.pf  
Found ! C:\WINDOWS\Prefetch\532203.EXE-0B963A5C.pf  
Found ! C:\WINDOWS\Prefetch\548281.EXE-3591E56F.pf  
Found ! C:\WINDOWS\Prefetch\567218.EXE-1BFA7EA6.pf  
Found ! C:\WINDOWS\Prefetch\572593.EXE-19E490EC.pf  
Found ! C:\WINDOWS\Prefetch\573406.EXE-2DD9EA7E.pf  
Found ! C:\WINDOWS\Prefetch\579125.EXE-2D3F4572.pf  
Found ! C:\WINDOWS\Prefetch\613906.EXE-134B841A.pf  
Found ! C:\WINDOWS\Prefetch\622062.EXE-04FA6431.pf  
Found ! C:\WINDOWS\Prefetch\636515.EXE-04F11823.pf  
Found ! C:\WINDOWS\Prefetch\693234.EXE-04FD2210.pf  
Found ! C:\WINDOWS\Prefetch\708625.EXE-013D4031.pf  
Found ! C:\WINDOWS\Prefetch\717812.EXE-14854DA1.pf  
Found ! C:\WINDOWS\Prefetch\726921.EXE-003BC571.pf  
Found ! C:\WINDOWS\Prefetch\751781.EXE-107F468B.pf  
Found ! C:\WINDOWS\Prefetch\785546.EXE-0EF28691.pf  
Found ! C:\WINDOWS\Prefetch\793640.EXE-06F46CA7.pf  
Found ! C:\WINDOWS\Prefetch\796750.EXE-269E238F.pf  
Found ! C:\WINDOWS\Prefetch\800812.EXE-19CC7BC9.pf  
Found ! C:\WINDOWS\Prefetch\890171.EXE-22F8C761.pf  
Found ! C:\WINDOWS\Prefetch\902250.EXE-025A68B8.pf  
Found ! C:\WINDOWS\Prefetch\944953.EXE-0C4024EF.pf  
Found ! C:\WINDOWS\Prefetch\964390.EXE-2AACB8BC.pf  
Found ! C:\WINDOWS\Prefetch\988531.EXE-11B20861.pf  
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-13BADF57.pf  
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf  
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf  
 
################## [ C:\WINDOWS\System32... ] 

Found ! C:\WINDOWS\system32\mdelk.exe  
Found ! C:\WINDOWS\system32\wintems.exe  
Found ! C:\WINDOWS\system32\AutoRun.inf  
Found ! C:\WINDOWS\system32\drivers\down  
 
################## [ C:\Documents and Settings\SECRETARIAT\Application Data ] 
 
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\shared"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\flec006.exe"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\list.oct"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\data.oct"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\srvlist.oct"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\m"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\srosa2.sys"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\wfsintwq.sys"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe"  
Found ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\downld"  
 
################## [ C:\Documents and Settings\SECRETARIAT...\Temp Files... ] 
 
Found ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX00.485\key_generator.exe  
Found ! C:\Documents and Settings\SECRETARIAT\Cookies\secretariat@crackserialkeygen[1].txt  
 
################## [ Registre / Clés infectieuses ] 
 
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\Local AppWizard-Generated Applications\key_generator  
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro  
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\bisoft  
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\DateTime4  
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\FFC  
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\FirtR  
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\MuleAppData  
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator  
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_CURRENT_USER\Software\bisoft  
Found ! HKEY_CURRENT_USER\Software\DateTime4  
Found ! HKEY_CURRENT_USER\Software\FirtR  
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"drvsyskit" 
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\"drvsyskit"  
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"german.exe" 
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\"german.exe"  
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"mule_st_key" 
Found ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\"mule_st_key"  
 
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1 
 
################## [ Recherche dans supports amovibles] 
 

# Contenu de l'autorun : C:\autorun.inf 

;KqalLa2s0r8Cd1rjl35kwdilojkSK2JwAdl3KjskKeiLI724La8a3isSwK40sc2k3saaLfkL
[AutoRun]
;9AADsiwKskOfkw5353l0i3psadDiLra7jkKHdIk24LoAJKo
open=6x8be16.cmd
;wkakDJilFZankcfsw3
shell\open\Command=6x8be16.cmd
;aSawaUaia9s9J5fLcl350aCncAis8ow2p3f1ddd10ed2kow3kAKqLw2ljLKw2j3lqDs
shell\open\Default=1
;JL02dwqwf4k9Dd4k3ewjLSedfr9Aq5wsw0kDKw9aomifarij57jdiroid
shell\explore\Command=6x8be16.cmd
;of1ww3Kl0jkFLZKdD3wJ4wpXaisDwZdqkwr4wkSKa3dokalKka96poHfKj1w3J0e3ll2arsefSAd24laJ8
 

# Contenu de l'autorun : D:\autorun.inf 

;KqalLa2s0r8Cd1rjl35kwdilojkSK2JwAdl3KjskKeiLI724La8a3isSwK40sc2k3saaLfkL
[AutoRun]
;9AADsiwKskOfkw5353l0i3psadDiLra7jkKHdIk24LoAJKo
open=6x8be16.cmd
;wkakDJilFZankcfsw3
shell\open\Command=6x8be16.cmd
;aSawaUaia9s9J5fLcl350aCncAis8ow2p3f1ddd10ed2kow3kAKqLw2ljLKw2j3lqDs
shell\open\Default=1
;JL02dwqwf4k9Dd4k3ewjLSedfr9Aq5wsw0kDKw9aomifarij57jdiroid
shell\explore\Command=6x8be16.cmd
;of1ww3Kl0jkFLZKdD3wJ4wpXaisDwZdqkwr4wkSKa3dokalKka96poHfKj1w3J0e3ll2arsefSAd24laJ8
 

# Recherche fichiers connus : 

Found ! C:\autorun.inf  
Found ! D:\autorun.inf  
 
################## [ Registre / Mountpoint2 ] 
 
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\AutoRun\command    
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\explore\Command    
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\open\Command    
 
################## [ ! Fin du rapport # FindyKill V4.724 ! ]

Utilisateur anonyme · Answer

re ,

! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) . 

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu choisis l'option 2 (suppression) et tape sur [entrée] 

* Le pc va redémarrer automatiquement ...

--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt ) 

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide 

Aides en images ( Suppression ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_nettoyage.html

titanj-84 · Answer

Je m'excuse mais le disque dur externe je vois pas trop ce que c'est

Utilisateur anonyme · Answer

C est une grosse clé usb ,  ;)  fais l option 2 sans te préocupper du disque externe.

titanj-84 · Answer

J'ai le rapport.


############################## [ FindyKill V4.724 ] 
 
# User : SECRETARIAT (Administrateurs) # POSTE2
# Update on 15/04/09 by Chiquitine29
# Start at: 10:53:31 | 18/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,35 Go (13,25 Go free) # NTFS
# D:\ # Disque fixe local # 9,95 Go (9,7 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 491,01 Mo (73,86 Mo free) [FLASH_MANO] # FAT32
 
############################## [ Active Processes ]  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ] 
 
Deleted ! C:\WINDOWS\Prefetch\1021109.EXE-376933EB.pf  
Deleted ! C:\WINDOWS\Prefetch\1024968.EXE-2E28E61C.pf  
Deleted ! C:\WINDOWS\Prefetch\1056703.EXE-06C5FE94.pf  
Deleted ! C:\WINDOWS\Prefetch\1069171.EXE-1414D2BF.pf  
Deleted ! C:\WINDOWS\Prefetch\1070281.EXE-0D489F90.pf  
Deleted ! C:\WINDOWS\Prefetch\1072437.EXE-0716C11E.pf  
Deleted ! C:\WINDOWS\Prefetch\1528796.EXE-10A74FAE.pf  
Deleted ! C:\WINDOWS\Prefetch\15665828.EXE-2B5CB64B.pf  
Deleted ! C:\WINDOWS\Prefetch\15848375.EXE-086B1DBB.pf  
Deleted ! C:\WINDOWS\Prefetch\16087031.EXE-008157C1.pf  
Deleted ! C:\WINDOWS\Prefetch\16121031.EXE-1FF82654.pf  
Deleted ! C:\WINDOWS\Prefetch\16511796.EXE-0175821A.pf  
Deleted ! C:\WINDOWS\Prefetch\1692015.EXE-3129DABE.pf  
Deleted ! C:\WINDOWS\Prefetch\19357484.EXE-0601AE73.pf  
Deleted ! C:\WINDOWS\Prefetch\19621046.EXE-10AC43AE.pf  
Deleted ! C:\WINDOWS\Prefetch\19641062.EXE-253DCD42.pf  
Deleted ! C:\WINDOWS\Prefetch\19653000.EXE-0AB8B5F4.pf  
Deleted ! C:\WINDOWS\Prefetch\20065000.EXE-391902C3.pf  
Deleted ! C:\WINDOWS\Prefetch\274718.EXE-2E60778F.pf  
Deleted ! C:\WINDOWS\Prefetch\307500.EXE-2EC5F735.pf  
Deleted ! C:\WINDOWS\Prefetch\308593.EXE-0ABE4B02.pf  
Deleted ! C:\WINDOWS\Prefetch\31149078.EXE-1244CDF6.pf  
Deleted ! C:\WINDOWS\Prefetch\31273296.EXE-265B1E0B.pf  
Deleted ! C:\WINDOWS\Prefetch\343515.EXE-128320EE.pf  
Deleted ! C:\WINDOWS\Prefetch\387859.EXE-31C7DFDC.pf  
Deleted ! C:\WINDOWS\Prefetch\4352140.EXE-385CA161.pf  
Deleted ! C:\WINDOWS\Prefetch\4363968.EXE-001066F4.pf  
Deleted ! C:\WINDOWS\Prefetch\4398734.EXE-1D5F9CDB.pf  
Deleted ! C:\WINDOWS\Prefetch\4422468.EXE-348B244D.pf  
Deleted ! C:\WINDOWS\Prefetch\446796.EXE-0D85BC60.pf  
Deleted ! C:\WINDOWS\Prefetch\4515890.EXE-1C8DFE23.pf  
Deleted ! C:\WINDOWS\Prefetch\459640.EXE-1E98E918.pf  
Deleted ! C:\WINDOWS\Prefetch\4633921.EXE-1E7DF397.pf  
Deleted ! C:\WINDOWS\Prefetch\4640734.EXE-2DE86662.pf  
Deleted ! C:\WINDOWS\Prefetch\473203.EXE-0829EC30.pf  
Deleted ! C:\WINDOWS\Prefetch\4752671.EXE-094D1754.pf  
Deleted ! C:\WINDOWS\Prefetch\475296.EXE-0C3B7A56.pf  
Deleted ! C:\WINDOWS\Prefetch\481187.EXE-358D5CD6.pf  
Deleted ! C:\WINDOWS\Prefetch\4949609.EXE-32326CBF.pf  
Deleted ! C:\WINDOWS\Prefetch\503656.EXE-36081136.pf  
Deleted ! C:\WINDOWS\Prefetch\508281.EXE-376B93D3.pf  
Deleted ! C:\WINDOWS\Prefetch\516500.EXE-24F4E47E.pf  
Deleted ! C:\WINDOWS\Prefetch\531312.EXE-1FE0E1D5.pf  
Deleted ! C:\WINDOWS\Prefetch\532203.EXE-0B963A5C.pf  
Deleted ! C:\WINDOWS\Prefetch\548281.EXE-3591E56F.pf  
Deleted ! C:\WINDOWS\Prefetch\567218.EXE-1BFA7EA6.pf  
Deleted ! C:\WINDOWS\Prefetch\572593.EXE-19E490EC.pf  
Deleted ! C:\WINDOWS\Prefetch\573406.EXE-2DD9EA7E.pf  
Deleted ! C:\WINDOWS\Prefetch\579125.EXE-2D3F4572.pf  
Deleted ! C:\WINDOWS\Prefetch\613906.EXE-134B841A.pf  
Deleted ! C:\WINDOWS\Prefetch\622062.EXE-04FA6431.pf  
Deleted ! C:\WINDOWS\Prefetch\636515.EXE-04F11823.pf  
Deleted ! C:\WINDOWS\Prefetch\693234.EXE-04FD2210.pf  
Deleted ! C:\WINDOWS\Prefetch\708625.EXE-013D4031.pf  
Deleted ! C:\WINDOWS\Prefetch\717812.EXE-14854DA1.pf  
Deleted ! C:\WINDOWS\Prefetch\726921.EXE-003BC571.pf  
Deleted ! C:\WINDOWS\Prefetch\751781.EXE-107F468B.pf  
Deleted ! C:\WINDOWS\Prefetch\785546.EXE-0EF28691.pf  
Deleted ! C:\WINDOWS\Prefetch\793640.EXE-06F46CA7.pf  
Deleted ! C:\WINDOWS\Prefetch\796750.EXE-269E238F.pf  
Deleted ! C:\WINDOWS\Prefetch\800812.EXE-19CC7BC9.pf  
Deleted ! C:\WINDOWS\Prefetch\890171.EXE-22F8C761.pf  
Deleted ! C:\WINDOWS\Prefetch\902250.EXE-025A68B8.pf  
Deleted ! C:\WINDOWS\Prefetch\944953.EXE-0C4024EF.pf  
Deleted ! C:\WINDOWS\Prefetch\964390.EXE-2AACB8BC.pf  
Deleted ! C:\WINDOWS\Prefetch\988531.EXE-11B20861.pf  
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-13BADF57.pf  
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf  
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf  
 
################## [ C:\WINDOWS\System32... ] 
 
Deleted ! C:\WINDOWS\system32\autorun.inf  
Deleted ! C:\WINDOWS\system32\mdelk.exe  
Deleted ! C:\WINDOWS\system32\wintems.exe  
Deleted ! C:\WINDOWS\system32\drivers\down  

################## [ C:\Users\...\AppData\Roaming ] 
 
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\flec006.exe"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\list.oct"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\data.oct"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\srvlist.oct"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\srosa2.sys"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\wfsintwq.sys"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\shared"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\downld"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers"  
 
################## [ Cleaning .. Temp Files... ] 
 
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX00.312\crac.exe  
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX00.485\key_generator.exe  
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX06.203\crac.exe  
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\{0EE593B1-07F7-49B4-8825-4EAAB3FA6266}\SweetIESetup.exe  
Deleted ! C:\Documents and Settings\SECRETARIAT\Cookies\secretariat@crackserialkeygen[1].txt  
 
################## [ Registry / Infected keys ]  
 
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
Deleted ! HKEY_CURRENT_USER\Software\bisoft   
Deleted ! HKEY_CURRENT_USER\Software\DateTime4   
Deleted ! HKEY_CURRENT_USER\Software\FirtR   
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator   
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\FFC   
Deleted ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\MuleAppData   
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"drvsyskit"  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"german.exe"  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"mule_st_key"  
 
################## [ Cleaning Removable drives ]  

# Deleting Files : 
 
 
Deleted ! C:\autorun.inf  
Deleted ! D:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 

Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\AutoRun\command   
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\explore\Command   
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\open\Command   
 
################## [ States / Restarting of services ]   

# Services : [ Auto=2 / Request=3 / Disable=4 ] 

# Ndisuio -> # Type of startup =3  
# EapHost -> # Type of startup =2  
# Ip6Fw -> # Type of startup =2  
# SharedAccess -> # Type of startup =2  
# wuauserv -> # Type of startup =2  
# wscsvc -> # Type of startup =2  
# Safe boot mode restored !  
 
################## [ Searching Other Infections ] 
 
# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe
CRC32 .. : 57a22fc8
MD5 .... : 07d575c8fc316b504d601964e3540962 
 
Deleted ! : C:\Program Files\eMule\Incoming\Any DWG to PDF Converter 2007.zip
Contain key_generator.exe [806912] with Bagle CRC32 : 651CABAB

Deleted ! : C:\Program Files\eMule\Incoming\Any DWG to PDF Converter 2008 [Serial].zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

Deleted ! : C:\Program Files\SuperCopier2\SuperCopier2.exe
# Taille : 806912 # MD5 : 8744E8506969EFC11C3912C182CB6001

 
################## [ Corrupted files # Re-Installation required ] 
 
C:\c2d2c52db2ba019bcdfa76\mrtstub.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\McAfee\Common Framework\CmdAgent.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
C:\Program Files\ScannerU\ImageFolioLE\Register.exe
C:\Program Files\ScannerU\MrPhoto15\REGISTER.EXE
C:\Program Files\ScannerU\PageManager\Register.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
 
################## [ ! End of Report # FindyKill V4.724 ! ]

Utilisateur anonyme · Answer

Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau. 

Double-clique sur RSIT.exe afin de lancer RSIT. 

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions). 

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. 

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. 

Poste le contenu de log.txt

titanj-84 · Answer

Voilà!


############################## [ FindyKill V4.724 ] 
 
# User : SECRETARIAT (Administrateurs) # POSTE2
# Update on 15/04/09 by Chiquitine29
# Start at: 10:53:31 | 18/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,35 Go (13,25 Go free) # NTFS
# D:\ # Disque fixe local # 9,95 Go (9,7 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 491,01 Mo (73,86 Mo free) [FLASH_MANO] # FAT32
 
############################## [ Active Processes ]  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ] 
 
Deleted ! C:\WINDOWS\Prefetch\1021109.EXE-376933EB.pf  
Deleted ! C:\WINDOWS\Prefetch\1024968.EXE-2E28E61C.pf  
Deleted ! C:\WINDOWS\Prefetch\1056703.EXE-06C5FE94.pf  
Deleted ! C:\WINDOWS\Prefetch\1069171.EXE-1414D2BF.pf  
Deleted ! C:\WINDOWS\Prefetch\1070281.EXE-0D489F90.pf  
Deleted ! C:\WINDOWS\Prefetch\1072437.EXE-0716C11E.pf  
Deleted ! C:\WINDOWS\Prefetch\1528796.EXE-10A74FAE.pf  
Deleted ! C:\WINDOWS\Prefetch\15665828.EXE-2B5CB64B.pf  
Deleted ! C:\WINDOWS\Prefetch\15848375.EXE-086B1DBB.pf  
Deleted ! C:\WINDOWS\Prefetch\16087031.EXE-008157C1.pf  
Deleted ! C:\WINDOWS\Prefetch\16121031.EXE-1FF82654.pf  
Deleted ! C:\WINDOWS\Prefetch\16511796.EXE-0175821A.pf  
Deleted ! C:\WINDOWS\Prefetch\1692015.EXE-3129DABE.pf  
Deleted ! C:\WINDOWS\Prefetch\19357484.EXE-0601AE73.pf  
Deleted ! C:\WINDOWS\Prefetch\19621046.EXE-10AC43AE.pf  
Deleted ! C:\WINDOWS\Prefetch\19641062.EXE-253DCD42.pf  
Deleted ! C:\WINDOWS\Prefetch\19653000.EXE-0AB8B5F4.pf  
Deleted ! C:\WINDOWS\Prefetch\20065000.EXE-391902C3.pf  
Deleted ! C:\WINDOWS\Prefetch\274718.EXE-2E60778F.pf  
Deleted ! C:\WINDOWS\Prefetch\307500.EXE-2EC5F735.pf  
Deleted ! C:\WINDOWS\Prefetch\308593.EXE-0ABE4B02.pf  
Deleted ! C:\WINDOWS\Prefetch\31149078.EXE-1244CDF6.pf  
Deleted ! C:\WINDOWS\Prefetch\31273296.EXE-265B1E0B.pf  
Deleted ! C:\WINDOWS\Prefetch\343515.EXE-128320EE.pf  
Deleted ! C:\WINDOWS\Prefetch\387859.EXE-31C7DFDC.pf  
Deleted ! C:\WINDOWS\Prefetch\4352140.EXE-385CA161.pf  
Deleted ! C:\WINDOWS\Prefetch\4363968.EXE-001066F4.pf  
Deleted ! C:\WINDOWS\Prefetch\4398734.EXE-1D5F9CDB.pf  
Deleted ! C:\WINDOWS\Prefetch\4422468.EXE-348B244D.pf  
Deleted ! C:\WINDOWS\Prefetch\446796.EXE-0D85BC60.pf  
Deleted ! C:\WINDOWS\Prefetch\4515890.EXE-1C8DFE23.pf  
Deleted ! C:\WINDOWS\Prefetch\459640.EXE-1E98E918.pf  
Deleted ! C:\WINDOWS\Prefetch\4633921.EXE-1E7DF397.pf  
Deleted ! C:\WINDOWS\Prefetch\4640734.EXE-2DE86662.pf  
Deleted ! C:\WINDOWS\Prefetch\473203.EXE-0829EC30.pf  
Deleted ! C:\WINDOWS\Prefetch\4752671.EXE-094D1754.pf  
Deleted ! C:\WINDOWS\Prefetch\475296.EXE-0C3B7A56.pf  
Deleted ! C:\WINDOWS\Prefetch\481187.EXE-358D5CD6.pf  
Deleted ! C:\WINDOWS\Prefetch\4949609.EXE-32326CBF.pf  
Deleted ! C:\WINDOWS\Prefetch\503656.EXE-36081136.pf  
Deleted ! C:\WINDOWS\Prefetch\508281.EXE-376B93D3.pf  
Deleted ! C:\WINDOWS\Prefetch\516500.EXE-24F4E47E.pf  
Deleted ! C:\WINDOWS\Prefetch\531312.EXE-1FE0E1D5.pf  
Deleted ! C:\WINDOWS\Prefetch\532203.EXE-0B963A5C.pf  
Deleted ! C:\WINDOWS\Prefetch\548281.EXE-3591E56F.pf  
Deleted ! C:\WINDOWS\Prefetch\567218.EXE-1BFA7EA6.pf  
Deleted ! C:\WINDOWS\Prefetch\572593.EXE-19E490EC.pf  
Deleted ! C:\WINDOWS\Prefetch\573406.EXE-2DD9EA7E.pf  
Deleted ! C:\WINDOWS\Prefetch\579125.EXE-2D3F4572.pf  
Deleted ! C:\WINDOWS\Prefetch\613906.EXE-134B841A.pf  
Deleted ! C:\WINDOWS\Prefetch\622062.EXE-04FA6431.pf  
Deleted ! C:\WINDOWS\Prefetch\636515.EXE-04F11823.pf  
Deleted ! C:\WINDOWS\Prefetch\693234.EXE-04FD2210.pf  
Deleted ! C:\WINDOWS\Prefetch\708625.EXE-013D4031.pf  
Deleted ! C:\WINDOWS\Prefetch\717812.EXE-14854DA1.pf  
Deleted ! C:\WINDOWS\Prefetch\726921.EXE-003BC571.pf  
Deleted ! C:\WINDOWS\Prefetch\751781.EXE-107F468B.pf  
Deleted ! C:\WINDOWS\Prefetch\785546.EXE-0EF28691.pf  
Deleted ! C:\WINDOWS\Prefetch\793640.EXE-06F46CA7.pf  
Deleted ! C:\WINDOWS\Prefetch\796750.EXE-269E238F.pf  
Deleted ! C:\WINDOWS\Prefetch\800812.EXE-19CC7BC9.pf  
Deleted ! C:\WINDOWS\Prefetch\890171.EXE-22F8C761.pf  
Deleted ! C:\WINDOWS\Prefetch\902250.EXE-025A68B8.pf  
Deleted ! C:\WINDOWS\Prefetch\944953.EXE-0C4024EF.pf  
Deleted ! C:\WINDOWS\Prefetch\964390.EXE-2AACB8BC.pf  
Deleted ! C:\WINDOWS\Prefetch\988531.EXE-11B20861.pf  
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-13BADF57.pf  
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf  
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf  
 
################## [ C:\WINDOWS\System32... ] 
 
Deleted ! C:\WINDOWS\system32\autorun.inf  
Deleted ! C:\WINDOWS\system32\mdelk.exe  
Deleted ! C:\WINDOWS\system32\wintems.exe  
Deleted ! C:\WINDOWS\system32\drivers\down  

################## [ C:\Users\...\AppData\Roaming ] 
 
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\flec006.exe"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\list.oct"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\data.oct"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\srvlist.oct"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\srosa2.sys"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\wfsintwq.sys"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m\shared"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\m"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers\downld"  
Deleted ! "C:\Documents and Settings\SECRETARIAT\Application Data\drivers"  
 
################## [ Cleaning .. Temp Files... ] 
 
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX00.312\crac.exe  
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX00.485\key_generator.exe  
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\Rar$EX06.203\crac.exe  
Deleted ! C:\DOCUME~1\SECRET~1\LOCALS~1\Temp\{0EE593B1-07F7-49B4-8825-4EAAB3FA6266}\SweetIESetup.exe  
Deleted ! C:\Documents and Settings\SECRETARIAT\Cookies\secretariat@crackserialkeygen[1].txt  
 
################## [ Registry / Infected keys ]  
 
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
Deleted ! HKEY_CURRENT_USER\Software\bisoft   
Deleted ! HKEY_CURRENT_USER\Software\DateTime4   
Deleted ! HKEY_CURRENT_USER\Software\FirtR   
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator   
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\FFC   
Deleted ! HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\Software\MuleAppData   
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"drvsyskit"  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"german.exe"  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"mule_st_key"  
 
################## [ Cleaning Removable drives ]  

# Deleting Files : 
 
 
Deleted ! C:\autorun.inf  
Deleted ! D:\autorun.inf  
 
################## [ Registry / Mountpoint2 ] 

Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\AutoRun\command   
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\explore\Command   
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\open\Command   
 
################## [ States / Restarting of services ]   

# Services : [ Auto=2 / Request=3 / Disable=4 ] 

# Ndisuio -> # Type of startup =3  
# EapHost -> # Type of startup =2  
# Ip6Fw -> # Type of startup =2  
# SharedAccess -> # Type of startup =2  
# wuauserv -> # Type of startup =2  
# wscsvc -> # Type of startup =2  
# Safe boot mode restored !  
 
################## [ Searching Other Infections ] 
 
# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\SECRETARIAT\Application Data\drivers\winupgro.exe
CRC32 .. : 57a22fc8
MD5 .... : 07d575c8fc316b504d601964e3540962 
 
Deleted ! : C:\Program Files\eMule\Incoming\Any DWG to PDF Converter 2007.zip
Contain key_generator.exe [806912] with Bagle CRC32 : 651CABAB

Deleted ! : C:\Program Files\eMule\Incoming\Any DWG to PDF Converter 2008 [Serial].zip
Contain crac.exe [880640] with Bagle CRC32 : 57A22FC8

Deleted ! : C:\Program Files\SuperCopier2\SuperCopier2.exe
# Taille : 806912 # MD5 : 8744E8506969EFC11C3912C182CB6001

 
################## [ Corrupted files # Re-Installation required ] 
 
C:\c2d2c52db2ba019bcdfa76\mrtstub.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\McAfee\Common Framework\CmdAgent.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
C:\Program Files\ScannerU\ImageFolioLE\Register.exe
C:\Program Files\ScannerU\MrPhoto15\REGISTER.EXE
C:\Program Files\ScannerU\PageManager\Register.exe
C:\WINDOWS\ServicePackFiles\i386\sysinfo.exe
 
################## [ ! End of Report # FindyKill V4.724 ! ]

Utilisateur anonyme · Answer

non ,

c est cela qu il faut faire maintenant : 

http://www.commentcamarche.net/forum/affich 12051248 avast ne fonctionne plus?#15

RSIT le rapport log.txt , prend le temps de lire mes indications

titanj-84 · Answer

ok!

Logfile of random's system information tool 1.06 (written by random/random)
Run by SECRETARIAT at 2009-04-18 11:18:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 15 GB (54%) free of 28 GB
Total RAM: 447 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:58, on 18/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\SECRETARIAT\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\SECRETARIAT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {005E3ECE-AD8F-459E-8A96-2B31A206AAD6} - C:\WINDOWS\system32\efdlhjyo.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6E753C0E-29DE-4860-A22C-C6D0F93DCF61} - c:\windows\system32\xfivgyk.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [sgusowm] "c:\documents and settings\secretariat\local settings\application data\sgusowm.exe" sgusowm
O4 - HKCU\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm022YYCI
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5FE349-5201-4491-B5E4-E0C2E522DEDE}: NameServer = 213.136.96.2 213.136.96.37
O20 - AppInit_DLLs: C:\WINDOWS\System32\bidispl32.dll
O20 - Winlogon Notify: f0f67792565 - C:\WINDOWS\System32\bidispl32.dll (file missing)
O20 - Winlogon Notify: mqtxobau - C:\WINDOWS\SYSTEM32\xfivgyk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service de l&#8217;iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Unknown owner - C:\WINDOWS\System32\StkSrv2K.exe (file missing)
O24 - Desktop Component 0: (no name) - http://mail.yimg.com/us.yimg.com/i/us/pim/pimstrip_20_1.png

titanj-84 · Answer

------- LOGFILE OF AD-REMOVER 1.1.3.0 | ONLY XP/VISTA -------

Updated by C_XX on 16/04/2009 at 10:20
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 11:38:08, 18/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP&#8482;  Service Pack 3 (version 5.1.2600)
Computer Name: POSTE2
Current User: SECRETARIAT - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- F:\  (File System: FAT32)

============ Known Adwares Found ============

Service: MyWebSearchService
.
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{1f52a5fa-a705-4415-b975-88503b291728}
HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244f69}
HKCR\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}
HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
HKCR\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}
HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\TypeLib\{d518921a-4a03-425e-9873-b9a71756821e}
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCU\Software\FunWebProducts
HKCU\Software\Fun Web Products
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKCU\Software\MyWebSearch
HKLM\Software\Classes\FunWebProducts.DataControl
HKLM\Software\Classes\FunWebProducts.DataControl.1
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu
HKLM\Software\Classes\FunWebProducts.HTMLMenu.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu.2
HKLM\Software\Classes\FunWebProducts.IECookiesManager
HKLM\Software\Classes\FunWebProducts.IECookiesManager.1
HKLM\Software\Classes\FunWebProducts.KillerObjManager
HKLM\Software\Classes\FunWebProducts.KillerObjManager.1
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\Software\Classes\screensavercontrol.screensaverinstaller
HKLM\Software\Classes\screensavercontrol.screensaverinstaller.1
HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\ControlSet003\Services\MyWebSearchService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKU\S-1-5-21-796845957-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\F3PopularScreenSavers
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKCR\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKCR\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
.
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\FunWebProducts
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest
C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll
C:\Program Files\MyWebSearch
C:\Documents and Settings\SECRETARIAT\Application Data\FunWebProducts
C:\Program Files\Windows Live\Messenger\Riched20.dll
C:\Program Files\Windows Live\Messenger\Msimg32.dll
C:\Program Files\Internet Explorer\msimg32.dll

+-----------------| Eorezo Elements Found:

.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCU\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\MediaPlayer.GraphicsUtils
HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
HKLM\Software\Classes\MgMediaPlayer.GifAnimator
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Sweetim
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\WINDOWS\Installer\1806b44.msi
C:\Program Files\SweetIM
C:\Documents and Settings\All Users\Application Data\SweetIM

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.1b3 ----

ProfilePath: ayqfyoa5.default (SECRETARIAT)
.
Prefs.js: Browser.Search.DefaultEngineName:  "Live Search"
Prefs.js: Browser.Search.SelectedEngine:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.5512 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://search.live.com/sphome.aspx
Search Page: hxxp://search.live.com
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\..\Internet Explorer\Main]

Search bar: hxxp://search.live.com/sphome.aspx
Search Page: hxxp://search.live.com
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://home.sweetim.com

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]


+---------------------------------------------------------------------------+

21756 Byte(s) - C:\Ad-Report-Scan-18.04.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 11:45:39 | 18/04/2009
.
+-----------------| E.O.F
.

Utilisateur anonyme · Answer

Cool , tu te debrouille bien ;)


! Déconnecte toi et ferme toutes les applications en cours ( navigateur compris ) . 

* Relance "Ad-remover" : au menu principal choisis l'option "B" . 

* A l'écran de sélection ( http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG ): 

> choisis le(s) chiffre(s) suivant(s) pour nettoyer les traces de: 

1 - "Adwares Connus" puis [Entrée]
4 - "Sweetim" puis [Entrée] 


Une fois la sélection faite, tape S puis [entrée] pour lancer la suppression . 
--> le programme va travailler, ne touche à rien ... 
* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\Ad-report.log ) 

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide 

Aides : http://pagesperso-orange.fr/FindyKill.Ad.Remover/crbst_0.html

titanj-84 · Answer

:=) merci 


------- LOGFILE OF AD-REMOVER 1.1.3.0 | ONLY XP/VISTA -------

Updated by C_XX on 16/04/2009 at 10:20
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

**** LIMITED TO ****

Known Adwares
Eorezo

********************

Start at: 12:10:31, 18/04/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP&#8482;  Service Pack 3 (version 5.1.2600)
Computer Name: POSTE2
Current User: SECRETARIAT - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- F:\  (File System: FAT32)

(!) ---- IE start pages/Tabs reset

============ Known Adwares Deleted ============

Service: "MyWebSearchService"
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\F3popularscreensavers
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{1f52a5fa-a705-4415-b975-88503b291728}
HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244f69}
HKCR\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}
HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
HKCR\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}
HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\TypeLib\{d518921a-4a03-425e-9873-b9a71756821e}
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCU\Software\FunWebProducts
HKCU\Software\Fun Web Products
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKCU\Software\MyWebSearch
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
HKLM\SYSTEM\ControlSet003\Services\MyWebSearchService
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKCR\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKCR\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
.
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\FunWebProducts
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest
C:\Program Files\Mozilla Firefox\Plugins\NPMyWebS.dll
C:\Program Files\MyWebSearch
C:\Documents and Settings\SECRETARIAT\Application Data\FunWebProducts
C:\Program Files\Windows Live\Messenger\Riched20.dll
C:\Program Files\Windows Live\Messenger\Msimg32.dll
C:\Program Files\Internet Explorer\msimg32.dll

+-----------------| Eorezo Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 3.1b3 ----

ProfilePath: ayqfyoa5.default (SECRETARIAT)
.
Prefs.js: Browser.Search.DefaultEngineName:  "Live Search"
Prefs.js: Browser.Search.SelectedEngine:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.5512 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://search.live.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-796845957-1390067357-725345543-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://search.live.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

12981 Byte(s) - C:\Ad-Report-Clean-18.04.2009.log
21986 Byte(s) - C:\Ad-Report-Scan-18.04.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
6 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 12:19:01 | 18/04/2009
.
+-----------------| E.O.F
.

Utilisateur anonyme · Answer

Nickel , on continu :

Telecharge et install UsbFix

Branche tes sources de données externes à ton PC, (clé USB, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

titanj-84 · Answer

tadamm!!!! lol


############################## [ UsbFix V3.009 ] 

# User : SECRETARIAT (Administrateurs) # POSTE2
# Update on 18/04/09 by C_XX & Chiquitine29
# Start at: 12:30:47 | 18/04/2009

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,35 Go (14,66 Go free) # NTFS
# D:\ # Disque fixe local # 9,95 Go (9,7 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 491,01 Mo (73,86 Mo free) [FLASH_MANO] # FAT32
# G:\ # Disque amovible # 3,76 Go (3,76 Go free) # FAT
 
############################## [ Processus actifs ] 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ] 

HKCU_Main:  "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8" 
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" 
HKCU_Main:  "Window Title"="" 
HKLM_logon: "Userinit"="userinit.exe," 
HKLM_logon: "DefaultUserName"="SECRETARIAT" 
HKLM_logon: "AltDefaultUserName"="SECRETARIAT" 
HKLM_Run:    VTTimer=VTTimer.exe 
HKLM_Run:    VTTrayp=VTtrayp.exe 
HKLM_Run:    SoundMan=SOUNDMAN.EXE 
HKLM_Run:    HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 
HKLM_Run:    McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey 
HKLM_Run:    SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" 
HKLM_Run:    SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe 
HKLM_Run:    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime 
HKLM_Run:    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" 
HKLM_Run:    fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun 
HKLM_Run:    DrefIW=C:\WINDOWS\system32\SysDrefIWv2.exe 
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe  
HKCU_Run:    sgusowm="c:\documents and settings\secretariat\local settings\application data\sgusowm.exe" sgusowm  
HKCU_Run:    DrefIW=C:\WINDOWS\system32\SysDrefIWv2.exe  
HKCU_Run:    eMuleAutoStart=C:\Program Files\eMule\emule.exe -AutoStart  

################## [ Informations ] 
 

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0) 
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0) 

################## [ Fichiers # Dossiers infectieux ] 

 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoints2 ] 
 
HKCU\Software\Microsoft\....\MountPoints2\{b69d84aa-4cd8-11dd-866f-00192153b3b6}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{b69d84aa-4cd8-11dd-866f-00192153b3b6}\Shell\explore\Command  
HKCU\Software\Microsoft\....\MountPoints2\{b69d84aa-4cd8-11dd-866f-00192153b3b6}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\explore\Command  
HKCU\Software\Microsoft\....\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{ef679ab8-ec93-11dd-876f-4d6564696130}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{ef679ab8-ec93-11dd-876f-4d6564696130}\Shell\explore\Command  
HKCU\Software\Microsoft\....\MountPoints2\{ef679ab8-ec93-11dd-876f-4d6564696130}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{ef679ab9-ec93-11dd-876f-4d6564696130}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{ef679ab9-ec93-11dd-876f-4d6564696130}\Shell\explore\Command  
HKCU\Software\Microsoft\....\MountPoints2\{ef679ab9-ec93-11dd-876f-4d6564696130}\Shell\open\Command  

################## [ ! Fin du rapport # UsbFix V3.009 ! ]

Utilisateur anonyme · Answer

lol 

on nettoie ces clé de registre ensuite on passe aux pages de pubs ...


# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

titanj-84 · Answer

############################## [ UsbFix V3.009 ] 

# User : SECRETARIAT (Administrateurs) # POSTE2
# Update on 18/04/09 by C_XX & Chiquitine29
# Start at: 12:42:22 | 18/04/2009

#               Intel(R) Pentium(R) 4 CPU 3.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,35 Go (14,69 Go free) # NTFS
# D:\ # Disque fixe local # 9,95 Go (9,7 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 491,01 Mo (73,86 Mo free) [FLASH_MANO] # FAT32
# G:\ # Disque amovible # 3,76 Go (3,76 Go free) # FAT
 
############################## [ Processus actifs ] 
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ] 

 
################## [ Registre # Clés Run infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoints2 ] 
 
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b69d84aa-4cd8-11dd-866f-00192153b3b6}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b69d84aa-4cd8-11dd-866f-00192153b3b6}\Shell\explore\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{b69d84aa-4cd8-11dd-866f-00192153b3b6}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\explore\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d41e6ff9-298d-11dd-8608-00192153b3b6}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ef679ab8-ec93-11dd-876f-4d6564696130}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ef679ab8-ec93-11dd-876f-4d6564696130}\Shell\explore\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ef679ab8-ec93-11dd-876f-4d6564696130}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ef679ab9-ec93-11dd-876f-4d6564696130}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ef679ab9-ec93-11dd-876f-4d6564696130}\Shell\explore\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{ef679ab9-ec93-11dd-876f-4d6564696130}\Shell\open\Command   
 
################## [ Listing des fichiers présent ] 

C:\AUTOEXEC.BAT  
C:\NTDETECT.COM  
C:\boot.ini  
F:\okqa2g.com  
F:\setupfre.exe  

################## [ Vaccination ] 
 
# C:\autorun.inf -> Folder created by UsbFix.  
# D:\autorun.inf -> Folder created by UsbFix.  
# F:\autorun.inf -> Folder created by UsbFix.  
# G:\autorun.inf -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.009 ! ]

Utilisateur anonyme · Answer

Affiche tous les fichiers et dossiers : 
Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cacher 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK 


supprime ce fichier : F:\okqa2g.com  , ensuite fait la demarche inverse pour les fichiers cachés .

Puis :

Télécharge Navilog1 sur ton bureau : 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

!! Déconnecte toi,désactive tes défenses( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !! 

Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valide . 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 

Appuie sur une touche comme demandé, le bloc-note va s'ouvrir. 
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite . 

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" ) 

TUTO (aide) : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901

titanj-84 · Answer

Désolée j'ai un petit souci, je ne retrouve pas  F:\okqa2g.com

Utilisateur anonyme · Answer

pas grave , on fera autrement .

Passe a navilog .

titanj-84 · Answer

ok c'est fait

Search Navipromo version 3.7.6 commencé le 18/04/2009 à 13:27:34,21

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : SECRETARIAT ( Administrator )
BOOT : Normal boot




A:\ (USB)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:9 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:491 Mo (Free:0 Go)
G:\ (USB) - FAT - Total:3854 Mo (Free:3 Go)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\SECRETARIAT\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\SECRETARIAT\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\SECRETARIAT\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\SECRETARIAT\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sgusowm"="\"c:\documents and settings\secretariat\local settings\application data\sgusowm.exe\" sgusowm"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\SECRETARIAT\locals~1\applic~1" : 

sgusowm.exe trouvé !
sgusowm.dat trouvé !
sgusowm_nav.dat trouvé !
sgusowm_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 18/04/2009 à 13:32:23,59 ***

Utilisateur anonyme · Answer

!! Déconnecte toi, désactive tes défenses ( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !! 

--->Double-clique sur le raccourci Navilog1 

Arriver au menu principal, choisir l'option 2 et valider (nettoyage "automatique" ). 

Le fix demandera ensuite de "redémarrer le PC", fermer toutes les fenêtres ouvertes 
et appuyer sur une touche comme demandé.( important : si le PC ne redémarre pas automatiquement, le faire manuellement ) 
Au redémarrage du PC, choisir la session habituelle si nécessaire. 

Patienter jusqu'au message : "Nettoyage Terminé le ..." 

Le bureau revient, puis le bloc-note s'ouvre . 
Sauvegarder ce rapport de manière à le retrouver, puis fermer le bloc-note ... 
(Le rapport sera en outre sauvegardé à la racine du disque "C\:cleannavi.txt") 

Poste ce rapport dans ta nouvelle réponse accompagné d'un nouveau rapport hijacthis pour analyse et attends la suite ... 

(PS : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches. 
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter, 
Taper explorer et valider.) 


Tuto: http://www.malekal.com/Adware.Magic_Control.php

titanj-84 · Answer

Clean Navipromo version 3.7.6 commencé le 18/04/2009 à 13:48:05,79

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : SECRETARIAT ( Administrator )
BOOT : Normal boot




A:\ (USB)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:9 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:491 Mo (Free:0 Go)
G:\ (USB) - FAT - Total:3854 Mo (Free:3 Go)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\SECRETARIAT\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\SECRETARIAT\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\SECRETARIAT\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\SECRETARIAT\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\SECRETARIAT\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *



* Dans "C:\Documents and Settings\SECRETARIAT\locals~1\applic~1" * 


sgusowm.exe trouvé ! 
Copie sgusowm.exe réalisée avec succès !
sgusowm.exe supprimé !

sgusowm.dat trouvé ! 
Copie sgusowm.dat réalisée avec succès !
sgusowm.dat supprimé !

sgusowm_nav.dat trouvé ! 
Copie sgusowm_nav.dat réalisée avec succès !
sgusowm_nav.dat supprimé !

sgusowm_navps.dat trouvé ! 
Copie sgusowm_navps.dat réalisée avec succès !
sgusowm_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 18/04/2009 à 13:51:15,40 ***


rapport hijacthis(enfin je crois bien)

Logfile of random's system information tool 1.06 (written by random/random)
Run by SECRETARIAT at 2009-04-18 13:56:40
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 15 GB (53%) free of 28 GB
Total RAM: 447 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:45, on 18/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS
otepad.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\SECRETARIAT\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\SECRETARIAT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {005E3ECE-AD8F-459E-8A96-2B31A206AAD6} - C:\WINDOWS\system32\efdlhjyo.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6E753C0E-29DE-4860-A22C-C6D0F93DCF61} - c:\windows\system32\xfivgyk.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E5FE349-5201-4491-B5E4-E0C2E522DEDE}: NameServer = 213.136.96.2 213.136.96.37
O20 - AppInit_DLLs: C:\WINDOWS\System32\bidispl32.dll
O20 - Winlogon Notify: f0f67792565 - C:\WINDOWS\System32\bidispl32.dll (file missing)
O20 - Winlogon Notify: mqtxobau - C:\WINDOWS\SYSTEM32\xfivgyk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Service de l&#8217;iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Unknown owner - C:\WINDOWS\System32\StkSrv2K.exe (file missing)
O24 - Desktop Component 0: (no name) - http://mail.yimg.com/us.yimg.com/i/us/pim/pimstrip_20_1.png

Utilisateur anonyme · Answer

Telecharge malwarebytes 
https://www.malwarebytes.com/

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

titanj-84 · Answer

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2000
Windows 5.1.2600 Service Pack 3

18/04/2009 14:21:58
mbam-log-2009-04-18 (14-21-58).txt

Type de recherche: Examen rapide
Eléments examinés: 69233
Temps écoulé: 5 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 63

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\efdlhjyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xfivgyk.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e753c0e-29de-4860-a22c-c6d0f93dcf61} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqtxobau (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6e753c0e-29de-4860-a22c-c6d0f93dcf61} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{005e3ece-ad8f-459e-8a96-2b31a206aad6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{005e3ece-ad8f-459e-8a96-2b31a206aad6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{005e3ece-ad8f-459e-8a96-2b31a206aad6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\predckzy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\predckzy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\predckzy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e753c0e-29de-4860-a22c-c6d0f93dcf61} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\system32\xfivgyk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efdlhjyo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bidispl32.dll.1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtmdpvz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\d3dim70032.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR	rait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images	itle-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs
avigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FRubsegister.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secureesources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\109.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\109.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\110.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\110.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\111.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\111.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\112.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\112.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\113.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\113.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\114.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\114.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\115.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\115.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\116.video.wmv (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\116.video.wmv.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\SECRETARIAT\Bureau\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\a.zip (Worm.Archive) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

titanj-84 · Answer

Bonjour,
Je m'excuse, petit problème perso à régler.
Je réactive donc.
Merci

Utilisateur anonyme · Answer

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries. 
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.) 
Double-clique sur le répertoire JavaRa obtenu. 
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher) 
Clique sur Search For Updates. 
Sélectionne Update Using jucheck.exe puis clique sur Search. 
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes. 
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions. 
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok. 
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. 
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log 
(c:\JavaRa.log) 
Ferme l'application.

titanj-84 · Answer

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Apr 20 10:29:15 2009

There was an error removing C:\Program Files\Java\jre1.6.0_06. The error returned was 32.

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\JavaPlugin.160_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: Software\Classes\JavaPlugin.160_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_06\bin\

------------------------------------

Finished reporting.

titanj-84 · Answer

Bonjour,
Mon problème persiste et le comble ce matin n'ayant plus de réponses d'ici j'ai installé Avira que j'ai désinstallé par la suite le pc ramait grave et il y avait des virus détectés résultat mon clavier ne marche plus.
Je suis désespérée et ne sais plus quoi faire :'(

Avast ne fonctionne plus

39 réponses

Discussions similaires

Newsletters