Votre question

Antivirus impossible à mettre à jour + antispywarexp2009

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Octobre 2008 01:32:10

Bonjour,
Je capote un peu...
Voici les symptômes: croix rouge dans la barre d'outils, programme installé tout seul : antispywarexp2009. En plus, je ne peux plus ouvrir ni Internet explorer, ni Firefox et quelques autres programmes!!! J'utilise AVG, adaware et je viens d'instaler spyware doctor et aucun de ces programmes ne peux se mettre à jour!!!

En plus de tout cela, depuis hier, windows ne démarre plus, sauf en mode sans échec!!!

S'il-vous-plait, pouvez-vous m'aider?
Yves

Autres pages sur : antivirus impossible mettre jour antispywarexp2009

31 Octobre 2008 02:13:32

Je viens de télécharger hijackthis et je ne pouvais pas l'exécuter avant que je change le nom avec un trait d'union (hijack-this.exe)...
Je penssais que ce serait utile de la voir :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:48, on 2008-10-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\Explorer.EXE
C:\Program Files\Trend Micro\Hijack-This\Hijack-This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AntiSpywareXP 2009] "C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe" /hide
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = G:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows.1\system32\nwprovau.dll
O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
O15 - Trusted Zone: http://www.spasrelaissante.com
O15 - Trusted Zone: http://www.theatreduvieuxterrebonne.com
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/sirf/script/14_05...
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
O20 - AppInit_DLLs: karna.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 6973 bytes


Merci d'avance,
Yves
31 Octobre 2008 15:28:29

Bonjour !

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    Contenus similaires
    1 Novembre 2008 02:37:48

    J'ai téléchargé Combofix (sur un portable) une fois transféré sur mon ordi (qui fonctionne seulement en mode sans échec) j'ai changé son nom à Combo-fix (sinon rien ne se passe lorsque je double-clic dessus).

    Malheuresement, le message suivant apparait:

    The application or DLL c:\windows.1\system32\ws2_32.dll is not a valid windows image. Please check this against your installation diskette.

    Le même message s'afiche lorsque j'essais d'exécuter:

    c:\i386\winnt32.exe /cmdcons

    dans le but d'instaler la console de récupération windows.

    Que dois-je faire pour régler ce problème?

    MERCI pour l'aide que vous me donner, c'est très aprécié.
    Yves
    1 Novembre 2008 12:21:41

    Bonjour,

    Tu as le CD de Windows ? Un fichier système apparemment endommagé.
    [Je ne sais pas si le problème peut être dû au SP3.]

    Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.

    1 Novembre 2008 19:02:51

    J'ai redémaré en mode sans échec tel qu'indiqué (je l'étais déjà, mais c'est suite à un redémarage de windows non contrôlé que je me retrouvais sur l'écran noir... selon moi pas le vrai!!!). Bref, une fois en mode sans échec - le vrai - J'ai pu exécuter combo-fix.exe (toujours en modifiant le nom pour que ca marche). Windows est maintenant en mode normal (merci beaucoup :)  déjà un pas en avant! et voici le rapport :

    ComboFix 08-10-30.13 - Administrator 2008-11-01 10:24:11.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.296 [GMT -4:00]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Cookies\avipyf.dl
    C:\Documents and Settings\Administrator\Cookies\dacapib.pif
    C:\Documents and Settings\Administrator\Cookies\utilyjizon.scr
    C:\Documents and Settings\Administrator\Cookies\yqyzocipo._sy
    C:\Documents and Settings\Administrator\Desktop\AntiSpywareXP2009.lnk
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\afon.vbs
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\bugu._dl
    C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009
    C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk
    C:\Documents and Settings\Administrator\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk
    C:\WINDOWS.1\brastk.exe
    C:\WINDOWS.1\karna.dat
    C:\WINDOWS.1\system32\av.dat
    C:\WINDOWS.1\system32\brastk.exe
    C:\WINDOWS.1\system32\Cache
    C:\WINDOWS.1\system32\DelSelf.bat
    C:\WINDOWS.1\system32\dllcache\beep.sys
    C:\WINDOWS.1\system32\drivers\TDSSmact.sys
    C:\WINDOWS.1\system32\drivers\TDSSpqxt.sys
    C:\WINDOWS.1\system32\drivers\TDSSserv.sys
    C:\WINDOWS.1\system32\karna.dat
    C:\WINDOWS.1\system32\TDSSbubx.log
    C:\WINDOWS.1\system32\TDSScfum.dll
    C:\WINDOWS.1\system32\TDSSciou.dll
    C:\WINDOWS.1\system32\TDSSfpmp.dll
    C:\WINDOWS.1\system32\TDSSfxwp.dll
    C:\WINDOWS.1\system32\TDSSliqp.dll
    C:\WINDOWS.1\system32\TDSSnmxh.log
    C:\WINDOWS.1\system32\TDSSnrse.dll
    C:\WINDOWS.1\system32\TDSSnrsr.dll
    C:\WINDOWS.1\system32\TDSSofxh.dll
    C:\WINDOWS.1\system32\TDSSoiqh.dll
    C:\WINDOWS.1\system32\TDSSosvd.dat
    C:\WINDOWS.1\system32\TDSSosvn.dat
    C:\WINDOWS.1\system32\TDSSrhym.dll
    C:\WINDOWS.1\system32\TDSSriqp.dll
    C:\WINDOWS.1\system32\TDSSsbhc.log
    C:\WINDOWS.1\system32\TDSSsihc.dll
    C:\WINDOWS.1\system32\TDSSthym.dll
    C:\WINDOWS.1\system32\TDSStkdv.log
    C:\WINDOWS.1\system32\TDSSvvbi.log
    C:\WINDOWS.1\system32\wini10801.exe

    Infected copy of C:\WINDOWS.1\system32\drivers\beep.sys was found and disinfected
    Restored copy from - C:\WINDOWS.1\system32\drivers\beep.sys


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv
    -------\Legacy_TDSSserv
    -------\Legacy_TDSSSERV.SYS
    -------\Service_TDSSserv.sys


    ((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
    .

    2008-11-01 10:01 . 2008-11-01 10:01 <DIR> d-------- C:\SDFix
    2008-10-31 21:07 . 2008-10-31 15:20 3,029,652 -ra------ C:\Combo-Fix.exe
    2008-10-30 21:40 . 2008-10-30 21:41 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-28 20:51 . 2008-10-28 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDS_COMPANY
    2008-10-28 20:43 . 2002-12-31 08:00 4,224 --a------ C:\WINDOWS.1\system32\drivers\beep.sys
    2008-10-26 22:59 . 2008-10-26 23:36 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-10-26 22:14 . 2008-10-26 22:14 1,100 --a------ C:\WINDOWS.1\system32\LogsNorton Ghost.dbg
    2008-10-26 14:16 . 2008-10-26 14:16 19,918 --a------ C:\Documents and Settings\Administrator\Application Data\ypuwepolik.scr
    2008-10-26 14:16 . 2008-10-26 14:16 19,902 --a------ C:\Documents and Settings\Administrator\Application Data\leweqe.bat
    2008-10-26 14:16 . 2008-10-26 14:16 18,888 --a------ C:\Documents and Settings\Administrator\Application Data\ykohez.scr
    2008-10-26 14:16 . 2008-10-26 14:16 18,059 --a------ C:\WINDOWS.1\nehany.sys
    2008-10-26 14:16 . 2008-10-26 14:16 16,943 --a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\girofelido.sys
    2008-10-26 14:16 . 2008-10-26 14:16 15,315 --a------ C:\WINDOWS.1\uwonytege.ban
    2008-10-26 14:16 . 2008-10-26 14:16 15,012 --a------ C:\WINDOWS.1\onylox._sy
    2008-10-26 14:16 . 2008-10-26 14:16 13,901 --a------ C:\WINDOWS.1\system32\ojanuhycex._dl
    2008-10-26 14:16 . 2008-10-26 14:16 13,841 --a------ C:\WINDOWS.1\wozo.exe
    2008-10-26 14:16 . 2008-10-26 14:16 13,476 --a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ujiryn.bat
    2008-10-26 14:16 . 2008-10-26 14:16 12,761 --a------ C:\WINDOWS.1\itaty.db
    2008-10-26 14:16 . 2008-10-26 14:16 12,436 --a------ C:\WINDOWS.1\kamybonal.scr
    2008-10-26 14:16 . 2008-10-26 14:16 12,164 --a------ C:\WINDOWS.1\system32\adaduk.vbs
    2008-10-26 14:16 . 2008-10-26 14:16 11,485 --a------ C:\Program Files\Common Files\cuzi.vbs
    2008-10-26 14:16 . 2008-10-26 14:16 11,342 --a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\utebiqewo.exe
    2008-10-26 14:16 . 2008-10-26 14:16 10,847 --a------ C:\WINDOWS.1\omoqafak.reg
    2008-10-26 12:16 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS.1\system32\drivers\iksyssec.sys
    2008-10-26 12:16 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS.1\system32\drivers\iksysflt.sys
    2008-10-26 12:16 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS.1\system32\drivers\ikfilesec.sys
    2008-10-26 12:16 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS.1\system32\drivers\kcom.sys
    2008-10-26 11:51 . 2008-10-26 11:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
    2008-10-26 10:53 . 2008-10-26 23:43 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP
    2008-10-25 08:34 . 2008-10-25 10:11 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-10-25 07:56 . 2008-10-25 07:56 19,587 --a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\tiwej.vbs
    2008-10-25 07:56 . 2008-10-25 07:56 18,458 --a------ C:\WINDOWS.1\ipibyfosa.db
    2008-10-25 07:56 . 2008-10-25 07:56 18,061 --a------ C:\WINDOWS.1\system32\epukywuryk.reg
    2008-10-25 07:56 . 2008-10-25 07:56 17,840 --a------ C:\Documents and Settings\Administrator\Application Data\nodujegiq.sys
    2008-10-25 07:56 . 2008-10-25 07:56 16,332 --a------ C:\WINDOWS.1\system32\howijekuho._sy
    2008-10-25 07:56 . 2008-10-25 07:56 15,729 --a------ C:\WINDOWS.1\ybicihac.sys
    2008-10-25 07:56 . 2008-10-25 07:56 15,132 --a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\yrygucu.dat
    2008-10-25 07:56 . 2008-10-25 07:56 15,119 --a------ C:\Documents and Settings\Administrator\Application Data\uxinik.pif
    2008-10-25 07:56 . 2008-10-25 07:56 13,283 --a------ C:\WINDOWS.1\koza.lib
    2008-10-25 07:56 . 2008-10-25 07:56 13,111 --a------ C:\WINDOWS.1\system32\inecaligab._dl
    2008-10-25 07:56 . 2008-10-25 07:56 12,278 --a------ C:\Documents and Settings\Administrator\Application Data\nenorolaju.sys
    2008-10-25 07:56 . 2008-10-25 07:56 12,192 --a------ C:\WINDOWS.1\system32\kakoh.dll
    2008-10-25 07:56 . 2008-10-25 07:56 11,247 --a------ C:\WINDOWS.1\system32\ynovo.inf
    2008-10-25 07:56 . 2008-10-25 07:56 11,139 --a------ C:\Documents and Settings\Administrator\Application Data\dezypedeh.vbs
    2008-10-25 07:56 . 2008-10-25 07:56 10,974 --a------ C:\Documents and Settings\Administrator\Application Data\iwadonide.com
    2008-10-25 07:56 . 2008-10-25 07:56 10,869 --a------ C:\Documents and Settings\Administrator\Application Data\eqidosopym.reg
    2008-10-25 07:56 . 2008-10-25 07:56 10,621 --a------ C:\WINDOWS.1\mejyjiqe.bin
    2008-10-24 01:27 . 2008-10-15 12:34 337,408 --------- C:\WINDOWS.1\system32\dllcache\netapi32.dll
    2008-10-15 19:17 . 2008-10-15 19:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Atheros
    2008-10-14 18:30 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS.1\system32\dllcache\srv.sys
    2008-10-14 18:29 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS.1\system32\dllcache\ntoskrnl.exe
    2008-10-14 18:29 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS.1\system32\dllcache\ntkrnlmp.exe
    2008-10-14 18:29 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS.1\system32\dllcache\ntkrnlpa.exe
    2008-10-14 18:29 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS.1\system32\dllcache\ntkrpamp.exe
    2008-10-14 18:29 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS.1\system32\dllcache\win32k.sys
    2008-10-12 09:58 . 2008-10-12 09:58 268 --ah----- C:\sqmdata11.sqm
    2008-10-12 09:58 . 2008-10-12 09:58 244 --ah----- C:\sqmnoopt11.sqm
    2008-10-04 11:08 . 2008-10-04 11:08 268 --ah----- C:\sqmdata10.sqm
    2008-10-04 11:08 . 2008-10-04 11:08 244 --ah----- C:\sqmnoopt10.sqm

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-26 18:16 17,591 ----a-w C:\Program Files\Common Files\nigohaqab._sy
    2008-10-26 18:16 16,818 ----a-w C:\Program Files\Common Files\uriket._sy
    2008-10-26 18:16 14,786 ----a-w C:\Program Files\Common Files\epukax._dl
    2008-10-26 18:16 13,448 ----a-w C:\Program Files\Common Files\dytocuhi._dl
    2008-10-26 15:56 4,096 --sha-w C:\Program Files\Thumbs.db
    2008-10-26 14:13 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-10-25 18:01 --------- d-----w C:\Program Files\TI Education
    2008-10-25 18:01 --------- d-----w C:\Program Files\Palm
    2008-10-25 18:01 --------- d-----w C:\Program Files\Norton Ghost
    2008-10-25 18:00 --------- d-----w C:\Program Files\Microsoft Works
    2008-10-25 18:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-25 18:00 --------- d-----w C:\Program Files\Logitech
    2008-10-25 17:59 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
    2008-10-25 17:59 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-10-25 17:58 --------- d-----w C:\Program Files\Common Files\TI Shared
    2008-10-25 17:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-25 17:57 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-10-25 17:57 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-10-25 17:55 --------- d-----w C:\Program Files\Cabri II Plus 1.3
    2008-10-24 06:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-10-23 17:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MiniLyrics
    2008-10-22 01:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
    2008-10-15 07:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Microsoft Help
    2008-10-03 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
    2008-10-03 17:41 6,066,176 ------w C:\WINDOWS.1\system32\dllcache\ieframe.dll
    2008-09-19 20:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
    2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS.1\system32\win32k.sys
    2008-09-10 04:04 38,528 ----a-w C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys
    2008-09-10 04:03 17,200 ----a-w C:\WINDOWS.1\system32\drivers\mbam.sys
    2008-09-08 10:41 333,824 ------w C:\WINDOWS.1\system32\drivers\srv.sys
    2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS.1\system32\dllcache\mshtml.dll
    2008-08-25 08:38 13,824 ------w C:\WINDOWS.1\system32\dllcache\ieudinit.exe
    2008-08-25 08:37 70,656 ------w C:\WINDOWS.1\system32\dllcache\ie4uinit.exe
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS.1\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS.1\system32\dllcache\ieakui.dll
    2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS.1\system32\ntoskrnl.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS.1\system32\dllcache\afd.sys
    2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS.1\system32\ntkrnlpa.exe
    2006-05-21 17:09 25 ---h--r C:\Program Files\perso
    2004-04-02 14:36 30,020 ----a-r C:\Program Files\Français.cgl
    2004-01-21 20:51 26,551 ----a-r C:\Program Files\US-English.cgl
    2004-01-19 19:18 2,504 ----a-r C:\Program Files\Lisez-moi.txt
    2002-09-16 21:14 9,158 ---ha-r C:\Program Files\CabriIIPlus.ico
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
    "!AVG Anti-Spyware"="G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2008-06-20 6731312]
    "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= ctwdm32.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "G:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
    "G:\\Program Files\\webcamXP\\webcamXP.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "49152:TCP"= 49152:TCP:Azureus
    "49152:UDP"= 49152:UDP:Azureus

    R3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS.1\system32\DRIVERS\IntelH51.sys [2002-06-21 469935]
    S3 ati2mtaa;ati2mtaa;C:\WINDOWS.1\system32\DRIVERS\ati2mtaa.sys [2001-09-27 285088]
    S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS.1\system32\DRIVERS\RimSerial.sys [2005-05-04 17920]
    S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS.1\system32\UnlockerDriver4.sys [2005-04-24 3584]
    S3 VirtualDK;VirtualDK;C:\eeepcfr\usb_prep8\vdk.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f319dc82-beb7-11dc-ba5e-0050bafb95f3}]
    \Shell\AutoRun\command - I:\DigitalPhotoKeychain.EXE
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    HKLM-Run-NeroFilterCheck - C:\WINDOWS.1\system32\NeroCheck.exe
    HKLM-Run-Norton Ghost 9.0 - C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    HKLM-Run-AntiSpywareXP 2009 - C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe
    HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    HKU-Default-Run-brastk - C:\WINDOWS.1\system32\brastk.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdcse1g.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE -
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin2.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin3.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin4.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin5.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin6.dll
    FF -: plugin - G:\Program Files\QuickTime\Plugins\npqtplugin7.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-01 10:38:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS.1\system32\devldr32.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS.1\system32\msiexec.exe
    C:\WINDOWS.1\system32\wscntfy.exe
    C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    C:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
    C:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-01 10:47:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-11-01 14:47:23

    Pre-Run: 21,557,473,280 bytes free
    Post-Run: 23,860,563,968 bytes free

    268 --- E O F --- 2008-11-01 14:25:51
    1 Novembre 2008 20:17:29

    1) Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • SpyHunter (ou Enigma Software Group)

    2) Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\Documents and Settings\All Users.WINDOWS.1\Application Data\tiwej.vbs
    C:\WINDOWS.1\ipibyfosa.db
    C:\WINDOWS.1\system32\epukywuryk.reg
    C:\Documents and Settings\Administrator\Application Data\nodujegiq.sys
    C:\WINDOWS.1\system32\howijekuho._sy
    C:\WINDOWS.1\ybicihac.sys
    C:\Documents and Settings\All Users.WINDOWS.1\Application Data\yrygucu.dat
    C:\Documents and Settings\Administrator\Application Data\uxinik.pif
    C:\WINDOWS.1\koza.lib
    C:\WINDOWS.1\system32\inecaligab._dl
    C:\Documents and Settings\Administrator\Application Data\nenorolaju.sys
    C:\WINDOWS.1\system32\kakoh.dll
    C:\WINDOWS.1\system32\ynovo.inf
    C:\Documents and Settings\Administrator\Application Data\dezypedeh.vbs
    C:\Documents and Settings\Administrator\Application Data\iwadonide.com
    C:\Documents and Settings\Administrator\Application Data\eqidosopym.reg
    C:\WINDOWS.1\mejyjiqe.bin
    C:\Program Files\Common Files\nigohaqab._sy
    C:\Program Files\Common Files\uriket._sy
    C:\Program Files\Common Files\epukax._dl
    C:\Program Files\Common Files\dytocuhi._dl
    C:\Documents and Settings\Administrator\Application Data\ypuwepolik.scr
    C:\Documents and Settings\Administrator\Application Data\leweqe.bat
    C:\Documents and Settings\Administrator\Application Data\ykohez.scr
    C:\WINDOWS.1\nehany.sys
    C:\Documents and Settings\All Users.WINDOWS.1\Application Data\girofelido.sys
    C:\WINDOWS.1\uwonytege.ban
    C:\WINDOWS.1\onylox._sy
    C:\WINDOWS.1\system32\ojanuhycex._dl
    C:\WINDOWS.1\wozo.exe
    C:\Documents and Settings\All Users.WINDOWS.1\Application Data\ujiryn.bat
    C:\WINDOWS.1\itaty.db
    C:\WINDOWS.1\kamybonal.scr
    C:\WINDOWS.1\system32\adaduk.vbs
    C:\Program Files\Common Files\cuzi.vbs
    C:\Documents and Settings\All Users.WINDOWS.1\Application Data\utebiqewo.exe
    C:\WINDOWS.1\omoqafak.reg

    Folder::
    C:\Program Files\Enigma Software Group

    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "SpyHunter Security Suite"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.












    1 Novembre 2008 22:22:53

    J'ai dû exécuter combofix deux fois car après la premiere fois, je n'avais aucun fureteur de fonctionnelle (j'ai réinstallé firefox 2).
    Je n'est jamais vu les deux fichiers (Submit [Date Time].zip et - CF-Submit.htm ) sur mon bureau, mais ils étaient dans c:\qoobox. J'ai donc cliqué sur - CF-Submit.htm pour lancer firefox...et j'ai envoyé le fichier.
    Voici le rapport:


    ComboFix 08-11-01.01 - Administrator 2008-11-01 16:58:35.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.201 [GMT -4:00]
    Running from: C:\Combo-Fix.exe
    Command switches used :: H:\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
    .

    2008-11-01 14:27 . 2008-11-01 14:27 578,560 --a------ C:\WINDOWS.1\system32\dllcache\user32.dll
    2008-11-01 14:25 . 2008-11-01 14:25 <DIR> d-------- C:\WINDOWS.1\ERUNT
    2008-11-01 10:01 . 2008-11-01 14:43 <DIR> d-------- C:\SDFix
    2008-10-31 21:07 . 2008-11-01 16:40 3,022,993 -ra------ C:\Combo-Fix.exe
    2008-10-30 21:40 . 2008-10-30 21:41 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-28 20:51 . 2008-10-28 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDS_COMPANY
    2008-10-28 20:43 . 2002-12-31 08:00 4,224 --a------ C:\WINDOWS.1\system32\drivers\beep.sys
    2008-10-26 22:59 . 2008-10-26 23:36 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-10-26 22:14 . 2008-10-26 22:14 1,100 --a------ C:\WINDOWS.1\system32\LogsNorton Ghost.dbg
    2008-10-26 12:16 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS.1\system32\drivers\iksyssec.sys
    2008-10-26 12:16 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS.1\system32\drivers\iksysflt.sys
    2008-10-26 12:16 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS.1\system32\drivers\ikfilesec.sys
    2008-10-26 12:16 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS.1\system32\drivers\kcom.sys
    2008-10-26 11:51 . 2008-10-26 11:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
    2008-10-26 10:53 . 2008-11-01 14:09 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS.1\Application Data\TEMP
    2008-10-24 01:27 . 2008-10-15 12:34 337,408 --------- C:\WINDOWS.1\system32\dllcache\netapi32.dll
    2008-10-15 19:17 . 2008-10-15 19:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Atheros
    2008-10-14 18:30 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS.1\system32\dllcache\srv.sys
    2008-10-14 18:29 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS.1\system32\dllcache\ntoskrnl.exe
    2008-10-14 18:29 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS.1\system32\dllcache\ntkrnlmp.exe
    2008-10-14 18:29 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS.1\system32\dllcache\ntkrnlpa.exe
    2008-10-14 18:29 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS.1\system32\dllcache\ntkrpamp.exe
    2008-10-14 18:29 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS.1\system32\dllcache\win32k.sys
    2008-10-12 09:58 . 2008-10-12 09:58 268 --ah----- C:\sqmdata11.sqm
    2008-10-12 09:58 . 2008-10-12 09:58 244 --ah----- C:\sqmnoopt11.sqm
    2008-10-04 11:08 . 2008-10-04 11:08 268 --ah----- C:\sqmdata10.sqm
    2008-10-04 11:08 . 2008-10-04 11:08 244 --ah----- C:\sqmnoopt10.sqm

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-26 15:56 4,096 --sha-w C:\Program Files\Thumbs.db
    2008-10-26 14:13 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-10-25 18:01 --------- d-----w C:\Program Files\TI Education
    2008-10-25 18:01 --------- d-----w C:\Program Files\Palm
    2008-10-25 18:01 --------- d-----w C:\Program Files\Norton Ghost
    2008-10-25 18:00 --------- d-----w C:\Program Files\Microsoft Works
    2008-10-25 18:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-25 18:00 --------- d-----w C:\Program Files\Logitech
    2008-10-25 17:59 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
    2008-10-25 17:59 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-10-25 17:58 --------- d-----w C:\Program Files\Common Files\TI Shared
    2008-10-25 17:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-25 17:57 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-10-25 17:57 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-10-25 17:55 --------- d-----w C:\Program Files\Cabri II Plus 1.3
    2008-10-24 06:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-10-23 17:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MiniLyrics
    2008-10-22 01:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
    2008-10-15 07:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.1\Application Data\Microsoft Help
    2008-10-03 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
    2008-10-03 17:41 6,066,176 ------w C:\WINDOWS.1\system32\dllcache\ieframe.dll
    2008-09-19 20:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
    2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS.1\system32\win32k.sys
    2008-09-10 04:04 38,528 ----a-w C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys
    2008-09-10 04:03 17,200 ----a-w C:\WINDOWS.1\system32\drivers\mbam.sys
    2008-09-08 10:41 333,824 ------w C:\WINDOWS.1\system32\drivers\srv.sys
    2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS.1\system32\dllcache\mshtml.dll
    2008-08-25 08:38 13,824 ------w C:\WINDOWS.1\system32\dllcache\ieudinit.exe
    2008-08-25 08:37 70,656 ------w C:\WINDOWS.1\system32\dllcache\ie4uinit.exe
    2008-08-23 05:56 635,848 ----a-w C:\WINDOWS.1\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w C:\WINDOWS.1\system32\dllcache\ieakui.dll
    2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS.1\system32\ntoskrnl.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS.1\system32\dllcache\afd.sys
    2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS.1\system32\ntkrnlpa.exe
    2006-05-21 17:09 25 ---h--r C:\Program Files\perso
    2004-04-02 14:36 30,020 ----a-r C:\Program Files\Français.cgl
    2004-01-21 20:51 26,551 ----a-r C:\Program Files\US-English.cgl
    2004-01-19 19:18 2,504 ----a-r C:\Program Files\Lisez-moi.txt
    2002-09-16 21:14 9,158 ---ha-r C:\Program Files\CabriIIPlus.ico
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-01_10.45.31.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-07 19:27:04 163,328 ----a-w C:\WINDOWS.1\ERUNT\SDFIX\ERDNT.EXE
    + 2008-11-01 18:25:38 9,744,384 ----a-w C:\WINDOWS.1\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-11-01 18:25:38 348,160 ----a-w C:\WINDOWS.1\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 19:27:04 163,328 ----a-w C:\WINDOWS.1\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-11-01 18:25:22 9,744,384 ----a-w C:\WINDOWS.1\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-11-01 18:25:22 348,160 ----a-w C:\WINDOWS.1\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2008-11-01 18:34:10 16,384 ----atw C:\WINDOWS.1\Temp\Perflib_Perfdata_1ac.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2008-06-20 6731312]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= ctwdm32.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "G:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
    "G:\\Program Files\\webcamXP\\webcamXP.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "49152:TCP"= 49152:TCP:Azureus
    "49152:UDP"= 49152:UDP:Azureus

    R3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS.1\system32\DRIVERS\IntelH51.sys [2002-06-21 469935]
    S3 ati2mtaa;ati2mtaa;C:\WINDOWS.1\system32\DRIVERS\ati2mtaa.sys [2001-09-27 285088]
    S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS.1\system32\DRIVERS\RimSerial.sys [2005-05-04 17920]
    S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS.1\system32\UnlockerDriver4.sys [2005-04-24 3584]
    S3 VirtualDK;VirtualDK;C:\eeepcfr\usb_prep8\vdk.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f319dc82-beb7-11dc-ba5e-0050bafb95f3}]
    \Shell\AutoRun\command - I:\DigitalPhotoKeychain.EXE
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-01 17:02:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-11-01 17:05:33
    ComboFix-quarantined-files.txt 2008-11-01 21:05:18
    ComboFix2.txt 2008-11-01 20:49:42
    ComboFix3.txt 2008-11-01 20:14:29
    ComboFix4.txt 2008-11-01 14:47:42

    Pre-Run: 23 618 449 408 bytes free
    Post-Run: 23,605,473,280 bytes free

    140 --- E O F --- 2008-11-01 14:25:51

    2 Novembre 2008 12:07:06

    Re,

    C'est mieux ?

    Arrives-tu à installer la Console de Récupération maintenant ?

    Poste un nouveau rapport HijackThis.
    2 Novembre 2008 22:17:24

    FanDANGELDARK,
    Merci pour ton aide,
    Mon ordi se porte de mieux en mieux (et moi aussi !).
    J'ai installé la Console de Récupération.

    Voici un nouveau rapport de HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:47:39, on 2008-11-02
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.1\System32\smss.exe
    C:\WINDOWS.1\system32\winlogon.exe
    C:\WINDOWS.1\system32\services.exe
    C:\WINDOWS.1\system32\lsass.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\WINDOWS.1\System32\svchost.exe
    C:\WINDOWS.1\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS.1\Explorer.EXE
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS.1\system32\devldr32.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS.1\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    g:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = G:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows.1\system32\nwprovau.dll
    O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
    O15 - Trusted Zone: http://www.spasrelaissante.com
    O15 - Trusted Zone: http://www.theatreduvieuxterrebonne.com
    O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/sirf/script/14_05...
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 7036 bytes
    3 Novembre 2008 12:07:47

    Re,

    C'est toi qui a modifié ta Zone de Confiance ?

    Citation :
    O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
    O15 - Trusted Zone: http://www.spasrelaissante.com
    O15 - Trusted Zone: http://www.theatreduvieuxterrebonne.com


    Je doute que les sites soient nocifs..

    --------

    Renomme :

    g:\Program Files\Trend Micro\HijackThis\HijackThis.exe en
    g:\Program Files\Trend Micro\HijackThis\PoolTech.exe.

    Exécute-le, et fournis moi le nouveau rapport.

    -------------

    Spyware Doctor est-il actif ? Où l'as-tu désinstallé ?
    Qu'en est-il pour AVG7, Symantec, Windowws Live Messenger .. ?
    4 Novembre 2008 01:50:19

    Pour la zone de confiance, je reconnais effectivement ces trois sites là.
    ----------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:30:33, on 2008-11-03
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.1\System32\smss.exe
    C:\WINDOWS.1\system32\winlogon.exe
    C:\WINDOWS.1\system32\services.exe
    C:\WINDOWS.1\system32\lsass.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\WINDOWS.1\System32\svchost.exe
    C:\WINDOWS.1\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS.1\Explorer.EXE
    C:\WINDOWS.1\system32\svchost.exe
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS.1\system32\devldr32.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Trend Micro\HijackThis\PoolTech.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows.1\system32\nwprovau.dll
    O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
    O15 - Trusted Zone: http://www.spasrelaissante.com
    O15 - Trusted Zone: http://www.theatreduvieuxterrebonne.com
    O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/sirf/script/14_05...
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 6983 bytes


    ----------------------------

    Spyware Doctor n'est pas actif, ( C:\Program Files\Spyware Doctor ) J'ai essayé de le démaré, mais il ne trouve pas tous les fichiers nécessaires...Je l'avais aussi installé dans g:\Program Files\Spyware Doctor mais il n'y a plus rien!!!

    AVG7.5 est maintenant actif sur une license valide jusqu'au 1 décembre 2008 seulement!!!

    AVG anti-spyware 7.5 aussi actif

    Symantec est déinstallé

    Windows live messrnger ne fonctionne plus... le fichier vers lequel le raccourcie pointe n'existe plus!!! Ce phénomène est le même pour plusieurs autres programmes:

    Internet Explorer - Maintenant réinstalé
    Nero - Maintenant réinstalé
    Microsoft Office 2003 et 2007 - Maintenant réinstalé
    Windows média player - fonctionne pas
    Azureus - fonctionne pas
    Ad Watch - fonctionne pas
    Ad-Aware - fonctionne pas
    Last.fm - fonctionne pas
    et probablement d'autres...
    4 Novembre 2008 10:28:58

    Ton rapport HijackThis a été posté après les réinstallations ?
    5 Novembre 2008 01:40:36

    Oui je pense bien, mais je ne suis pas absolument sur. Voici donc un nouveau rapport plus récent.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:38:02, on 2008-11-04
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.1\System32\smss.exe
    C:\WINDOWS.1\system32\winlogon.exe
    C:\WINDOWS.1\system32\services.exe
    C:\WINDOWS.1\system32\lsass.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\WINDOWS.1\System32\svchost.exe
    C:\WINDOWS.1\Explorer.EXE
    C:\WINDOWS.1\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS.1\system32\devldr32.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Trend Micro\HijackThis\PoolTech.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows.1\system32\nwprovau.dll
    O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
    O15 - Trusted Zone: http://www.spasrelaissante.com
    O15 - Trusted Zone: http://www.theatreduvieuxterrebonne.com
    O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u10/jinstall-6u...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/sirf/script/14_05...
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 7633 bytes
    5 Novembre 2008 20:35:09

    Bien :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    7 Novembre 2008 02:16:24

    Voila, c'est fait... Je veux te remercier pour l'aide que tu m'apporte. Qu'es-ce qui vous motive à aider des pures inconnues? Il y a-t-il une façon de vous remercier?

    Voici le rapport :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1370
    Windows 5.1.2600 Service Pack 3

    2008-11-06 19:15:44
    mbam-log-2008-11-06 (19-15-44).txt

    Type de recherche: Examen complet (C:\|G:\|)
    Eléments examinés: 157753
    Temps écoulé: 3 hour(s), 51 minute(s), 25 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 164

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP36\A0006828.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP36\A0007828.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP36\A0007829.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP37\A0008828.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP37\A0008829.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP37\A0008831.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP37\A0008832.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP38\A0008833.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP38\A0008834.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP38\A0008835.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP38\A0008836.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP38\A0008837.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP38\A0008838.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0008839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0008840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0008841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0009840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0009841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0010840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0010841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0011840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0011841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0012840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0012841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0013840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0013841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0014840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0014841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0015840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0015841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0016840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0016841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0017840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0017841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0018840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0018841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0019840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0019841.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0019842.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0019843.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0020842.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0020843.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0021842.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0021843.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0022842.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP40\A0022843.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0022844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0023844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0023845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0024844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0024845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0025844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0025845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0026844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0026845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0027844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0027845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0028844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0028845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0029844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0029845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0030844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0030845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0031844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0031845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0032844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0032845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0033844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0033845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0034844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0034845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0035844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0035845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0036844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0036845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0037844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0037845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0038844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0038845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0039844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0039845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0040844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0040845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0041844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0041845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0042844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0042845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0043844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0043845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0044844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0044845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0045844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0045845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0046844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0046845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0047844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0047845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0048844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0048845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0049844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0049845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0050844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0050845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0051844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0051845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0052844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0052845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0053844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0053845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0054844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0054845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0055844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0055845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0056844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0056845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0057844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0057845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0058844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0058845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0059844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0059845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0060844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0060845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0061844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0061845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0062844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0062845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0063844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0063845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0064844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0064845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0065844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0065845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0066844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0066845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0067844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0067845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0068844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0068845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0069844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0069845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0070844.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP41\A0070845.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0070846.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0071846.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0071847.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0071848.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0071849.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0072848.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0072849.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0072850.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0072851.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0073852.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0073853.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0074852.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0074853.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0074854.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0074855.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0074870.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP42\A0074871.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA9CA4DC-9EA1-4EC3-9962-127608F85793}\RP43\A0074885.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    G:\Azureus download\ACDSee.Photo.Manager.v10.0.219.Incl.Keymaker-CORE\ACDSee.Photo.Manager.v10.0.219.Incl\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    G:\Azureus download\ACDSee.Photo.Manager.v10.0.219.Incl.Keymaker-CORE\cr-aaaha\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    G:\Azureus download\Driver.Genius.Pro.v7.1.622.Multilingual.Incl.Keymaker-CORE\cr-aaa8a\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    7 Novembre 2008 20:34:29

    Re,

    Citation :
    G:\Azureus download\ACDSee.Photo.Manager.v10.0.219.Incl.Keymaker-CORE\ACDSee.Photo.Manager.v10.0.219.Incl\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    G:\Azureus download\ACDSee.Photo.Manager.v10.0.219.Incl.Keymaker-CORE\cr-aaaha\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    G:\Azureus download\Driver.Genius.Pro.v7.1.622.Multilingual.Incl.Keymaker-CORE\cr-aaa8a\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

    Tu sais ce qu'il te reste à faire :) 

    Poste un nouveau rapport HJT ;) 

    8 Novembre 2008 13:55:00

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:53:42, on 2008-11-08
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.1\System32\smss.exe
    C:\WINDOWS.1\system32\winlogon.exe
    C:\WINDOWS.1\system32\services.exe
    C:\WINDOWS.1\system32\lsass.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\WINDOWS.1\System32\svchost.exe
    C:\WINDOWS.1\Explorer.EXE
    C:\WINDOWS.1\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS.1\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS.1\system32\devldr32.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\Trend Micro\HijackThis\PoolTech.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows.1\system32\nwprovau.dll
    O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
    O15 - Trusted Zone: http://www.spasrelaissante.com
    O15 - Trusted Zone: http://www.theatreduvieuxterrebonne.com
    O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jdk/6u10/jinstall-6u...
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/sirf/script/14_05...
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.1\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - g:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

    --
    End of file - 7580 bytes
    9 Novembre 2008 11:49:32

    Re,

    Spyware Doctor marche-t-il ?

    Comment marche ton PC actuellement ?
    10 Novembre 2008 03:20:21

    Spyware Doctor est maintenant déinstallé car il gelait dès le début de l'exécution.

    --------------------------

    Mon Pc fonctionne normalement. Par contre, ce matin justement, en voulant le sortir du mode veille (en déplacant la souri comme d'habitude) il ne faisait rien, j'ai du le redémarer avec le bouton restart!!! Et là, il y a eu un son d'alarme comme j'ai jamais endendu!!! J'ai du utiliser l'interrupteur à l'arrière de l'ordi pour l'arreter!!!
    Une fois redémaré, tout semble bien fonctionner. J'ai fait un scan complet avec AVG et avec Malwarebytes' Anti-Malware. Rien détecté...

    Qu'en pennses-tu? Devrais-je télécharger un anti-virus différent?
    10 Novembre 2008 17:25:57

    Re,

    Nan, c'est bon ;) 

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - g:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    **********

    Prévention :

    - Nettoyage des fichiers temporaires :

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.


    Telecharge ATFcleaner sur ton Bureau.

  • Double-clique sur l'exécutable téléchargé.
  • Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
  • Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
  • Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.

    Aide : Comment utiliser AFTCleaner.

    -- Restauration Système :

    Désactive-Réactive la restauration système.

    Méthode XP :
    Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
    Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
    Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Méthode Vista :
    Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
    Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
    Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Aide : Comment Désactiver-Réactiver la Restauration Système.

    --- Affichage normal des fichiers :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Décoche Afficher les fichiers et dossiers cachés
    - Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    ---- Suppression des outils installés :

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Supprime maintenant ToolsCleaner.

    ----- Remise en place des protections, protection du système avec les Mises à Jour ! :

    Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
    Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
    Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
    Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)

    Un petit mot à propos de Java :

    Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
    Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
    C'est donc très important que tu désinstalles les anciennes versions de Java.

  • Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
  • Déinstalles toutes les versions de Java exceptée la plus récente.

    Aide : Comment utiliser Secunia Software Inspector.

    ------ Ton infection, tu la dénonces ? :

    Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
  • Ton(tes) infection(s) : TDSS.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections.

    Aide : Comment dénoncer mon infection sur Malware Complaints.

    Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS