gros soucis avec virus winreanimator [résolu]

bonsoir !
Voila un lien :
http://www.spyhunterestunearnaque.com

jespère que sa poura taider
Message édité par Sham-Rock

bonsoir
desperados 11
tu proposes un lien vers spyhunter, qui est un rogue (logiciel crapuleux)
http://assiste.com.free.fr/p/craptheque/spyhunter.html

path59

1

Télécharge MalwareByte's Anti-Malware et installe le.

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide

Lance MalwareByte's Anti-Malware et sélectionne "Exécuter un examen complet". Patiente le temps du scan.

Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.

Clique enfin sur "Supprimer la sélection".

Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide





2


Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

bonsoir sham rock
ok pour ta reponse j'execute ce que tu m'indiques car le logiciel precedant me donner l'impression de devoir acheter la suite par contre il ma bien trouvé le virus incriminé
je lance l'operation et je reviens

desolé sham rock je ne connais pas l'anglais et je ne trouve pas ou cliquer pour telecharger ce logiciel sur ce lien que tu me donnes

re

clique sur ce lien et patiente quelques secondes avant que le téléchargement ne se lance

http://majorgeeks.com/downloadget.php?id=5756&file=1&ev...

j'ai pas de chance encore
les parametres de sécurité empeches le telechargement ?????
path59

dsl je ne le saver pas auré tu une liste de c'est logiciel a ne pas utiliser pour éviter de refaire la meme erreur merci d'avance

tu es sous quelle OS?
xp ou vista?

http://www.infos-du-net.com/forum/272222-7-logiciels-ev...

http://assiste.com.free.fr/p/craptheque/craptheque.html

xp desolé pour les fautes je commence a fatiguer( c'est l'age)

path59

tu peux me poster un log hijackthis pour que je vois ce qui se passe stp

oui mais je ne l'ai jamais fait la j'ai besoin d'un coup de main (encore)

Merci pour le tutoriel et désolé pour le langage sms
bon je m'enlève de se topic je n'est plus rien a faire ici
bonne chance pour le virus

c'ets bon j'ai telechargé hijacktis

le tutoriel du logiciel :

http://www.infos-du-net.com/forum/271838-11-tuto-utilis...

il ne veut pas s'ouvrir grrrrrr

le logiciel ou le lien ?

ok pour le tutoriel

le logiciel ne veut pas s'ouvrir

path59, il va falloir faire un effort, on ne comprend rien à ce que tu racontes...

aprés pour le rapport je ne pouré pas te répondre il y a 2-3 personne qui t'aideron bien bonne chance

tu as un message d'erreur?

donne-le nous stp

ok pour l'effort
j'ai telechargé ce logociel hijackthis sur le bureau via trend micro et en cliquant dessus il ne se passe rien

aucun message d'erreur qui s'affiche ça ne s'ouvre pas

tu as un message d'erreur?

tu doubles-clique?

je te dis ça avant de sortir l'artillerie...

je double clic et rien

curieux

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ok je tente le coup et je mets un casque pour l'artillerie

desolé pour l'attente mais mon pc a encore buggé c'est a dire que tout le bureau disparait de l'ecran et je dois l'eteindre manuellement

et vlan combofix ne s'ouvre pas non plus

excuse moi, c'est de ma faute, j'étais centré sur ton titre et j'ai zappé cette phrase:


Si je comprends bien cette phrase, que tu veux dire que ton antivirus et ton pare feu se sont désactivés et que tu ne peux plus les remettre en route, c'est que tu es infecté par Bagle
supprime ta version de ComboFix
On fait autrement, fais attentivement ce que je te demande pour que ça marche.  

Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

mais attention, vu que c'est apparemment le virus bagle, il faut feinter pour que tu puisses lancer l'outil donc:
renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
http://forum.pcastuces.com/sujet.asp?f=25&s=37315

Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

bon voila j'ai fait ce tu m'a indiqué
quand je double clic sur combofix celui-ci me fait un scan de securité qui dure quelques minutes coupe le pc et le redemarre ensuite il se coupe et puis plus rien

bon je suis ko je vais me coucher jespere te retrouvé prochainement sham rock pour resoudre ce probleme
et encore merci de ton aide
bonne nuit.
(entre deux je tenterais de créer ce fameux rapport)
bye

bonjour

tu peux me trouver le rapport:
C:\Combofix.txt

bonjour sham rock
voila ce qui c'est passé
apres plusieurs essais combofix tout fonctione
j'explique:

mise route de combofix,scan de securite,suppression de fichiers infectes,apres plusieurs analyses combofix eteind le pc puis le redemarre,petit ecran bleu avec le titre c:\ find3m
puis preparing log report
do not run any programs util combofix has finished
ensuite ce petit ecran bleu c'est eteind et la, zone alarme ansi que avast se sont remis a fonctionner
suis-je encore infecté?
donne moi ton avis car la je suis tres surpris de la chose
merci

bonjour

1

il me faut le rapport ComboFix
C:\Combofix.txt

2

tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport.  


Désinstalle correctement Avast!


Pour le remplacer par Antivir.

-->Tuto<--


Pourquoi changer ? : Avast! vs Antivir

bonjour
comme je l'ai indiqué precedemment je n'arrive toujours pas a faire ce rapport combofix
vu que mon pc fonctionne mieux dois-je le télécharger de nouveau
pour antivir je l'avais téléchargé lors de mes soucis de pc
actuellement je fait un scan avec antivir et j'essaie de t'envoyer le rapport

Scan saved at 16:08, on 2008-03-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\AOL\1151867614\ee\aolsoftware.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\fichiers communs\aol\1151867614\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1151867614\ee\aolsoftware.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-downloa...
O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13407 bytes

voila je viens de reussir un rapport avec hijacthis je suis tes conseils en desinstallent avast car antivir continue a detecter winreanimator et a mettre ses composants en quarantaine

ok

j'attends ton rapport de scan  

Report file date: 2008-03-24 16:40

Scanning for 1163542 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SN402497180003

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 20:22:48
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 2008-03-21 20:22:48
ANTIVIR3.VDF : 7.0.3.65 36864 Bytes 2008-03-23 08:51:13
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 2008-03-21 20:22:50
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-21 20:22:50
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-03-24 16:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'shellmon.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'AOLSP Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'aoltray.exe' - '1' Module(s) have been scanned
Scan process 'waol.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mnmsrvc.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'imapi.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\braviax.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4848e349.qua'!
C:\QooBox\Quarantine\C\WINDOWS\cru629.dat.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485ce34c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4848e34e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cru629.dat.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485ce350.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winivstr.exe.vir
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4855e34a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dllcache\beep.sys.vir
[DETECTION] Is the Trojan horse TR/Agent.34304.25
[INFO] The file was moved to '484ce34a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir
[DETECTION] Is the Trojan horse TR/Agent.34304.25
[INFO] The file was moved to '484ce350.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0289444.sys
[DETECTION] Is the Trojan horse TR/Agent.34304.25
[INFO] The file was moved to '4819ed17.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0290444.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed1b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0290452.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed20.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0291443.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed24.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0291444.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed27.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0291452.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed2b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0293453.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed30.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0293469.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed33.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0294443.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed38.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0294444.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed3b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0294454.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed3e.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0295443.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed42.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0295444.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed44.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0295448.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed49.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0295449.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed4c.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0295459.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed4f.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0296448.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed54.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0296449.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed57.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0296459.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed5b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0297448.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed5f.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0297449.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed61.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP774\A0298448.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed63.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP777\A0299462.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4819ed6c.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP779\A0299478.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4819ed71.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP779\A0300448.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed73.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP779\A0301472.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed76.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP779\A0301473.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed79.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP780\A0301501.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed7d.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP780\A0301502.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed80.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP781\A0302484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed85.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP781\A0302485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed88.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0307485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed8e.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0308484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed90.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0308485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed93.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0309484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed95.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0309485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed97.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0310484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed9a.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0310485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed9d.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0311484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aed9f.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0311485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aeda1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0311496.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '481aeda3.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0312484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aeda5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0312485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aeda7.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0313484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedb8.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0313485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedba.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0314484.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedc0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0314485.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedc3.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0314515.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedc4.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP783\A0314516.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedc6.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP784\A0314527.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedca.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP784\A0314528.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedcb.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP785\A0314551.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedce.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP785\A0314552.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedd0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP785\A0315553.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.B
[INFO] The file was moved to '481aedd3.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP786\A0316527.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedd7.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP786\A0316528.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedd8.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP786\A0317527.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aeddb.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP786\A0317528.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aeddc.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP787\A0317559.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aede0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP787\A0318527.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aede1.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP787\A0319527.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aede4.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP787\A0319528.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aede5.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP788\A0319583.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedef.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP788\A0319584.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedf0.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP788\A0319585.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '481aedf2.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP790\A0322806.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aedfe.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP790\A0322807.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee00.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP790\A0325746.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee02.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP790\A0325747.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee03.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP790\A0326746.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee05.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP790\A0326747.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee07.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP791\A0326808.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee0b.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP791\A0326809.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee0c.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP792\A0327998.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee14.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP792\A0327999.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481aee15.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP792\A0328000.sys
[DETECTION] Is the Trojan horse TR/Agent.34304.25
[INFO] The file was moved to '481aee17.qua'!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP792\A0328001.sys
[DETECTION] Is the Trojan horse TR/Agent.34304.25
[INFO] The file was moved to '481aee19.qua'!


End of the scan: 2008-03-24 19:48
Used time: 3:08:36 min

The scan has been done completely.

10012 Scanning directories
411910 Files were scanned
84 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
84 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
411826 Files not concerned
8349 Archives were scanned
2 Warnings
9 Not

bien

Télécharge MalwareByte's Anti-Malware et installe le.

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide

Lance MalwareByte's Anti-Malware et sélectionne "Exécuter un examen complet". Patiente le temps du scan.

Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.

Clique enfin sur "Supprimer la sélection".

Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide

Version de la base de données: 532

Type de recherche: Examen complet (A:\|C:\|)
Eléments examinés: 159567
Temps écoulé: 2 hour(s), 45 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bonjour sham rock
voila donc le rapport malwaresbyte's
j'attends tes nouvelles directives
cordialement path

bonsoir

relance MalwareByte's Anti-Malware
mais en fin de scan, clique sur "Supprimer la sélection". car là, tu n'a rien supprimé...

~télécharge ce fichier http://downloads.malwareremoval.com/Nel/FixP.zip
sur le bureau.

Extraie et double clique sur Fix_Protocol_zones_ranges.reg.

Accepte lorsqu'il te demande de fusionner avec le registre. poste ensuite un nouveau rapport hijackthis.

bonjour sham rock
je pensais l'avoir fait cette suppression et bin non
dois-je repasser par mode sans echec ou directement avec malwarebytes pour l'analyse
autre soucis je ne parviens pas a desinstaller avast
en passant par ton lien ou suppressions de programes j'obtiens un ecran bleu (windows a detecté un probleme........)et se termine par vidage de la memoire physique

re
je ne peux pas ouvrir le fichier malwareremoval
je le telecharge sur le bureau et quand je clic dessus un message
windows ne parvient pas a acceder au peripherique......

re

c'est bien curieux...
reposte un log hijackthis stp

Scan saved at 17:04, on 2008-03-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\AOL\1151867614\ee\aolsoftware.exe
c:\program files\fichiers communs\aol\1151867614\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1151867614\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-downloa...
O16 - DPF: {E cellSpacing=5 cellPadding=3 width=400} -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13024 bytes

bonjour
je joins egalement le rapport malwarebytes en ayant supprimé la selection
sans etre passé par mode sans echec
ai-je bien fait?


Version de la base de données: 532

Type de recherche: Examen rapide
Eléments examinés: 44268
Temps écoulé: 11 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)