Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

PC contaminé : navigation impossible [résolu]

 

102 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

PC contaminé : navigation impossible [résolu]

Prévenir les modérateurs en cas d'abus 
patal2
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 25/12/2012 à 16:44:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 Mon PC portable semble super contaminé. Il est très lent, et la navigation internet est très laborieuse. En effet, à chaque recherche par google, au lieu d'atterrir sur le site de mon choix, je me retrouve quasi systématiquement sur ebay, ou un autre site de commerce, ou un site porno. Et ce, en utilisant aussi bien internet explorer que google chrome.

 Mon antivirus était Norton, mais j'ai tout désinstallé car il ralentissait énormément le pc.

 Mon portable est un HP Pavilion Alter lansing. AMD turion 64 mobile, technologie ML-34, 1,79 ghz, 896 Mo de ram.

 Logiciel d'exploitation : Windows XP édition familiale version 5.1 service pack 3

 Merci d'avance pour votre aide, et joyeux Noel !!!!

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 25/12/2012 à 16:59:32  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 1/fais ceci

 
 Télécharge Adwcleaner de Xplode

  adwcleaner ICI

 Télécharges Pour Vista et Windows 7 : il faut lancer le fichier par clic-droit "Exécuter en tant qu'administrateur"

 Lance AdwCleaner.exe
 Acceptes l'avertissement qui suit

 http://security-x.fr/img/publi​c/AdwCleaner/AdwCleanerV2-10.p​ng
 
 Clic sur suppression
 
 Patientes le temps de la recherche

 copies/colles sur le forum  le rapport qui apparait à la fin.

 Il est sauvegardé aussi sous (C:\AdwCleaner[S1].txt)]

 Click sur Quitter


 2/Scan du PC et recherche des infections.

 * Télécharge OTL sur ton Bureau.

 * Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 * Fait un double-clic sur l'icône d'OTL pour le lancer.
 (Vista/Seven faire un clic-droit sur l'icône d'OTL et choisir "Exécuter en tant qu'administrateur" )

 * Quand l'interface d'OTL apparaîtra, assure toi que dans la section "Rapport" (en haut à droite) que la case "Rapport minimal" soit cochée.

 * Copies et colles le contenu de la citation ci-dessous dans le cadre se nommant "Personnalisation" :
 



 
 netsvcs
 msconfig
 activex
 drivers32
 %systemroot%\*. /mp /s
 %systemroot%\system32\*.dll /lockedfiles
 %systemroot%\system32\drivers\​*.sys /lockedfiles
 %systemroot%\Tasks\*.job /lockedfiles
 %alluserprofile%\application data\*.
 %alluserprofile%\application data\*.exe /s
 %appdata%\*.
 %appdata%\*.exe /s
 %systemdrive%\*.
 %systemdrive%\*.exe
 %programfiles%\*.
 /md5start
 explorer.exe
 userinit.exe
 winlogon.exe
 eventlog.dll
 netlogon.dll
 nvrd32.sys
 /md5stop
 savembr:0
 createrestorepoint
 



 * Cliques sur le bouton "Analyse" (en haut à gauche).

 * Laisse le scan aller jusqu'à son terme sans te servir du PC.

 * A la fin du scan un ou deux rapports vont s'ouvrir : "OTL.Txt" et "Extras.Txt"(dans certains cas).

 Nota : Les rapports sont également présents sur le Bureau et sauvegardés dans le dossier 'C:\_OTL'.

 Hébergement des rapports.

 1 - Connecte toi ici --> Cjoint.com

 2 - Clique sur le bouton Parcourir... et recherche dans l'arborescence ton premier rapport 'OTL.txt' sur le Bureau et sélectionne le.

 3 - Clique ensuite sur le bouton Créer le lien Cjoint et patiente quelques secondes afin d'obtenir le lien de partage que tu devras

 me transmettre après avoir effectué un clic droit dessus > Copier le raccourci. Celui-ci ressemblera à ceci : http://cjoint.com/?BHpjGhPqPRB

 * Effectue les même étapes pour le rapport 'Extras.txt'.  ;)

 http://www.joliecarte.com/imag​es/carte_mini/joyeux_noel/34-8​00wi.gif


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 25/12/2012 à 19:59:26  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci pour ton aide Did80 !!

 Voici le rapport adwcleaner :

 # AdwCleaner v2.102 - Rapport créé le 25/12/2012 à 19:13:31
 # Mis à jour le 23/12/2012 par Xplode
 # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
 # Nom d'utilisateur : alain - YOUR-F14AC45099
 # Mode de démarrage : Normal
 # Exécuté depuis : C:\Documents and Settings\alain\Bureau\adwclean​er.exe
 # Option [Suppression]


 ***** [Services] *****


 ***** [Fichiers / Dossiers] *****


 ***** [Registre] *****


 ***** [Navigateurs] *****

 -\\ Internet Explorer v8.0.6001.18702

 [OK] Le registre ne contient aucune entrée illégitime.

 -\\ Mozilla Firefox v [Impossible d'obtenir la version]

 Fichier : C:\Documents and Settings\alain\Application Data\Mozilla\Firefox\Profiles\​5orsr38t.default\prefs.js

 [OK] Le fichier ne contient aucune entrée illégitime.

 -\\ Google Chrome v23.0.1271.97

 Fichier : C:\Documents and Settings\alain\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 [OK] Le fichier ne contient aucune entrée illégitime.

 *************************

 AdwCleaner[R1].txt - [8859 octets] - [29/08/2012 17:09:07]
 AdwCleaner[S2].txt - [1107 octets] - [25/12/2012 19:13:31]

 ########## EOF - C:\AdwCleaner[S2].txt - [1167 octets] ##########

 Ici, le lien vers le 1er rapoort otl :

 http://cjoint.com/?BLzt334P3xi

 et le lien vers extras :  http://cjoint.com/?BLzt6Ox9pRB

 Merci !!!!




Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 26/12/2012 à 09:49:11  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 fais ceci

 
 Ferme toutes les fenêtres actives sur ton PC

 Relance OTL > Clic droit dessus > "Exécuter en tant qu'Administrateur".

 vérifie que la case "Rapport minimal" soit bien cochée.

 Copie et colle le contenu de cette citation (en bleu ) dans la fenêtre "Personnalisation:
 

 :otl
 [2012/09/25 16:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\WiseConvert_1.5    => Toolbar.Agent
 IE - HKCU\..\URLSearchHook: {402C9DAE-1B66-11DD-B3DE-22D55​6D89593} - No CLSID value found
 IE - HKCU\..\URLSearchHook: {814C76CB-2623-43F4-AAD0-58A0E​5190A20} - No CLSID value found
 FF - user.js - File not found
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A13C2648-91D4-4BF3-BC6D-00797​07C4389} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CB789373-04D5-4EF4-9C16-87146​3FD0830} - No CLSID value found.
 O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.ex​e" File not found    
 O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c File not found    
 O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.e​xe" File not found    
 [226 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 [215 C:\WINDOWS\System32\dllcache\*​.tmp files -> C:\WINDOWS\System32\dllcache\*​.tmp -> ]
 [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 [2012/03/25 10:33:06 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini    
 [2010/05/04 15:33:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\alain\Application Data\inst.exe    
 [2010/05/05 07:25:43 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\alain\Application Data\inst.exe    
 [2012/05/22 13:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Winsudate    
 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
 :files

 C:\Documents and Settings\alain\Application Data\inst.exe
 C:\WINDOWS\_delis32.ini
 C:\Program Files\Winsudate  
 C:\Program Files\WiseConvert_1.5
 :Commands

 [EMPTYFLASH]
 [emptytemp]  
 [resethosts]
 


 Clique sur le bouton "Correction".

 Ne touche plus au PC avant son redémarrage en mode normal.
 
 A l'ouverture du PC un rapport va s'ouvrir --> 04212011_xxxxxx.log ... Si ce n'est le cas tu le retrouveras sous le même nom sur le Bureau ou alors dans son dossier --> C:\_OTL
 Copie et colle ici en réponse le contenu de ce rapport  ;)
 

 




---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 26/12/2012 à 12:09:36  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour Did80 !!!

 Voici le rapport :

 All processes killed
 ========== OTL ==========
 Folder C:\Program Files\WiseConvert_1.5 => Toolbar.Agent\ not found.
 Registry value HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\URLSearchHooks\\{402C​9DAE-1B66-11DD-B3DE-22D556D895​93} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{402C9DAE-1B66-11D​D-B3DE-22D556D89593}\ not found.
 Registry value HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\URLSearchHooks\\{814C​76CB-2623-43F4-AAD0-58A0E5190A​20} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{814C76CB-2623-43F​4-AAD0-58A0E5190A20}\ not found.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser\\{​A13C2648-91D4-4BF3-BC6D-007970​7C4389} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{A13C2648-91D4-4BF​3-BC6D-0079707C4389}\ not found.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser\\{​CB789373-04D5-4EF4-9C16-871463​FD0830} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CB789373-04D5-4EF​4-9C16-871463FD0830}\ not found.
 Registry key HKEY_LOCAL_MACHINE\\Software\M​icrosoft\Windows\CurrentVersio​n\Run not found.
 Registry key HKEY_LOCAL_MACHINE\\Software\M​icrosoft\Windows\CurrentVersio​n\Run not found.
 Registry key HKEY_LOCAL_MACHINE\\Software\M​icrosoft\Windows\CurrentVersio​n\Run not found.
 C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
 C:\WINDOWS\System32\SET10.tmp deleted successfully.
 C:\WINDOWS\System32\SET11.tmp deleted successfully.
 C:\WINDOWS\System32\SET11B.tmp deleted successfully.
 C:\WINDOWS\System32\SET11C.tmp deleted successfully.
 C:\WINDOWS\System32\SET11D.tmp deleted successfully.
 C:\WINDOWS\System32\SET11E.tmp deleted successfully.
 C:\WINDOWS\System32\SET11F.tmp deleted successfully.
 C:\WINDOWS\System32\SET12.tmp deleted successfully.
 C:\WINDOWS\System32\SET120.tmp deleted successfully.
 C:\WINDOWS\System32\SET121.tmp deleted successfully.
 C:\WINDOWS\System32\SET122.tmp deleted successfully.
 C:\WINDOWS\System32\SET123.tmp deleted successfully.
 C:\WINDOWS\System32\SET124.tmp deleted successfully.
 C:\WINDOWS\System32\SET125.tmp deleted successfully.
 C:\WINDOWS\System32\SET126.tmp deleted successfully.
 C:\WINDOWS\System32\SET127.tmp deleted successfully.
 C:\WINDOWS\System32\SET128.tmp deleted successfully.
 C:\WINDOWS\System32\SET129.tmp deleted successfully.
 C:\WINDOWS\System32\SET12A.tmp deleted successfully.
 C:\WINDOWS\System32\SET12B.tmp deleted successfully.
 C:\WINDOWS\System32\SET12C.tmp deleted successfully.
 C:\WINDOWS\System32\SET12D.tmp deleted successfully.
 C:\WINDOWS\System32\SET12E.tmp deleted successfully.
 C:\WINDOWS\System32\SET12F.tmp deleted successfully.
 C:\WINDOWS\System32\SET13.tmp deleted successfully.
 C:\WINDOWS\System32\SET130.tmp deleted successfully.
 C:\WINDOWS\System32\SET131.tmp deleted successfully.
 C:\WINDOWS\System32\SET132.tmp deleted successfully.
 C:\WINDOWS\System32\SET133.tmp deleted successfully.
 C:\WINDOWS\System32\SET134.tmp deleted successfully.
 C:\WINDOWS\System32\SET135.tmp deleted successfully.
 C:\WINDOWS\System32\SET136.tmp deleted successfully.
 C:\WINDOWS\System32\SET137.tmp deleted successfully.
 C:\WINDOWS\System32\SET138.tmp deleted successfully.
 C:\WINDOWS\System32\SET139.tmp deleted successfully.
 C:\WINDOWS\System32\SET13A.tmp deleted successfully.
 C:\WINDOWS\System32\SET13B.tmp deleted successfully.
 C:\WINDOWS\System32\SET13C.tmp deleted successfully.
 C:\WINDOWS\System32\SET13D.tmp deleted successfully.
 C:\WINDOWS\System32\SET13E.tmp deleted successfully.
 C:\WINDOWS\System32\SET13F.tmp deleted successfully.
 C:\WINDOWS\System32\SET14.tmp deleted successfully.
 C:\WINDOWS\System32\SET140.tmp deleted successfully.
 C:\WINDOWS\System32\SET141.tmp deleted successfully.
 C:\WINDOWS\System32\SET142.tmp deleted successfully.
 C:\WINDOWS\System32\SET143.tmp deleted successfully.
 C:\WINDOWS\System32\SET144.tmp deleted successfully.
 C:\WINDOWS\System32\SET145.tmp deleted successfully.
 C:\WINDOWS\System32\SET146.tmp deleted successfully.
 C:\WINDOWS\System32\SET147.tmp deleted successfully.
 C:\WINDOWS\System32\SET15.tmp deleted successfully.
 C:\WINDOWS\System32\SET16.tmp deleted successfully.
 C:\WINDOWS\System32\SET17.tmp deleted successfully.
 C:\WINDOWS\System32\SET18.tmp deleted successfully.
 C:\WINDOWS\System32\SET19.tmp deleted successfully.
 C:\WINDOWS\System32\SET1A.tmp deleted successfully.
 C:\WINDOWS\System32\SET1B.tmp deleted successfully.
 C:\WINDOWS\System32\SET1C.tmp deleted successfully.
 C:\WINDOWS\System32\SET1D.tmp deleted successfully.
 C:\WINDOWS\System32\SET1E.tmp deleted successfully.
 C:\WINDOWS\System32\SET1F.tmp deleted successfully.
 C:\WINDOWS\System32\SET20.tmp deleted successfully.
 C:\WINDOWS\System32\SET21.tmp deleted successfully.
 C:\WINDOWS\System32\SET22.tmp deleted successfully.
 C:\WINDOWS\System32\SET23.tmp deleted successfully.
 C:\WINDOWS\System32\SET24.tmp deleted successfully.
 C:\WINDOWS\System32\SET25.tmp deleted successfully.
 C:\WINDOWS\System32\SET26.tmp deleted successfully.
 C:\WINDOWS\System32\SET27.tmp deleted successfully.
 C:\WINDOWS\System32\SET28.tmp deleted successfully.
 C:\WINDOWS\System32\SET29.tmp deleted successfully.
 C:\WINDOWS\System32\SET2A.tmp deleted successfully.
 C:\WINDOWS\System32\SET2B.tmp deleted successfully.
 C:\WINDOWS\System32\SET2C.tmp deleted successfully.
 C:\WINDOWS\System32\SET2D.tmp deleted successfully.
 C:\WINDOWS\System32\SET2E.tmp deleted successfully.
 C:\WINDOWS\System32\SET2F.tmp deleted successfully.
 C:\WINDOWS\System32\SET30.tmp deleted successfully.
 C:\WINDOWS\System32\SET31.tmp deleted successfully.
 C:\WINDOWS\System32\SET32.tmp deleted successfully.
 C:\WINDOWS\System32\SET33.tmp deleted successfully.
 C:\WINDOWS\System32\SET34.tmp deleted successfully.
 C:\WINDOWS\System32\SET35.tmp deleted successfully.
 C:\WINDOWS\System32\SET36.tmp deleted successfully.
 C:\WINDOWS\System32\SET37.tmp deleted successfully.
 C:\WINDOWS\System32\SET38.tmp deleted successfully.
 C:\WINDOWS\System32\SET39.tmp deleted successfully.
 C:\WINDOWS\System32\SET3A.tmp deleted successfully.
 C:\WINDOWS\System32\SET3B.tmp deleted successfully.
 C:\WINDOWS\System32\SET3C.tmp deleted successfully.
 C:\WINDOWS\System32\SET3D.tmp deleted successfully.
 C:\WINDOWS\System32\SET3E.tmp deleted successfully.
 C:\WINDOWS\System32\SET3F.tmp deleted successfully.
 C:\WINDOWS\System32\SET40.tmp deleted successfully.
 C:\WINDOWS\System32\SET41.tmp deleted successfully.
 C:\WINDOWS\System32\SET42.tmp deleted successfully.
 C:\WINDOWS\System32\SET43.tmp deleted successfully.
 C:\WINDOWS\System32\SET44.tmp deleted successfully.
 C:\WINDOWS\System32\SET45.tmp deleted successfully.
 C:\WINDOWS\System32\SET46.tmp deleted successfully.
 C:\WINDOWS\System32\SET47.tmp deleted successfully.
 C:\WINDOWS\System32\SET48.tmp deleted successfully.
 C:\WINDOWS\System32\SET49.tmp deleted successfully.
 C:\WINDOWS\System32\SET4A.tmp deleted successfully.
 C:\WINDOWS\System32\SET4B.tmp deleted successfully.
 C:\WINDOWS\System32\SET4C.tmp deleted successfully.
 C:\WINDOWS\System32\SET4D.tmp deleted successfully.
 C:\WINDOWS\System32\SET4E.tmp deleted successfully.
 C:\WINDOWS\System32\SET4F.tmp deleted successfully.
 C:\WINDOWS\System32\SET50.tmp deleted successfully.
 C:\WINDOWS\System32\SET51.tmp deleted successfully.
 C:\WINDOWS\System32\SET52.tmp deleted successfully.
 C:\WINDOWS\System32\SET53.tmp deleted successfully.
 C:\WINDOWS\System32\SET54.tmp deleted successfully.
 C:\WINDOWS\System32\SET55.tmp deleted successfully.
 C:\WINDOWS\System32\SET56.tmp deleted successfully.
 C:\WINDOWS\System32\SET57.tmp deleted successfully.
 C:\WINDOWS\System32\SET58.tmp deleted successfully.
 C:\WINDOWS\System32\SET59.tmp deleted successfully.
 C:\WINDOWS\System32\SET5A.tmp deleted successfully.
 C:\WINDOWS\System32\SET5B.tmp deleted successfully.
 C:\WINDOWS\System32\SET5C.tmp deleted successfully.
 C:\WINDOWS\System32\SET5D.tmp deleted successfully.
 C:\WINDOWS\System32\SET5E.tmp deleted successfully.
 C:\WINDOWS\System32\SET5F.tmp deleted successfully.
 C:\WINDOWS\System32\SET60.tmp deleted successfully.
 C:\WINDOWS\System32\SET61.tmp deleted successfully.
 C:\WINDOWS\System32\SET62.tmp deleted successfully.
 C:\WINDOWS\System32\SET63.tmp deleted successfully.
 C:\WINDOWS\System32\SET64.tmp deleted successfully.
 C:\WINDOWS\System32\SET65.tmp deleted successfully.
 C:\WINDOWS\System32\SET66.tmp deleted successfully.
 C:\WINDOWS\System32\SET67.tmp deleted successfully.
 C:\WINDOWS\System32\SET68.tmp deleted successfully.
 C:\WINDOWS\System32\SET69.tmp deleted successfully.
 C:\WINDOWS\System32\SET6A.tmp deleted successfully.
 C:\WINDOWS\System32\SET6B.tmp deleted successfully.
 C:\WINDOWS\System32\SET6C.tmp deleted successfully.
 C:\WINDOWS\System32\SET6D.tmp deleted successfully.
 C:\WINDOWS\System32\SET6E.tmp deleted successfully.
 C:\WINDOWS\System32\SET6F.tmp deleted successfully.
 C:\WINDOWS\System32\SET7.tmp deleted successfully.
 C:\WINDOWS\System32\SET70.tmp deleted successfully.
 C:\WINDOWS\System32\SET71.tmp deleted successfully.
 C:\WINDOWS\System32\SET72.tmp deleted successfully.
 C:\WINDOWS\System32\SET73.tmp deleted successfully.
 C:\WINDOWS\System32\SET74.tmp deleted successfully.
 C:\WINDOWS\System32\SET75.tmp deleted successfully.
 C:\WINDOWS\System32\SET76.tmp deleted successfully.
 C:\WINDOWS\System32\SET77.tmp deleted successfully.
 C:\WINDOWS\System32\SET78.tmp deleted successfully.
 C:\WINDOWS\System32\SET79.tmp deleted successfully.
 C:\WINDOWS\System32\SET7A.tmp deleted successfully.
 C:\WINDOWS\System32\SET7B.tmp deleted successfully.
 C:\WINDOWS\System32\SET7C.tmp deleted successfully.
 C:\WINDOWS\System32\SET7D.tmp deleted successfully.
 C:\WINDOWS\System32\SET7E.tmp deleted successfully.
 C:\WINDOWS\System32\SET7F.tmp deleted successfully.
 C:\WINDOWS\System32\SET8.tmp deleted successfully.
 C:\WINDOWS\System32\SET80.tmp deleted successfully.
 C:\WINDOWS\System32\SET81.tmp deleted successfully.
 C:\WINDOWS\System32\SET82.tmp deleted successfully.
 C:\WINDOWS\System32\SET83.tmp deleted successfully.
 C:\WINDOWS\System32\SET84.tmp deleted successfully.
 C:\WINDOWS\System32\SET85.tmp deleted successfully.
 C:\WINDOWS\System32\SET86.tmp deleted successfully.
 C:\WINDOWS\System32\SET87.tmp deleted successfully.
 C:\WINDOWS\System32\SET88.tmp deleted successfully.
 C:\WINDOWS\System32\SET89.tmp deleted successfully.
 C:\WINDOWS\System32\SET8A.tmp deleted successfully.
 C:\WINDOWS\System32\SET8B.tmp deleted successfully.
 C:\WINDOWS\System32\SET8C.tmp deleted successfully.
 C:\WINDOWS\System32\SET8D.tmp deleted successfully.
 C:\WINDOWS\System32\SET8E.tmp deleted successfully.
 C:\WINDOWS\System32\SET8F.tmp deleted successfully.
 C:\WINDOWS\System32\SET9.tmp deleted successfully.
 C:\WINDOWS\System32\SET90.tmp deleted successfully.
 C:\WINDOWS\System32\SET91.tmp deleted successfully.
 C:\WINDOWS\System32\SET92.tmp deleted successfully.
 C:\WINDOWS\System32\SET93.tmp deleted successfully.
 C:\WINDOWS\System32\SET94.tmp deleted successfully.
 C:\WINDOWS\System32\SET95.tmp deleted successfully.
 C:\WINDOWS\System32\SET96.tmp deleted successfully.
 C:\WINDOWS\System32\SET97.tmp deleted successfully.
 C:\WINDOWS\System32\SET98.tmp deleted successfully.
 C:\WINDOWS\System32\SET99.tmp deleted successfully.
 C:\WINDOWS\System32\SET9A.tmp deleted successfully.
 C:\WINDOWS\System32\SET9B.tmp deleted successfully.
 C:\WINDOWS\System32\SET9C.tmp deleted successfully.
 C:\WINDOWS\System32\SET9D.tmp deleted successfully.
 C:\WINDOWS\System32\SET9E.tmp deleted successfully.
 C:\WINDOWS\System32\SET9F.tmp deleted successfully.
 C:\WINDOWS\System32\SETA.tmp deleted successfully.
 C:\WINDOWS\System32\SETA0.tmp deleted successfully.
 C:\WINDOWS\System32\SETA1.tmp deleted successfully.
 C:\WINDOWS\System32\SETA2.tmp deleted successfully.
 C:\WINDOWS\System32\SETA3.tmp deleted successfully.
 C:\WINDOWS\System32\SETA4.tmp deleted successfully.
 C:\WINDOWS\System32\SETA5.tmp deleted successfully.
 C:\WINDOWS\System32\SETA6.tmp deleted successfully.
 C:\WINDOWS\System32\SETA7.tmp deleted successfully.
 C:\WINDOWS\System32\SETA8.tmp deleted successfully.
 C:\WINDOWS\System32\SETA9.tmp deleted successfully.
 C:\WINDOWS\System32\SETAA.tmp deleted successfully.
 C:\WINDOWS\System32\SETAB.tmp deleted successfully.
 C:\WINDOWS\System32\SETAC.tmp deleted successfully.
 C:\WINDOWS\System32\SETAD.tmp deleted successfully.
 C:\WINDOWS\System32\SETAE.tmp deleted successfully.
 C:\WINDOWS\System32\SETAF.tmp deleted successfully.
 C:\WINDOWS\System32\SETB.tmp deleted successfully.
 C:\WINDOWS\System32\SETB0.tmp deleted successfully.
 C:\WINDOWS\System32\SETB1.tmp deleted successfully.
 C:\WINDOWS\System32\SETB2.tmp deleted successfully.
 C:\WINDOWS\System32\SETB3.tmp deleted successfully.
 C:\WINDOWS\System32\SETB4.tmp deleted successfully.
 C:\WINDOWS\System32\SETB5.tmp deleted successfully.
 C:\WINDOWS\System32\SETB6.tmp deleted successfully.
 C:\WINDOWS\System32\SETB7.tmp deleted successfully.
 C:\WINDOWS\System32\SETB8.tmp deleted successfully.
 C:\WINDOWS\System32\SETB9.tmp deleted successfully.
 C:\WINDOWS\System32\SETBA.tmp deleted successfully.
 C:\WINDOWS\System32\SETC.tmp deleted successfully.
 C:\WINDOWS\System32\SETD.tmp deleted successfully.
 C:\WINDOWS\System32\SETE.tmp deleted successfully.
 C:\WINDOWS\System32\SETF.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET100.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET101.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET102.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET103.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET104.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET105.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET106.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET107.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET108.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET109.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET10A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET10B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET148.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET149.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET14A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET14B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET14C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET14D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET14E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET14F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET150.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET151.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET152.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET153.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET155.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET156.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET157.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET158.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET159.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET15A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET15B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET15C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET15D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET15E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET15F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET160.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET161.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET162.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET163.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET164.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET165.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET166.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET167.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET168.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET169.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET16A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET16B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET16C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET16D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET16E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET16F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET170.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET171.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET172.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET173.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET5D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET5E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET5F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET60.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET61.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET62.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET63.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET64.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET65.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET66.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET67.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET68.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET6A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET6B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET6C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET6D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET6E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET6F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET70.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET71.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET72.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET73.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET74.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET75.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET76.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET77.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET78.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET79.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET7A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET7B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET7C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET7D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET7E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET7F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET80.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET81.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET82.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET83.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET84.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET85.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET86.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET87.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET88.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET8A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET8B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET8C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET8D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET8E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET8F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET90.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET91.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET92.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET93.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET94.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET95.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET96.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET97.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET98.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET99.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET9A.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET9B.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET9C.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET9D.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET9E.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET9F.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA0.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA1.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA2.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA3.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA4.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA5.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA6.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA7.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA8.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETA9.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETAA.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETAB.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETAC.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETAD.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETAE.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETAF.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB0.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB1.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB2.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB3.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB4.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB5.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB6.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB7.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB8.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETB9.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETBA.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETBB.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETBC.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETBD.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETBE.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETBF.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC0.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC1.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC2.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC3.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC4.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC5.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC6.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC7.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC8.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETC9.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETCA.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETCB.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETCC.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETCD.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETCE.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETCF.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD0.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD1.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD2.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD3.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD4.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD5.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD6.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD7.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD8.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETD9.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETDA.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETDB.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETDC.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETDD.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETDE.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETDF.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE0.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE1.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE2.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE3.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE4.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE5.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE6.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE7.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE8.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETE9.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETEA.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETEB.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETED.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETEE.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETEF.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF0.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF1.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF2.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF3.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF4.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF5.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF6.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF7.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF8.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETF9.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETFA.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETFB.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETFC.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETFD.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETFE.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ETFF.tmp deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleCrashHan​dler.exe deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleCrashHan​dler64.exe deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleUpdate.e​xe deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleUpdateBr​oker.exe deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleUpdateHe​lper.msi deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleUpdateOn​Demand.exe deleted successfully.
 C:\Program Files\GUM13.tmp\GoogleUpdateSe​tup.exe deleted successfully.
 C:\Program Files\GUM13.tmp\goopdate.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_am​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ar​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_bg​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_bn​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ca​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_cs​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_da​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_de​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_el​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_en​-GB.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_en​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_es​-419.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_es​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_et​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_fa​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_fi​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_fi​l.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_fr​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_gu​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_hi​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_hr​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_hu​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_id​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_is​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_it​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_iw​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ja​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_kn​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ko​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_lt​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_lv​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ml​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_mr​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ms​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_nl​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_no​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_pl​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_pt​-BR.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_pt​-PT.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ro​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ru​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_sk​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_sl​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_sr​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_sv​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_sw​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ta​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_te​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_th​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_tr​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_uk​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_ur​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_vi​.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_zh​-CN.dll deleted successfully.
 C:\Program Files\GUM13.tmp\goopdateres_zh​-TW.dll deleted successfully.
 C:\Program Files\GUM13.tmp\npGoogleUpdate​3.dll deleted successfully.
 C:\Program Files\GUM13.tmp\psmachine.dll deleted successfully.
 C:\Program Files\GUM13.tmp\psuser.dll deleted successfully.
 C:\Program Files\GUM13.tmp folder deleted successfully.
 C:\Program Files\GUT14.tmp deleted successfully.
 C:\WINDOWS\002687_.tmp deleted successfully.
 C:\WINDOWS\_delis32.ini moved successfully.
 C:\Documents and Settings\alain\Application Data\inst.exe moved successfully.
 File C:\Documents and Settings\alain\Application Data\inst.exe not found.
 C:\Program Files\Winsudate folder moved successfully.
 ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
 ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
 ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
 ========== FILES ==========
 File\Folder C:\Documents and Settings\alain\Application Data\inst.exe not found.
 File\Folder C:\WINDOWS\_delis32.ini not found.
 File\Folder C:\Program Files\Winsudate not found.
 C:\Program Files\WiseConvert_1.5 folder moved successfully.
 ========== COMMANDS ==========
 
 [EMPTYFLASH]
 
 User: alain
 ->Flash cache emptied: 6341 bytes
 
 User: All Users
 
 User: Default User
 
 User: Invité
 ->Flash cache emptied: 405 bytes
 
 User: LocalService
 
 User: NetworkService
 
 Total Flash Files Cleaned = 0,00 mb
 
 
 [EMPTYTEMP]
 
 User: alain
 ->Temp folder emptied: 1440618 bytes
 ->Temporary Internet Files folder emptied: 31797248 bytes
 ->Java cache emptied: 2819728 bytes
 ->FireFox cache emptied: 5970275 bytes
 ->Google Chrome cache emptied: 7629537 bytes
 ->Apple Safari cache emptied: 0 bytes
 ->Flash cache emptied: 0 bytes
 
 User: All Users
 
 User: Default User
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 32902 bytes
 
 User: Invité
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 402 bytes
 ->Flash cache emptied: 0 bytes
 
 User: LocalService
 ->Temp folder emptied: 66016 bytes
 ->Temporary Internet Files folder emptied: 49561 bytes
 
 User: NetworkService
 ->Temp folder emptied: 10648 bytes
 ->Temporary Internet Files folder emptied: 655426278 bytes
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 %systemroot%\System32\dllcache .tmp files removed: 0 bytes
 %systemroot%\System32\drivers .tmp files removed: 0 bytes
 Windows Temp folder emptied: 163168 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temp folder emptied: 681593572 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
 RecycleBin emptied: 1633 bytes
 
 Total Files Cleaned = 1 323,00 mb
 
 C:\WINDOWS\System32\drivers\et​c\Hosts moved successfully.
 HOSTS file reset successfully
 
 OTL by OldTimer - Version 3.2.69.0 log created on 12262012_120310

 Files\Folders moved on Reboot...

 PendingFileRenameOperations files...

 Registry entries deleted on Reboot...


 Merci !!!!!!!

(Publicité)
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 26/12/2012 à 18:59:30  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Did80, le problème persiste toujours malheureusement

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 27/12/2012 à 10:33:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 



le problème persiste toujours malheureusement




 qui as dit que c'était fini

 fais ceci


 Télécharges  sur le Bureau  Roguekiller ICI
 et pas ailleurs.


 http://up.sur-la-toile.com/4Z2Y


 • Quitte tous les programmes en cours.
 • Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
 
 • Sinon lance simplement RogueKiller.exe

 Après le préscan  cliques sur scan
 Le scan fini cliques sur rapport

 • Un rapport s'ouvrira (RKreport[1].txt qui se trouve également à côté de l'exécutable),
 Copies/colles ce rapport. ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 27/12/2012 à 18:15:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Hello Did80  :) ,

 Excuse moi, n'étant pas très calé en informatique, j'ai cru que la procédure était finie  :lol:

 Voici le rapport :

 RogueKiller V8.4.1 [Dec 27 2012] par Tigzy
 mail : tigzyRK<at>gmail<dot>com
 Remontees : http://www.sur-la-toile.com/di [...] ntees.html
 Site Web : http://www.sur-la-toile.com/RogueKiller/
 Blog : http://tigzyrk.blogspot.com/

 Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
 Demarrage : Mode normal
 Utilisateur : alain [Droits d'admin]
 Mode : Recherche -- Date : 27/12/2012 18:09:48

 ¤¤¤ Processus malicieux : 1 ¤¤¤
 [SUSP PATH] LaunchU3.exe -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.ex​e -> TUÉ [TermProc]

 ¤¤¤ Entrees de registre : 4 ¤¤¤
 [RUN][SUSP PATH] HKCU\[...]\Run : EPSON SX235 Series (C:\WINDOWS\System32\spool\DRI​VERS\W32X86\3\E_FATIHLE.EXE /FU "C:\DOCUME~1\alain\LOCALS~1\Te​mp\E_S1EC.tmp" /EF "HKCU" ) -> TROUVÉ
 [RUN][SUSP PATH] HKUS\S-1-5-21-1145470905-30445​35415-1326283667-1006[...]\Run : EPSON SX235 Series (C:\WINDOWS\System32\spool\DRI​VERS\W32X86\3\E_FATIHLE.EXE /FU "C:\DOCUME~1\alain\LOCALS~1\Te​mp\E_S1EC.tmp" /EF "HKCU" ) -> TROUVÉ
 [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
 [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002​B30309D} (1) -> TROUVÉ

 ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

 ¤¤¤ Driver : [CHARGE] ¤¤¤
 SSDT[25] : NtClose @ 0x805B1DF8 -> HOOKED (Unknown @ 0xF7B9F944)
 SSDT[41] : NtCreateKey @ 0x8061AD86 -> HOOKED (Unknown @ 0xF7B9F8FE)
 SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (Unknown @ 0xF7B9F94E)
 SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (Unknown @ 0xF7B9F8F4)
 SSDT[63] : NtDeleteKey @ 0x8061B222 -> HOOKED (Unknown @ 0xF7B9F903)
 SSDT[65] : NtDeleteValueKey @ 0x8061B3F2 -> HOOKED (Unknown @ 0xF7B9F90D)
 SSDT[68] : NtDuplicateObject @ 0x805B3A0C -> HOOKED (Unknown @ 0xF7B9F93F)
 SSDT[98] : NtLoadKey @ 0x8061CFAA -> HOOKED (Unknown @ 0xF7B9F912)
 SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (Unknown @ 0xF7B9F8E0)
 SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (Unknown @ 0xF7B9F8E5)
 SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (Unknown @ 0xF7B9F967)
 SSDT[193] : NtReplaceKey @ 0x8061CE5A -> HOOKED (Unknown @ 0xF7B9F91C)
 SSDT[200] : NtRequestWaitReplyPort @ 0x80598224 -> HOOKED (Unknown @ 0xF7B9F958)
 SSDT[204] : NtRestoreKey @ 0x8061C766 -> HOOKED (Unknown @ 0xF7B9F917)
 SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (Unknown @ 0xF7B9F953)
 SSDT[237] : NtSetSecurityObject @ 0x805B617E -> HOOKED (Unknown @ 0xF7B9F95D)
 SSDT[247] : NtSetValueKey @ 0x806192F8 -> HOOKED (Unknown @ 0xF7B9F908)
 SSDT[255] : NtSystemDebugControl @ 0x8060ECD0 -> HOOKED (Unknown @ 0xF7B9F962)
 SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (Unknown @ 0xF7B9F8EF)
 S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7B9F976)
 S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7B9F97B)

 ¤¤¤ Fichier HOSTS: ¤¤¤
 --> C:\WINDOWS\system32\drivers\et​c\hosts

 ÿþ1

 ¤¤¤ MBR Verif: ¤¤¤

 +++++ PhysicalDrive0: FUJITSU MHV2100AT PL +++++
 --- User ---
 [MBR] 7d813f1541b344600d76b58ae00a46​66
 [BSP] 7768e0075bdf2b0065f198da6f4d5e​6c : Toshiba tatooed MBR Code
 Partition table:
 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 87714 Mo
 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 179654895 | Size: 6644 Mo
 2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 193261950 | Size: 1027 Mo
 User = LL1 ... OK!
 User = LL2 ... OK!

 Termine : << RKreport[1]_S_27122012_180948.txt >>
 RKreport[1]_S_27122012_180948.txt



(Publicité)
Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 27/12/2012 à 21:34:26  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 relance roguekiller scan

 cliques suppression

 copies/colles le rapport  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 27/12/2012 à 22:22:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir Did80 !  :hello:

 Voici le rapport :

 RogueKiller V8.4.1 [Dec 27 2012] par Tigzy
 mail : tigzyRK<at>gmail<dot>com
 Remontees : http://www.sur-la-toile.com/di [...] ntees.html
 Site Web : http://www.sur-la-toile.com/RogueKiller/
 Blog : http://tigzyrk.blogspot.com/

 Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
 Demarrage : Mode normal
 Utilisateur : alain [Droits d'admin]
 Mode : Suppression -- Date : 27/12/2012 22:20:35

 ¤¤¤ Processus malicieux : 1 ¤¤¤
 [SUSP PATH] LaunchU3.exe -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.ex​e -> TUÉ [TermProc]

 ¤¤¤ Entrees de registre : 3 ¤¤¤
 [RUN][SUSP PATH] HKCU\[...]\Run : EPSON SX235 Series (C:\WINDOWS\System32\spool\DRI​VERS\W32X86\3\E_FATIHLE.EXE /FU "C:\DOCUME~1\alain\LOCALS~1\Te​mp\E_S1EC.tmp" /EF "HKCU" ) -> SUPPRIMÉ
 [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
 [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002​B30309D} (1) -> REMPLACÉ (0)

 ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

 ¤¤¤ Driver : [CHARGE] ¤¤¤
 SSDT[25] : NtClose @ 0x805B1DF8 -> HOOKED (Unknown @ 0xF7AE17EC)
 SSDT[41] : NtCreateKey @ 0x8061AD86 -> HOOKED (Unknown @ 0xF7AE17A6)
 SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (Unknown @ 0xF7AE17F6)
 SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (Unknown @ 0xF7AE179C)
 SSDT[63] : NtDeleteKey @ 0x8061B222 -> HOOKED (Unknown @ 0xF7AE17AB)
 SSDT[65] : NtDeleteValueKey @ 0x8061B3F2 -> HOOKED (Unknown @ 0xF7AE17B5)
 SSDT[68] : NtDuplicateObject @ 0x805B3A0C -> HOOKED (Unknown @ 0xF7AE17E7)
 SSDT[98] : NtLoadKey @ 0x8061CFAA -> HOOKED (Unknown @ 0xF7AE17BA)
 SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (Unknown @ 0xF7AE1788)
 SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (Unknown @ 0xF7AE178D)
 SSDT[177] : NtQueryValueKey @ 0x80618FAA -> HOOKED (Unknown @ 0xF7AE180F)
 SSDT[193] : NtReplaceKey @ 0x8061CE5A -> HOOKED (Unknown @ 0xF7AE17C4)
 SSDT[200] : NtRequestWaitReplyPort @ 0x80598224 -> HOOKED (Unknown @ 0xF7AE1800)
 SSDT[204] : NtRestoreKey @ 0x8061C766 -> HOOKED (Unknown @ 0xF7AE17BF)
 SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (Unknown @ 0xF7AE17FB)
 SSDT[237] : NtSetSecurityObject @ 0x805B617E -> HOOKED (Unknown @ 0xF7AE1805)
 SSDT[247] : NtSetValueKey @ 0x806192F8 -> HOOKED (Unknown @ 0xF7AE17B0)
 SSDT[255] : NtSystemDebugControl @ 0x8060ECD0 -> HOOKED (Unknown @ 0xF7AE180A)
 SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (Unknown @ 0xF7AE1797)
 S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7AE181E)
 S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7AE1823)

 ¤¤¤ Fichier HOSTS: ¤¤¤
 --> C:\WINDOWS\system32\drivers\et​c\hosts

 ÿþ1

 ¤¤¤ MBR Verif: ¤¤¤

 +++++ PhysicalDrive0: FUJITSU MHV2100AT PL +++++
 --- User ---
 [MBR] 7d813f1541b344600d76b58ae00a46​66
 [BSP] 7768e0075bdf2b0065f198da6f4d5e​6c : Toshiba tatooed MBR Code
 Partition table:
 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 87714 Mo
 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 179654895 | Size: 6644 Mo
 2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 193261950 | Size: 1027 Mo
 User = LL1 ... OK!
 User = LL2 ... OK!

 Termine : << RKreport[3]_D_27122012_222035.txt >>
 RKreport[1]_S_27122012_180948.txt ; RKreport[2]_S_27122012_222017.txt ; RKreport[3]_D_27122012_222035.txt



Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 28/12/2012 à 09:45:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 fais ceci

 
 Effectue ceci :

 prends connaissance de ce tutoriel

 http://www.bleepingcomputer.co [...] r-combofix

 Télécharge Combofix.exe de sUBs sur ton Bureau et pas ailleurs.

 renomme le avant qu'il n'atterisse sur le bureau

 http://www.donnemoilinfo.com/t [...] mboFix.php

 Important : Désactive ton Antivirus et antispyware avant le scan avec Combofix :
 http://forum.pcastuces.com/des [...] -f31s4.htm

 Ferme toutes les fenêtres actives avant de lancer le scan.
 Durant celui-ci, ne touche plus à ton PC tant que celui-ci ne sera pas terminé.
 Il peut y avoir un redémarrage du PC afin de finaliser les suppressions.

 > Double clique sur combofix.exe pour le lancer et valide par OUI
 * Si l'installation de la Console est demandée > Valide!
 * Le scan reprendra après son installation.

 > Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 Infos sur le redémarrage :
 Si tu n'arrive pas à accéder au Bureau (page noire) > Effectue à l'aide ton clavier un [Ctrl + Alt + Suppr] pour obtenir le Gestionnaire des tâches.
 Dans le Gestionnaire > Onglet 'Applications' > Bouton 'Nouvelle tâche...'
 Dans la fenêtre d'exécution tape explorer.exe et valide.
 Cela ouvrira ton Bureau normalement.  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 28/12/2012 à 14:53:57  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Hello Did80,

 Gros souci, j'ai besoin de tes conseils :

 j'ai pris soin avant de lancer combofix de vérifier qu'aucun antivirus ou antispyware n'était actif. Malheureusement, avira est toujours présent sur mon pc. je le pensais inactif. j'ai lancé combofix, et celui ci m'avertit que la présence du scanneur en fond (avira) peut causer des dégats.

 avira n'apparait pas dans le gestionnaire de programmes, il n'apparait pas dans la barre des notifications (je ne peux donc pas le désactiver par ce biais), et même en utilisant avira cleaner, impossible de virer le programme.

 J'ai donc tout laissé en plan. As tu une astuce pour virer avira, ou puis-je malgré tout faire ok pour que combofix fasse son scan sans danger ?

 Merci d'avance !

patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/12/2012 à 12:58:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Hello Did80  :hello: ,

 j'ai arrêté mon ordinateur, je l'ai redémarré et apparemment, cela a stoppé combofix sans dommage. Malheureusement je n'arrive vraiment pas à virer avira desktop. Voilà pour les dernières news  :)

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 29/12/2012 à 13:14:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
 re essaye ceci appremover

 http://forum.telecharger.01net [...] ges-1.html  ;)  


 http://www2.joliecarte.com/ima​ges/carte_mini/bonne_annee_pay​sages_hiver/carte-bonne-annee.​jpg


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
(Publicité)
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 29/12/2012 à 18:23:31  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Hello Did80  :hello:

 J'ai utilisé adremover. Point positif : j'ai pu grâce à lui désinstaller un antivirus que je ne connaissais même pas sur mon PC (F-secure). Point négatif : adremover n'a pas pu désinstaller avira, il ne l'a même pas localisé lors du scan. Que puis-je faire ?

 Merci pour ton aide !

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 29/12/2012 à 23:50:53  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
essaye revo uninstaller



 j'ai plus le lien site officiel ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 30/12/2012 à 12:50:14  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour Did80 !  :hello:

 Situation enfin débloquée : j'avais deja revo uninstaller sur mon poste, alors j'ai essayé, mais idem, il ne localisait pas avira. Alors j'ai tenté une réinstallation d'avira, puis une désinstallation, et ça a fonctionné, ce qui m'a permis de lancer combofix en suivant tes consignes et le tutoriel sans encombre.
 Merci pour ta patience !

 voici le rapport combofix :

 ComboFix 12-12-30.01 - alain 30/12/2012  12:20:39.1.1 - x86
 Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.894​.481 [GMT 1:00]
 Lancé depuis: c:\documents and settings\alain\Bureau\les-loul​ous.exe
 AV: F-Secure Anti-Virus 9.20.15437 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3​F313F15}
 FW: Anti-virus firewall 9.12 *Enabled* {D4747503-0346-49EB-9262-99754​2F79BF4}
 FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013A​DD8EA6E}
 .
 .
 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 c:\documents and settings\alain\Application Data\SystemDoctor Free
 c:\documents and settings\alain\Application Data\vso_ts_preview.xml
 c:\documents and settings\All Users\Application Data\TEMP
 c:\documents and settings\All Users\Application Data\TEMP\D1B5B4F1.TMP
 c:\program files\Giant Savings Extension\GiANt savings extension.dll
 c:\program files\Internet Explorer\minftnet.exe
 c:\program files\Internet Explorer\minftnet.ini
 c:\program files\Internet Explorer\SET116.tmp
 c:\program files\Internet Explorer\SET117.tmp
 c:\program files\Internet Explorer\SET118.tmp
 c:\program files\Internet Explorer\SET2.tmp
 c:\program files\Internet Explorer\SET2B.tmp
 c:\program files\Internet Explorer\SET2C.tmp
 c:\program files\Internet Explorer\SET2D.tmp
 c:\program files\Internet Explorer\SET3.tmp
 c:\program files\Internet Explorer\SET33.tmp
 c:\program files\Internet Explorer\SET34.tmp
 c:\program files\Internet Explorer\SET35.tmp
 c:\program files\Internet Explorer\SET38.tmp
 c:\program files\Internet Explorer\SET39.tmp
 c:\program files\Internet Explorer\SET3A.tmp
 c:\program files\Internet Explorer\SET4.tmp
 c:\windows\system32\drivers\et​c\hosts.ics
 c:\windows\system32\muzapp.exe
 c:\windows\system32\roboot.exe
 c:\windows\system32\TZLog.log
 c:\windows\system32\URTTemp
 c:\windows\system32\URTTemp\fu​sion.dll
 c:\windows\system32\URTTemp\ms​coree.dll
 c:\windows\system32\URTTemp\ms​coree.dll.local
 c:\windows\system32\URTTemp\ms​corsn.dll
 c:\windows\system32\URTTemp\ms​corwks.dll
 c:\windows\system32\URTTemp\ms​vcr71.dll
 c:\windows\system32\URTTemp\re​gtlib.exe
 c:\windows\wininit.ini
 D:\Autorun.inf
 .
 .
 ((((((((((((((((((((((((((((((​(((((((((   Pilotes/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 -------\Legacy_NPF
 .
 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2012-11-28 au 2012-12-30  ))))))))))))))))))))))))))))))​))))))
 .
 .
 2012-12-30 09:10 . 2012-12-30 09:10 -------- d-----w- c:\documents and settings\alain\Local Settings\Application Data\Giant Savings Extension
 2012-12-30 09:09 . 2012-12-30 11:31 -------- d-----w- c:\program files\Giant Savings Extension
 2012-12-29 17:09 . 2012-12-29 17:09 -------- d-----w- c:\program files\Conduit
 2012-12-29 17:09 . 2012-12-29 17:34 -------- d-----w- c:\documents and settings\alain\Local Settings\Application Data\OPSWAT
 2012-12-29 17:09 . 2012-12-29 18:38 -------- d-----w- c:\documents and settings\alain\Local Settings\Application Data\Conduit
 2012-12-29 17:09 . 2012-12-29 17:09 -------- d-----w- c:\program files\OPSWAT
 2012-12-29 17:09 . 2012-12-29 17:09 -------- d-----w- c:\documents and settings\alain\Local Settings\Application Data\CRE
 2012-12-29 17:08 . 2012-12-29 17:08 -------- d-----w- c:\program files\opswatutilities
 2012-12-26 10:43 . 2012-12-26 10:43 -------- d-----w- C:\_OTL
 2012-12-25 18:28 . 2012-12-25 18:28 512 ----a-w- C:\PhysicalMBR.bin
 2012-12-22 20:09 . 2012-12-22 20:09 -------- d-----w- c:\windows\system32\N360_BACKU​P
 2012-12-22 19:08 . 2012-12-25 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
 2012-12-19 16:33 . 2012-12-19 16:33 122880 --sha-r- c:\windows\system32\msxmlq.dll
 2012-12-14 12:25 . 2012-12-14 12:25 -------- d-----w- c:\program files\iPod
 2012-12-14 12:25 . 2012-12-14 12:26 -------- d-----w- c:\program files\iTunes
 2012-12-14 11:49 . 2012-12-14 11:49 -------- d-----w- c:\windows\system32\wbem\Repos​itory
 2012-12-14 09:32 . 2012-12-14 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-3​6B633C5C9E1
 2012-12-14 09:27 . 2012-12-14 12:19 -------- d-----w- c:\program files\Bonjour
 .
 .
 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2012-12-16 12:23 . 2004-08-05 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll
 2012-12-11 20:11 . 2012-04-15 17:43 697272 ----a-w- c:\windows\system32\FlashPlaye​rApp.exe
 2012-12-11 20:11 . 2011-10-17 07:05 73656 ----a-w- c:\windows\system32\FlashPlaye​rCPLApp.cpl
 2012-11-13 11:55 . 2004-08-05 08:00 1866496 ------w- c:\windows\system32\win32k.sys
 2012-11-02 02:02 . 2004-08-05 08:00 375296 ------w- c:\windows\system32\dpnet.dll
 2012-11-01 12:17 . 2004-08-05 08:00 916992 ----a-w- c:\windows\system32\wininet.dl​l
 2012-11-01 12:17 . 2004-08-05 08:00 43520 ------w- c:\windows\system32\licmgr10.d​ll
 2012-11-01 12:17 . 2004-08-05 08:00 1469440 ------w- c:\windows\system32\inetcpl.cp​l
 2012-11-01 00:35 . 2004-08-05 08:00 385024 ----a-w- c:\windows\system32\html.iec
 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeV​R.qtx
 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.​qts
 2012-10-02 18:04 . 2004-08-05 08:00 58368 ------w- c:\windows\system32\synceng.dl​l
 2006-08-19 15:27 . 2006-08-19 15:23 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
 .
 .
 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4
 .
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\URLSearchHooks]
 "{930e0b10-6818-4828-86b0-07d6​0af809b6}"= "c:\program files\OPSWAT\prxtbOPSW.dll" [2011-05-09 176936]
 .
 [HKEY_CLASSES_ROOT\clsid\{930e0​b10-6818-4828-86b0-07d60af809b​6}]
 .
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930e0b10-6818-4828-86b0-07d60af809b6}]
 2011-05-09 09:49 176936 ----a-w- c:\program files\OPSWAT\prxtbOPSW.dll
 .
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{930e0b10-6818-4828-86b0-07d6​0af809b6}"= "c:\program files\OPSWAT\prxtbOPSW.dll" [2011-05-09 176936]
 .
 [HKEY_CLASSES_ROOT\clsid\{930e0​b10-6818-4828-86b0-07d60af809b​6}]
 .
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\Webbrowser]
 "{930E0B10-6818-4828-86B0-07D6​0AF809B6}"= "c:\program files\OPSWAT\prxtbOPSW.dll" [2011-05-09 176936]
 .
 [HKEY_CLASSES_ROOT\clsid\{930e0​b10-6818-4828-86b0-07d60af809b​6}]
 .
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
 "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\Back​Web-8876480.exe" [2012-03-25 16384]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2008-11-05 68856]
 .
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh​.exe" [2005-06-19 729178]
 "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
 "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
 "RecGuard"="c:\windows\SMINST\​RecGuard.exe" [2005-10-11 1187840]
 "Reminder"="c:\windows\CREATOR​\Remind_XP.exe" [2006-02-09 643072]
 "hpWirelessAssistant"="c:\prog​ram files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
 "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
 "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
 "MAAgent"="c:\program files\MarkAny\ContentSafer\MAA​gent.exe" [2007-01-30 57344]
 "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM​.exe" [2012-07-27 919008]
 "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
 "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
 "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
 "LVCOMSX"="c:\windows\system32​\LVCOMSX.EXE" [2004-02-25 221184]
 "TkBellExe"="c:\program files\real\realplayer\update\r​ealsched.exe" [2012-06-05 296056]
 "SunJavaUpdateSched"="c:\progr​am files\Fichiers communs\Java\Java Update\jusched.exe" [2012-09-17 254896]
 "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
 .
 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="c:\windows\syste​m32\CTFMON.EXE" [2008-04-14 15360]
 .
 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\RunOnce]
 "WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 430080]
 .
 c:\documents and settings\alain\Menu Démarrer\Programmes\Démarrage\
 Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
 OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
 .
 c:\documents and settings\alain\Menu Démarrer\Programmes\Démarrage\
 Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
 OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
 .
 c:\documents and settings\alain\Menu Démarrer\Programmes\Démarrage\
 Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
 OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
 .
 c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
 LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7​-88B7-446D-B2C0-E26CE4DC8E54}\​_294823.exe [2009-1-22 22486]
 Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMC​onf.exe [2012-3-25 169472]
 .
 c:\documents and settings\alain\Menu Démarrer\Programmes\Démarrage\
 Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
 OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
 .
 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 .
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001
 .
 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile]
 "EnableFirewall"= 0 (0x0)
 .
 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "%windir%\\system32\\sessmgr.e​xe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"​=
 "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
 "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
 "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
 "c:\\WINDOWS\\system32\\fxscln​t.exe"=
 "c:\\Program Files\\FinalMediaPlayer\\FMPCh​eckForUpdates.exe"=
 "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
 "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\b​ackWeb-8876480.exe"=
 "c:\\Program Files\\Messenger\\msmsgs.exe"=
 "c:\\Program Files\\Orange\\OrangeUpdate\\S​ervice\\OUCore.exe"=
 "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe​"=
 "c:\\Program Files\\Bonjour\\mDNSResponder.​exe"=
 "c:\\Program Files\\iTunes\\iTunes.exe"=
 .
 R0 fsbts;fsbts;c:\windows\system3​2\drivers\fsbts.sys [04/10/2011 12:02 42672]
 R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\dri​vers\fsdfw.sys [04/10/2011 12:01 81864]
 R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Fichiers communs\EPSON\EPW!3 SSRP\E_S50ST7.EXE [11/12/2011 16:43 156160]
 R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Fichiers communs\EPSON\EPW!3 SSRP\E_S50RP7.EXE [11/12/2011 16:43 125440]
 R2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Serv​ice\OUCore.exe [13/04/2012 15:06 1081984]
 R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\dr​ivers\athuw.sys [31/03/2012 20:50 1759584]
 R3 HSFHWATI;HSFHWATI;c:\windows\s​ystem32\drivers\HSFHWATI.sys [22/08/2005 10:06 231424]
 S1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys --> c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [?]
 S2 gupdate1ca8f7d6bdb9b9e;Service Google Update (gupdate1ca8f7d6bdb9b9e);c:\pr​ogram files\Google\Update\GoogleUpda​te.exe [07/01/2010 10:40 133104]
 S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveS​hare10.exe" --> c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveS​hare10.exe [?]
 S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.​exe --> c:\program files\NETGEAR\WNA1100\WifiSvc.​exe [?]
 S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter​\fsgk.sys --> c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter​\fsgk.sys [?]
 S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe" --> c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [?]
 S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVE​RS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ew​usbfake.sys [?]
 S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi​.exe --> c:\program files\NETGEAR\WNA1100\jswpsapi​.exe [?]
 S3 pcouffin;VSO Software pcouffin;c:\windows\system32\D​rivers\pcouffin.sys --> c:\windows\system32\Drivers\pc​ouffin.sys [?]
 S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\dri​vers\sis163u.sys [20/06/2005 10:12 215040]
 .
 Contenu du dossier 'Tâches planifiées'
 .
 2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
 - c:\windows\system32\Macromed\F​lash\FlashPlayerUpdateService.​exe [2012-04-15 20:11]
 .
 2012-05-22 c:\windows\Tasks\AppleSoftware​Update.job
 - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
 .
 2012-12-30 c:\windows\Tasks\Final Media Player Update Checker.job
 - c:\program files\FinalMediaPlayer\FMPChec​kForUpdates.exe [2011-02-25 15:50]
 .
 2012-12-30 c:\windows\Tasks\GoogleUpdateT​askMachineCore.job
 - c:\program files\Google\Update\GoogleUpda​te.exe [2010-01-07 09:40]
 .
 2012-12-30 c:\windows\Tasks\GoogleUpdateT​askMachineUA.job
 - c:\program files\Google\Update\GoogleUpda​te.exe [2010-01-07 09:40]
 .
 2012-12-30 c:\windows\Tasks\Lnkmb.job
 - c:\windows\system32\msxmlq.dll [2012-12-19 16:33]
 .
 2012-12-30 c:\windows\Tasks\RealUpgradeLo​gonTaskS-1-5-21-1145470905-304​4535415-1326283667-1006.job
 - c:\program files\Real\RealUpgrade\realupg​rade.exe [2012-04-30 16:21]
 .
 2012-12-30 c:\windows\Tasks\RealUpgradeSc​heduledTaskS-1-5-21-1145470905​-3044535415-1326283667-1006.jo​b
 - c:\program files\Real\RealUpgrade\realupg​rade.exe [2012-04-30 16:21]
 .
 2012-12-29 c:\windows\Tasks\ReclaimerUpda​teFiles_alain.job
 - c:\documents and settings\alain\Application Data\Real\Update\UpgradeHelper​\RealPlayer\10.30\agent\rnupga​gent.exe [2012-12-15 12:52]
 .
 2012-12-28 c:\windows\Tasks\ReclaimerUpda​teXML_alain.job
 - c:\documents and settings\alain\Application Data\Real\Update\UpgradeHelper​\RealPlayer\10.30\agent\rnupga​gent.exe [2012-12-15 12:52]
 .
 2012-12-30 c:\windows\Tasks\RNUpgradeHelp​erLogonPrompt_alain.job
 - c:\documents and settings\alain\Application Data\Real\Update\UpgradeHelper​\RealPlayer\10.30\agent\rnupga​gent.exe [2012-12-15 12:52]
 .
 2012-12-30 c:\windows\Tasks\User_Feed_Syn​chronization-{F8F2879F-C17D-4D​4C-ACD4-7F3A8B62B456}.job
 - c:\windows\system32\msfeedssyn​c.exe [2006-10-17 02:31]
 .
 .
 ------- Examen supplémentaire -------
 .
 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q​={searchTerms}&sourceid=ie7&rl​s=com.microsoft:en-US&ie=utf8&​oe=utf8
 uStart Page = hxxp://search.conduit.com?Sear​chSource=10&ctid=CT3223346
 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
 uInternet Settings,ProxyOverride = localhost;*.local
 uSearchURL,(Default) = hxxp://www.google.com/search?q​=%s
 IE: ajouter cette page à vos favoris Orange - c:\docume~1\alain\LOCALS~1\Tem​p\cce8F0.html
 IE: traduire la page - c:\docume~1\alain\LOCALS~1\Tem​p\cce8EE.html
 IE: traduire le texte sélectionné - c:\docume~1\alain\LOCALS~1\Tem​p\cce8EF.html
 TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
 DPF: {5A779DC0-837B-4590-AC42-C7C08​47478C5} - hxxp://logicielsgratuits.orang​e.fr/download_service/Install/​OrangeInstaller.cab
 .
 - - - - ORPHELINS SUPPRIMES - - - -
 .
 HKCU-Run-LightScribe Control Panel - c:\program files\Fichiers communs\LightScribe\LightScrib​eControlPanel.exe
 HKCU-Run-ABBYY Screenshot Reader Bonus - c:\program files\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.​exe
 HKLM-Run-SystrayORAHSS - c:\program files\OrangeHSS\Systray\Systra​yApp.exe
 HKLM-Run-BEWINTERNET-FR-DMGP-V​2SessionManager - c:\program files\Orange\IEWInternet\Sessi​onManager\SessionManager.exe
 AddRemove-F-Secure Anti-Spyware Scanner - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Anti-Virus - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Anti-Virus Client Security Installer - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Automatic Update Agent - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure DAAS - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure DAAS2 - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Diagnostics - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure E-mail Scanning - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure ExploitShield - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure FWES - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Gadget - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure GateKeeper Interface - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Gemini - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure GUI - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Help - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure HIPS - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Internet Shield - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure ISP News - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Localization API - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Management Agent - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure NRS - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure ORSP Client - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Protocol Scanner - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Spam Control - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Spam Scanner - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure TNB - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Uninstall - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-F-Secure Web Filter - c:\program files\Orange\Antivirus Firewall\Uninstall\fsuninst.ex​e
 AddRemove-{7B63B2922B174135AFC​0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.​exe
 .
 .
 .
 ******************************​******************************​**************
 .
 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2012-12-30 12:35
 Windows 5.1.2600 Service Pack 3 NTFS
 .
 Recherche de processus cachés ...
 .
 Recherche d'éléments en démarrage automatique cachés ...
 .
 HKLM\Software\Microsoft\Window​s\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????&​?n??|?????? ???B?????????????hLC? ??????
 .
 Recherche de fichiers cachés ...
 .
 Scan terminé avec succès
 Fichiers cachés: 0
 .
 ******************************​******************************​**************
 .
 --------------------- CLES DE REGISTRE BLOQUEES ---------------------
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{73C9DFA0-750D-11E​1-B0C4-0800200C9A66}]
 @Denied: (A 2) (Everyone)
 @="FlashBroker"
 "LocalizedString"="@c:\\WINDOW​S\\system32\\Macromed\\Flash\\​FlashUtil32_11_5_502_135_Activ​eX.exe,-101"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{73C9DFA0-750D-11E​1-B0C4-0800200C9A66}\Elevation​]
 "Enabled"=dword:00000001
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{73C9DFA0-750D-11E​1-B0C4-0800200C9A66}\LocalServ​er32]
 @="c:\\WINDOWS\\system32\\Macr​omed\\Flash\\FlashUtil32_11_5_​502_135_ActiveX.exe"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{73C9DFA0-750D-11E​1-B0C4-0800200C9A66}\TypeLib]
 @="{FAB3E735-69C7-453B-A446-B6​823C6DF1C9}"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\Interface\{6AE38AE0-750C​-11E1-B0C4-0800200C9A66}]
 @Denied: (A 2) (Everyone)
 @="IFlashBroker5"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\Interface\{6AE38AE0-750C​-11E1-B0C4-0800200C9A66}\Proxy​StubClsid32]
 @="{00020424-0000-0000-C000-00​0000000046}"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\Interface\{6AE38AE0-750C​-11E1-B0C4-0800200C9A66}\TypeL​ib]
 @="{FAB3E735-69C7-453B-A446-B6​823C6DF1C9}"
 "Version"="1.0"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\VideoLAN.VLCPlugin.*1*]
 @="?????????????????? v1"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\VideoLAN.VLCPlugin.*1*\C​LSID]
 @="{E23FE9C6-778E-49D4-B537-38​FCDE4887D8}"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\VideoLAN.VLCPlugin.*2*]
 @="?????????????????? v2"
 .
 [HKEY_LOCAL_MACHINE\software\Cl​asses\VideoLAN.VLCPlugin.*2*\C​LSID]
 @="{9BE31822-FDAD-461B-AD51-BE​1D1C159921}"
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------
 .
 - - - - - - - > 'winlogon.exe'(916)
 c:\windows\system32\Ati2evxx.d​ll
 .
 - - - - - - - > 'explorer.exe'(3636)
 c:\docume~1\alain\LOCALS~1\Tem​pIadHide3.dll
 c:\program files\MarkAny\ContentSafer\MaC​SProHook.DLL
 c:\windows\system32\eappprxy.d​ll
 c:\windows\system32\webcheck.d​ll
 c:\windows\system32\WPDShServi​ceObj.dll
 c:\windows\system32\PortableDe​viceTypes.dll
 c:\windows\system32\PortableDe​viceApi.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\windows\system32\Ati2evxx.e​xe
 c:\windows\system32\Ati2evxx.e​xe
 c:\windows\system32\rundll32.e​xe
 c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceServi​ce.exe
 c:\program files\Bonjour\mDNSResponder.ex​e
 c:\program files\Java\jre6\bin\jqs.exe
 c:\program files\Inventel\Gateway\wlancfg​.exe
 c:\windows\system32\wbem\wmiap​srv.exe
 c:\progra~1\hpq\Shared\HPQTOA~​1.EXE
 c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.ex​e
 c:\program files\iPod\bin\iPodService.exe
 c:\program files\OpenOffice.org 3\program\soffice.exe
 c:\program files\OpenOffice.org 3\program\soffice.bin
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2012-12-30  12:42:13 - La machine a redémarré
 ComboFix-quarantined-files.txt  2012-12-30 11:41
 .
 Avant-CF: 27 646 976 000 octets libres
 Après-CF: 27 636 432 896 octets libres
 .
 WindowsXP-KB310994-SP2-Home-Bo​otDisk-FRA.exe
 [boot loader]
 timeout=2
 default=multi(0)disk(0)rdisk(0​)partition(1)\WINDOWS
 [operating systems]
 c:\cmdcons\BOOTSECT.DAT="Micro​soft Windows Recovery Console" /cmdcons
 UnsupportedDebug="do not select this" /debug
 multi(0)disk(0)rdisk(0)partiti​on(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
 .
 - - End Of File - - 0E32D9CD827C529FB45D44E677E287​5C

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 30/12/2012 à 17:36:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 comment va ton pc

 toujours des problèmes??

 a te lire  ;)

 http://www2.joliecarte.com/ima​ges/carte_mini/bonne_annee_pay​sages_hiver/carte-bonne-annee.​jpg ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 30/12/2012 à 18:11:01  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Did80,

 Oui, malheureusement le problème est toujours présent. Quand je tape une adresse directement dans la barre d'adresse, aucun souci. Par contre, pour toute recherche via google, j'atteris quasi systématiquement sur ebay, worddictionnary, groupon, ou sur un site porno, et je dois m'y reprendre à trois ou quatre fois avant d'atterrir sur le site voulu.

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 30/12/2012 à 20:53:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re  :/  

 fais ceci


 rend toi sur www.gmer.net

 Téléchargez mbr.exe de Gmer sur le Bureau : mbr.exe

 • Désactivez vos protections et coupez la connexion.
 • Sous Windows XP : double-cliquez sur mbr.exe / Sous Windows Vista ou Seven, faites un clic-droit sur mbr.exe et choisissez "Exécuter en temps qu'administrateur"
 • Un rapport sera généré : mbr.log

 • En cas d'infection, le message MBR rootkit code detected va apparaître dans le rapport. Si c'est le cas, cliquez sur le Menu démarrer --> Exécuter, et tapez la commande suivante : •Sous XP : "%userprofile%\Bureau\mbr" -f
 •Sous Vista/Seven : "%userprofile%\Desktop\mbr" -f

 • Dans le mbr.log cette ligne apparaîtra : original MBR restored successfully !
 • Postez le rapport si cela vous a été demandé par un helpeur dans le Forum Virus / Sécurité.
 

 Relancez mbr.exe pour vérifier que l'infection n'est plus présente et le nouveau rapport ne devrait plus trouver de rootkit.
 
 Exemple de rapport non infecté :

 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net                    

 device: opened successfully                    
 user: MBR read successfully                    
 kernel: MBR read successfully                    
 user & kernel MBR OK  
 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 30/12/2012 à 23:07:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir Did80,

 J'ai utilisé GMER. Par contre, aucun rapport .log n'est apparu. Mais le logiciel n'a rien trouvé de louche  :/  

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 02/01/2013 à 17:36:22  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 fais ceci

 Télécharge aswMBR d'Avast sur le bureau :
 http://public.avast.com/~gmerek/aswMBR.exe

 Double clique sur le aswMBR.exe pour le lancer
 Clique sur le bouton « Scan » pour commencer le balayage
 Clique sur save log

 Enregistre le sur le bureau aswASW.log pour le retrouver plus facilement, poste le contenu dans ta prochaine réponse.

 En image : http://public.avast.com/~gmerek/aswMBR.htm  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2013 à 09:37:03  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Bonjour!!
 j'espère avoir fait le nécessaire!!
 voici le rapport!
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 08:55:07
 -----------------------------
 08:55:07.078    OS Version: Windows 5.1.2600 Service Pack 3
 08:55:07.078    Number of processors: 1 586 0x2402
 08:55:07.078    ComputerName: YOUR-F14AC45099  UserName: alain
 08:55:07.593    Initialze error C000010E - driver not loaded
 08:55:07.640    write error "aswCmnB.dll". Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
 09:03:50.968    AVAST engine defs: 13010201
 09:05:52.859    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 09:18:19
 -----------------------------
 09:18:19.578    OS Version: Windows 5.1.2600 Service Pack 3
 09:18:19.578    Number of processors: 1 586 0x2402
 09:18:19.578    ComputerName: YOUR-F14AC45099  UserName: alain
 09:18:20.312    Initialize success
 09:18:38.562    AVAST engine defs: 13010201
 09:18:53.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
 09:18:53.578    Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
 09:18:53.640    Disk 0 MBR read successfully
 09:18:53.640    Disk 0 MBR scan
 09:18:53.812    Disk 0 unknown MBR code
 09:18:53.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87714 MB offset 63
 09:18:53.921    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     6644 MB offset 179654895
 09:18:53.984    Disk 0 Partition 3 00     D7              NTFS         1027 MB offset 193261950
 09:18:54.078    Disk 0 scanning sectors +195366465
 09:18:54.375    Disk 0 scanning C:\WINDOWS\system32\drivers
 09:19:11.250    Service scanning
 09:19:36.796    Modules scanning
 09:19:45.015    Disk 0 trace - called modules:
 09:19:45.546    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
 09:19:45.562    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c81f0]
 09:19:45.562    3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8532f9e8]
 09:19:45.562    5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8532fd98]
 09:19:46.250    AVAST engine scan C:\WINDOWS
 09:20:01.187    AVAST engine scan C:\WINDOWS\system32
 09:21:26.703    File: C:\WINDOWS\system32\msxmlq.dll  **INFECTED** Win32:Agent-AQSB [Trj]
 09:24:19.984    AVAST engine scan C:\WINDOWS\system32\drivers
 09:24:45.359    AVAST engine scan C:\Documents and Settings\alain
 09:27:28.265    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 09:27:28.265    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 09:18:19
 -----------------------------
 09:18:19.578    OS Version: Windows 5.1.2600 Service Pack 3
 09:18:19.578    Number of processors: 1 586 0x2402
 09:18:19.578    ComputerName: YOUR-F14AC45099  UserName: alain
 09:18:20.312    Initialize success
 09:18:38.562    AVAST engine defs: 13010201
 09:18:53.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
 09:18:53.578    Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
 09:18:53.640    Disk 0 MBR read successfully
 09:18:53.640    Disk 0 MBR scan
 09:18:53.812    Disk 0 unknown MBR code
 09:18:53.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87714 MB offset 63
 09:18:53.921    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     6644 MB offset 179654895
 09:18:53.984    Disk 0 Partition 3 00     D7              NTFS         1027 MB offset 193261950
 09:18:54.078    Disk 0 scanning sectors +195366465
 09:18:54.375    Disk 0 scanning C:\WINDOWS\system32\drivers
 09:19:11.250    Service scanning
 09:19:36.796    Modules scanning
 09:19:45.015    Disk 0 trace - called modules:
 09:19:45.546    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
 09:19:45.562    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c81f0]
 09:19:45.562    3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8532f9e8]
 09:19:45.562    5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8532fd98]
 09:19:46.250    AVAST engine scan C:\WINDOWS
 09:20:01.187    AVAST engine scan C:\WINDOWS\system32
 09:21:26.703    File: C:\WINDOWS\system32\msxmlq.dll  **INFECTED** Win32:Agent-AQSB [Trj]
 09:24:19.984    AVAST engine scan C:\WINDOWS\system32\drivers
 09:24:45.359    AVAST engine scan C:\Documents and Settings\alain
 09:27:28.265    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 09:27:28.265    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"
 09:27:42.796    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 09:27:42.796    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 merci!!!Bonne année a vous!!!

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 03/01/2013 à 10:12:10  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 



09:21:26.703 File: C:\WINDOWS\system32\msxmlq.dll **INFECTED**  




 ce fichier systeme est infecté on ne peut pas le supprimer

 relance aswmbr et cliques sur fix pour la désinféctér  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2013 à 12:57:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
;) bonjour
 j'espére que cette fois ce sera bon!!
 voilà le second rapport!!
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 08:55:07
 -----------------------------
 08:55:07.078    OS Version: Windows 5.1.2600 Service Pack 3
 08:55:07.078    Number of processors: 1 586 0x2402
 08:55:07.078    ComputerName: YOUR-F14AC45099  UserName: alain
 08:55:07.593    Initialze error C000010E - driver not loaded
 08:55:07.640    write error "aswCmnB.dll". Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
 09:03:50.968    AVAST engine defs: 13010201
 09:05:52.859    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 09:18:19
 -----------------------------
 09:18:19.578    OS Version: Windows 5.1.2600 Service Pack 3
 09:18:19.578    Number of processors: 1 586 0x2402
 09:18:19.578    ComputerName: YOUR-F14AC45099  UserName: alain
 09:18:20.312    Initialize success
 09:18:38.562    AVAST engine defs: 13010201
 09:18:53.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
 09:18:53.578    Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
 09:18:53.640    Disk 0 MBR read successfully
 09:18:53.640    Disk 0 MBR scan
 09:18:53.812    Disk 0 unknown MBR code
 09:18:53.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87714 MB offset 63
 09:18:53.921    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     6644 MB offset 179654895
 09:18:53.984    Disk 0 Partition 3 00     D7              NTFS         1027 MB offset 193261950
 09:18:54.078    Disk 0 scanning sectors +195366465
 09:18:54.375    Disk 0 scanning C:\WINDOWS\system32\drivers
 09:19:11.250    Service scanning
 09:19:36.796    Modules scanning
 09:19:45.015    Disk 0 trace - called modules:
 09:19:45.546    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
 09:19:45.562    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c81f0]
 09:19:45.562    3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8532f9e8]
 09:19:45.562    5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8532fd98]
 09:19:46.250    AVAST engine scan C:\WINDOWS
 09:20:01.187    AVAST engine scan C:\WINDOWS\system32
 09:21:26.703    File: C:\WINDOWS\system32\msxmlq.dll  **INFECTED** Win32:Agent-AQSB [Trj]
 09:24:19.984    AVAST engine scan C:\WINDOWS\system32\drivers
 09:24:45.359    AVAST engine scan C:\Documents and Settings\alain
 09:27:28.265    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 09:27:28.265    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 09:18:19
 -----------------------------
 09:18:19.578    OS Version: Windows 5.1.2600 Service Pack 3
 09:18:19.578    Number of processors: 1 586 0x2402
 09:18:19.578    ComputerName: YOUR-F14AC45099  UserName: alain
 09:18:20.312    Initialize success
 09:18:38.562    AVAST engine defs: 13010201
 09:18:53.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
 09:18:53.578    Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
 09:18:53.640    Disk 0 MBR read successfully
 09:18:53.640    Disk 0 MBR scan
 09:18:53.812    Disk 0 unknown MBR code
 09:18:53.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87714 MB offset 63
 09:18:53.921    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     6644 MB offset 179654895
 09:18:53.984    Disk 0 Partition 3 00     D7              NTFS         1027 MB offset 193261950
 09:18:54.078    Disk 0 scanning sectors +195366465
 09:18:54.375    Disk 0 scanning C:\WINDOWS\system32\drivers
 09:19:11.250    Service scanning
 09:19:36.796    Modules scanning
 09:19:45.015    Disk 0 trace - called modules:
 09:19:45.546    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
 09:19:45.562    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c81f0]
 09:19:45.562    3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8532f9e8]
 09:19:45.562    5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8532fd98]
 09:19:46.250    AVAST engine scan C:\WINDOWS
 09:20:01.187    AVAST engine scan C:\WINDOWS\system32
 09:21:26.703    File: C:\WINDOWS\system32\msxmlq.dll  **INFECTED** Win32:Agent-AQSB [Trj]
 09:24:19.984    AVAST engine scan C:\WINDOWS\system32\drivers
 09:24:45.359    AVAST engine scan C:\Documents and Settings\alain
 09:27:28.265    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 09:27:28.265    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"
 09:27:42.796    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 09:27:42.796    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 12:35:22
 -----------------------------
 12:35:22.156    OS Version: Windows 5.1.2600 Service Pack 3
 12:35:22.156    Number of processors: 1 586 0x2402
 12:35:22.156    ComputerName: YOUR-F14AC45099  UserName: alain
 12:35:22.796    Initialize success
 12:35:57.640    AVAST engine defs: 13010201
 12:36:00.890    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
 12:36:00.890    Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
 12:36:00.921    Disk 0 MBR read successfully
 12:36:00.921    Disk 0 MBR scan
 12:36:00.968    Disk 0 Windows XP default MBR code
 12:36:00.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87714 MB offset 63
 12:36:01.015    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     6644 MB offset 179654895
 12:36:01.031    Disk 0 Partition 3 00     D7              NTFS         1027 MB offset 193261950
 12:36:01.046    Disk 0 scanning sectors +195366465
 12:36:01.140    Disk 0 scanning C:\WINDOWS\system32\drivers
 12:36:22.125    Service scanning
 12:36:50.359    Modules scanning
 12:37:04.562    Disk 0 trace - called modules:
 12:37:05.125    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
 12:37:05.125    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c81f0]
 12:37:05.125    3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8532f9e8]
 12:37:05.140    5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8532fd98]
 12:37:05.390    AVAST engine scan C:\WINDOWS
 12:37:21.562    AVAST engine scan C:\WINDOWS\system32
 12:43:05.515    AVAST engine scan C:\WINDOWS\system32\drivers
 12:43:43.078    AVAST engine scan C:\Documents and Settings\alain
 12:47:53.718    Verifying
 12:48:03.718    Disk 0 Windows 501 MBR fixed successfully
 12:51:20.703    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 12:51:20.703    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 03/01/2013 à 13:06:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:pt1cable: tu m'as posté le meme

 



Run date: 2013-01-03 08:55:07




 il faut fixer la ligne rouge  ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2013 à 13:34:32  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:sol: Je viens de réaliser un 3 ièmes scann et il n'y a plus de ligne rouge?? infected  n'apparait plus??
 aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
 Run date: 2013-01-03 13:19:55
 -----------------------------
 13:19:55.156    OS Version: Windows 5.1.2600 Service Pack 3
 13:19:55.156    Number of processors: 1 586 0x2402
 13:19:55.156    ComputerName: YOUR-F14AC45099  UserName: alain
 13:19:55.671    Initialize success
 13:20:17.406    AVAST engine defs: 13010201
 13:20:50.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
 13:20:50.171    Disk 0 Vendor: FUJITSU_MHV2100AT_PL 008300A1 Size: 95396MB BusType: 3
 13:20:50.203    Disk 0 MBR read successfully
 13:20:50.203    Disk 0 MBR scan
 13:20:50.281    Disk 0 Windows XP default MBR code
 13:20:50.281    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87714 MB offset 63
 13:20:50.312    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     6644 MB offset 179654895
 13:20:50.328    Disk 0 Partition 3 00     D7              NTFS         1027 MB offset 193261950
 13:20:50.343    Disk 0 scanning sectors +195366465
 13:20:50.406    Disk 0 scanning C:\WINDOWS\system32\drivers
 13:21:06.890    Service scanning
 13:21:33.093    Modules scanning
 13:21:42.187    Disk 0 trace - called modules:
 13:21:42.703    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
 13:21:42.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c91f0]
 13:21:42.703    3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000008a[0x853dd298]
 13:21:42.718    5 ACPI.sys[f73a8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8532f940]
 13:21:43.250    AVAST engine scan C:\WINDOWS
 13:21:56.203    AVAST engine scan C:\WINDOWS\system32
 13:26:12.093    AVAST engine scan C:\WINDOWS\system32\drivers
 13:26:35.421    AVAST engine scan C:\Documents and Settings\alain
 13:28:15.390    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\alain\Bureau\MBR.dat"
 13:28:15.390    The log file has been saved successfully to "C:\Documents and Settings\alain\Bureau\aswMBR.t​xt"


 merci

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 03/01/2013 à 13:36:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok comment va ton pc :??:


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2013 à 20:57:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:youpi: Merci il semble que nous sommes guéris grâce à toi!!!!
 Merci de ton aide, bonne année et à la prochaine pour un nouveau coup de main :hello:  :pt1cable:

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 03/01/2013 à 21:03:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:super: patal2

 fais ceci

 Télécharges delfix pour désinstaller les outils de désinfection qui ne vont plus te
 Servir  puisque mis a jour régulièrement

 http://general-changelog-team. [...] e/3-delfix

 fais  la phase 1 recherche

 copies/colles le rapport delfixsearch.txt
 ;)


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
patal2
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 06/01/2013 à 16:11:32  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: Did80

 Manoeuvre bien effectuée, par contre le rapport ne s'est pas affiché.

Profil : Equipe sécurité
did80
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés) Helpeur confirmé
  1. Posté le 06/01/2013 à 17:31:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello: patal2

 oui j'ai vu le changement d'interface

 pas ininterressant de cocher restauration et registre a voir ?

 http://img15.hostingpics.net/t​humbs/mini_584086delfix.png

 edites ton 1er message en cliquant sur le bouton modifier



 marques résolu dans le titre  :jap:



 bon surf did80 :hello:


---------------
l'urgent est fait , l'impossible est en cours
pour les miracles prévoir des délais
 Page :
1

Aller à :
 

Sujets relatifs
Navigation très lente sur internet ... (réglé) Impossible d'activer mon parfeu erreur 0x80070424 Windows 7
comment supprimer les restes du firewall COMODO dans le registre? [Résolu] Mon pc est contaminé et arrete mon antivir au démarrage
Pc contaminé par Xp police antivirus. contaminé par album 2007 gros problème depuis...
contamine par media.carpediem Contaminé par un ver !
Plus de sujets relatifs à : PC contaminé : navigation impossible [résolu]

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
PC contaminé : naviguation impossible 1
Problème Bywifi [RESOLU] 20
Onglets publicité s'ouvrant automatiquement 2
Supprimer Iminent 1
ordinateur bloqué par ministère de l'intérieur 1