"spads.dll" et "aupd.exe" au secour!!!

voila, je ne sais pas très bien ce que c'est, je sais juste que j'ai une erreur de dll manquant (spads.dll)à l'ouverture de windows,...
quand au "aupd.exe" il m'affiche un message d'autorisation de lancer ce programe a chaque fois que je vais sur le net. je le soupçonne d'etre a l'origine de nombreuse fenêtre de pub qui s'ouvrent toutes seules et de me faire planter firefox sur beaucoup de site.....
j'ai retrouver le fichier "aupd.exe" dans mes fichier temp mais je ne sais pas si je peux le supprimer direct ou si il y a une manoeuvre importante a faire.....
au secour!

Bonsoir,

Télécharge HijackThis, renommes-le scanner.exe et place-le dans un répertoire dans les Programs Files!
Clique sur "Do a system scan and save a log file", le scan va durer environ 20 sec puis le bloc notes va s'ouvrir.
Copie/colle son contenu ici.

le scan a pris 1 sec....
voici ce que ca donne :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:26, on 09/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Azureus\Azureus.exe
C:\3dsmax7\3dsmax.exe
C:\Users\Cedric\AppData\Local\Temp\AdskCleanup.0001
C:\Users\Cedric\AppData\Local\Temp\AdskCleanup.0001
C:\Windows\system32\taskeng.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Tooltipizer - {C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A} - C:\Windows\system32\dcadssuggest.dll
O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} - C:\Windows\system32\nsm749B.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [spa_start] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 10172 bytes




merci pour ton aide en tout cas!

Bonjour,

_________________________

1/ Relance HijackThis, coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :



_______________________________________________________

2/ Fais un scan Panda (Nano Scan) de ton disque dur en utilisant Internet Explorer (Pas avec Firefox ni Firebird)!

http://www.pandasoftware.fr/activescan/activescan.html

Accepte l'Active X du site si nécessaire et désactive ton antivirus le temps du scan.

j'ai lancé un "total scan"
ya d'autre mannip a faire que le HijackThis et le totalscan?
merci beaucoup de pour ton aide!
au fait.....comment as tu su que c'était cette ligne la?ya un truc pour repérer les spy?

Ok, ça ira, si tu as du temps...

Quand au log HijackThis, les lignes O4 sont les processus qui sont executés au démarrage de Windows. Il suffit de vérifier si tous les processus sont sains et l'on détecte vite les infections ! Cependant, les infections peuvent se trouver dans d'autres lignes comme O2, O17 etc.

existe il un site sûr avec une liste des processus dangereux?
après mon total scan mon problème sera règlé?(pour le aupd.exe et spads.dll?)

que se fait-il de mieux en antivirus gratuit? car mon cher avast n'a pas détecté mes fichiers dangereux....alors que ca fait dejà 15j qu'ils sont là...
le site nanoscan est bien?

Non, Panda va ne que les détecter et non les supprimmer, il y'aura donc d'autres manips à faire pour les supprimmer.

Quand à un site avec une liste des processus dangereux, non je ne connais pas mais regarde sur les sites des antivirus.

Antivir est bien, mais il consomme pas mal de ressources système.

voilavoila,....mon scan est terminé.....que dois-je faire mnt?

voici le résultat :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-09 21:46:55
PROTECTIONS: 1
MALWARE: 45
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1098 [VPS 071205-2] 4.7.1098 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Uniblue\SpyEraser\Quarantine\Mediaplex.com_04_12_2007_23_24_04.asq41
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@mediaplex[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.clickbank.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.xiti.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.bs.serving-sys.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@media.adrevolver[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Uniblue\SpyEraser\Quarantine\QuestionMarket.com_04_12_2007_23_24_04.asq18467
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.metriweb.be/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\Low\cedric@metriweb[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Cookies\cedric@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.adultfriendfinder.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[searchportal.information.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Cedric\AppData\Roaming\Mozilla\Firefox\Profiles\2vmecpqi.default\cookies-1.txt[.smartadserver.com/]
00330838 Application/MPSWRecovery HackTools No 0 No No I:\oleoo\oleoo\pack\PMPR1.0.3\Portable_Multi_Password_Recovery_1.0.3.exe[HookLib.dll]
01266988 Adware/WebHancer Adware No 0 No No C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLOF1VUZ\whCC-TRAFE7[1].exe[whAgent.exe]
01353539 Adware/WebHancer Adware No 0 No No C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLOF1VUZ\whCC-TRAFE7[1].exe[webhdll.dll]
01353540 Adware/WebHancer Adware No 0 No No C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLOF1VUZ\whCC-TRAFE7[1].exe[whiehlpr.dll]
01353541 Adware/WebHancer Adware No 0 No No C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLOF1VUZ\whCC-TRAFE7[1].exe[whInstaller.exe]
01468095 Adware/WebHancer Adware No 0 Yes No C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLOF1VUZ\whCC-TRAFE7[1].exe
01650386 Application/MPSWRecovery HackTools No 0 No No I:\oleoo\oleoo\pack\PMPR1.0.3\Portable_Multi_Password_Recovery_1.0.3.exe[MPR.exe]
02171261 HackTool/MailPassView.F HackTools No 0 Yes No I:\oleoo\oleoo\pack\mailpv\mailpv.exe
02176689 HackTool/MailPassView.F HackTools No 0 Yes No I:\oleoo\oleoo\pack\pstpassword\PstPassword.exe
02652976 Hacktool/Dialupass.G HackTools No 0 Yes No I:\oleoo\oleoo\pack\Produkey\ProduKey.exe
02698463 Application/MPSWRecovery HackTools No 0 No No I:\oleoo\oleoo\pack\PMPR1.0.3\Portable_Multi_Password_Recovery_1.0.3.exe[mpr_freader.sys]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\NSBROWSEROPT.DLL
I:\oleoo\oleoo\pack\MainType 2.0\Portable MainType.exe
;===================================================================================================================================================================================

bonsoir, en attendant...

- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré, le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

merci de me répondre!
alors voila,....j'ai bien suivi tes instructions mais j'ai des erreurs lors du scan,.....des boites d'erreur windows apparaissent "Run-Time error'75':
Path/File acces error"
il fait ca 4 ou 5 fois, puis ferme go.cmd
dans la fenetre go.cmd, il affiche Accès refusé partout
que faire?

bonsoir,

fais ceci dans l'ordre et en entier :

Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!

1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :



Puis ferme toutes les autres fenêtres autres que hijackthis et clic sur "fix checked"

2/ ferme hijackthis

3/ Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

Double-clique sur OTMoveIt.exe pour le lancer.

Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!

Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

Clique sur MoveIt! pour lancer la suppression.

Si OTMoveIt propose de redémarrer ton PC, accepte.

Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

bonne soirée

voilavoila
C:\Windows\system32\dcadssuggest.dll NOT unregistered.
File move failed. C:\Windows\system32\dcadssuggest.dll scheduled to be moved on reboot.
File/Folder C:\Windows\system32\nsm749B.dll not found.
File/Folder C:\Windows\system32\spads.dll not found.

Created on 12/19/2007 19:11:26

Fais un scan en ligne Kaspersky avec Internet Explorer :

Dans la nouvelle fenêtre, clique sur J'accepte.

Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.

Patiente pendant l'installation des Mises à jour.

Choisis par la suite l'analyse du Poste de travail

Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE :
Tutoriel
Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

bonne soirée

Certains composants sont endommagés où ne sont pas correctement installé. Veuillez réinstaller l'application!


Echec de la mise à jour !


je pense que je dois être maudit!!!
désolé si je te donne du fil a retordre...

bonjour, pas de souci

Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

Mais clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://mickael.barroux.free.fr/securite/antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

voici le scan antivir :


AntiVir PersonalEdition Classic
Report file date: jeudi 20 décembre 2007 11:01

Scanning for 982099 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Cedric
Computer name: PC-DE-CEDRIC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:55:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 09:55:15
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 09:55:15
ANTIVIR3.VDF : 7.0.1.128 131072 Bytes 20/12/2007 09:55:15
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 09:55:16
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 09:55:16
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 20 décembre 2007 11:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
19 processes with 19 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '19' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '47d84868.qua'!
C:\Program Files\Panda Security\TotalScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '47d54869.qua'!
C:\Users\Cedric\AppData\Local\Temp\Low\aupd.exe
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
H:\AUTORUN.INF
[DETECTION] Is the Trojan horse TR/Agent.AD.1
[INFO] The file was moved to '47be4fd5.qua'!
H:\RECYCLER\INFO.exe
[DETECTION] Is the Trojan horse TR/Agent.Small.D.2
[INFO] The file was moved to '47b04fd1.qua'!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: jeudi 20 décembre 2007 12:18
Used time: 1:16:47 min

The scan has been done completely.

22443 Scanning directories
812409 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
812405 Files not concerned
3738 Archives were scanned
3 Warnings
57 Notes

re, tu n'as plus de souci ?

je ne suis plus chez moi, je regarde d'ici demain et je te dirai quoi....
normalement c'est fini?
merci bcp pour ton aide en tout cas!

bah je pense que ca roule, tu me confirmeras ca demain

bonne soirée

argh!
nan j'ai toujours le spads.dll qui s'ouvre à l'ouverture de windows et mon aupd.exe qui s'ouvre sans cesse!

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

2/déconnecte toi du net et ferme toutes les applications en cours.

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle nous la totalité du rapport.

bon, je suis désolé mais je ne suis pas chezmoi pendnt les fêtes,....j'essayerai de faire ca d'ici mercredi...merci de ta patience

ok joyeuses fetes alors

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"DisplayFusion" = ""C:\Program Files\DisplayFusion\DisplayFusion.exe"" [null data]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Uniblue SpyEraser" = ""C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m" [file not found]
"Speech Recognition" = ""C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"Acrobat Assistant 8.0" = ""C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]
"(Default)" = (empty string) [file not found]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"LogMeIn GUI" = ""C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"" ["LogMeIn, Inc."]
"spa_start" = "C:\Windows\System32\Rundll32.exe "C:\Windows\system32\spads.dll" DllVerify" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Tooltipizer"
\InProcServer32\(Default) = "C:\Windows\system32\dcadssuggest.dll" [null data]
{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "dcads"
\InProcServer32\(Default) = "C:\Windows\system32\nsm749B.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"
-> {HKLM...CLSID} = "Notepad++"
\InProcServer32\(Default) = "C:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\Pictures\Untitled-1.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Cedric\Pictures\Untitled-1.jpg"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


Startup items in "Cedric" & "All Users" startup folders:
--------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
000000000008\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 19


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


HOSTS file
----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Accès du périphérique d'interface utilisateur, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}
Acquisition d'image Windows (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"" [null data]
FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]
LogMeIn, LogMeIn, ""C:\Program Files\LogMeIn\x86\LogMeIn.exe"" ["LogMeIn, Inc."]
LogMeIn Maintenance Service, LMIMaint, ""C:\Program Files\LogMeIn\x86\RaMaint.exe"" ["LogMeIn, Inc."]
PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data]
SBSD Security Center Service, SBSDWSCService, "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."]
Service de l'iPod, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Service de prise en charge Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
Service Messenger Sharing Folders USN Journal Reader, usnjsvc, ""C:\Program Files\MSN Messenger\usnsvc.exe"" [MS]
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Windows Connect Now - Registre de configuration, wcncsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\wcncsvc.dll" [MS]}
Windows Driver Foundation - Infrastructure de pilote mode-utilisateur, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "AdobePDF.dll" ["Adobe Systems Incorporated."]
Canon BJ Language Monitor iP4300\Driver = "CNMLM86.DLL" ["CANON INC."]
LogMeIn Printer Port Monitor\Driver = "LMIport.dll" ["LogMeIn, Inc."]


---------- (launch time: 2007-12-21 13:01:01)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 28 seconds, including 5 seconds for message boxes)

yes! je viens de faire une mise a jour d'antivir et il m'a enfin détecté aupd.exe!!!!!je l'ai mis en quarantaine...
plus que spads.dll qui s'ouvre a chaque démarage de mon ordi et jsuis un homme heureux ;-)

bonjour,

fais ceci dans l'ordre et en entier :

Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!

Télécharge Brute Force Uninstaller sur ton Bureau.

Guide d'utilisation : http://mickael.barroux.free.fr/securite/bfu.php

Dézippe-le entièrement sur ton bureau

Copie la totalité de la citation dans ton Bloc-Notes.

Enregistre-le sous le nom de aftermath.bfu, dans le dossier C:\BFU

Redémarre en mode sans échec.

Double-clique sur BFU.exe pour lancer Brute Force Uninstaller.

A côté de la case scriptline to execute, clique sur l'icône et choisis aftermath.bfu

Clique sur Execute afin de le lancer.

Une fois fini, clique sur Exit pour fermer le programme.

Redémarre normalement.

bon,....merci beaucoup pour ton aide,je n'ai pas effectué la dernière partie car hier soir g eu un souci avec vista, impossible de redémarer...j'ai fini par devoir formatter... :-{
désolé si je t'ai donné tant de mal pour rien....
bonne fête et encore un tout grand merci pour ton aide,...continue comme ca!
j'apprécie vraiment qu'il y ai encore des gens compétents qui passent leur temps a règler les problème de mr et madame toulemonde....

zut je suis désolé pour toi

bonne journée quand meme et jette un oeil sur mon site pour protéger correctement ton pc et etre prudent sur le web à l'avenir

bonnes fetes de fin d'année

une chose est certaine : j'installe antivir dès le débus cette fois....(j'espère que le résident est bien...)
bonnes fêtes de fin d'années à toi!