Mon ordinateur est infecté !! Résolu

Question

Bonjour,
Mon ordinateur de fonctionne plus très bien et je pense être infecté par plusieurs virus. J'ai du les attraper en télechargeant... L'ordinateur va très doucement et dans mon gestionnaire de tâche, l'Uc est souvent utilisée a 100% ce que je trouve bizarre en particulier quand je ne fais rien.... Certains programmes ne s'ouvrent plus...
J'utilise l'antivirus Avast mais il n'en detecte pas beaucoup. J'ai voulu faire une analyse en ligne avec F-secuser mais elle n'aboutit jamais . Durant cette analyse, il y a une vingtaine de virus trouvé mais je ne peux jamais les supprimer.
 Merci de votre aide :)

geoffrey5 · Answer

Bonsoir,

&#x25B6; Télécharge hijackthis

&#x25B6; Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

&#x25B6; Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.


Comment copier/coller le rapport :


&#x25B6; Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

&#x25B6; ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

pcd · Answer

Merci, voici mon rapport ... j'espère que j'ai bien suivi vos instructions ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:37, on 18/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: mysidesearch search enhancer - {5610abfa-5f0b-de2d-5025-f161c36bb4a8} - C:\Windows\system32\udnjogdzmkzqnc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

je vois que tu as 3 antivirus : avast, antivir et AVG... Que fais-tu avec 3 antivirus ?? Et lequel utilises-tu ??

Commence par faire ceci stp :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

&#x25B6; Va dans démarrer puis panneau de configuration 
&#x25B6; Double Clique sur l'icône "Comptes d'utilisateurs" 
&#x25B6; Clique ensuite sur désactiver et valide. 


&#x25B6; Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
  
&#x25B6; Lance l'installation du programme en exécutant le fichier téléchargé. 

&#x25B6; Double-clique maintenant sur le raccourci de Toolbar-S&D. 

&#x25B6; Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 

&#x25B6; Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 

&#x25B6; Poste le rapport généré. (C:\TB.txt)

pcd · Answer

Euh je ne sais pas pourquoi j'ai pris 3 antivirus je pensais que comme ça je trouverais 2 fois plus de virus mais bon je crois que c'est deconseillé. Donc je pense que je vais garder avast.

Voici le rapport:


   -----------\  ToolBar S&D 1.2.2   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Charlène ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081220-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total : 364 Go Free : 211 Go
   D:\ (Local Disk) - NTFS - Total : 7 Go Free : 1 Go
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
   Option : [1] ( 18/01/2009|22:17 )

   [ UAC => 0 ]

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page Restore"="https://www.google.fr/?gws_rd=ssl"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\spyware-doctor-2009-keygen_ltr[1].gif
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5YZSX29\keygen-spyware-doctor[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5YZSX29\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\82109-spyware-doctor-2009-keygen[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Temp\Rar$EX00.289\crack.nfo
   C:\Users\CHARLN~1\AppData\Local\Temp\Rar$EX00.904\keygen.nfo
   C:\Users\CHARLN~1\AppData\Roaming\Microsoft\Windows\Recent\crack.txt.lnk
   C:\Users\CHARLN~1\Desktop\a suppr\crack+keygen.exe
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\crack.txt
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\Photoshop.exe
   C:\Users\CHARLN~1\Desktop
ous 3\crack+keygen.exe
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-118459-spyware doctor crack incl license keys.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-128455-spyware doctor crack setup incl serial.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-81459-spyware doctor crack keymaker by RoR.zip
   C:\Users\CHARLN~1\Favorites\serials nero 9 driver detective avast nero office 2007 spyware doctor nero 8 ad kaspersky internet download manager keygen.name.url


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 05/10/2008|22:25 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 18/01/2009|22:18 - Option : [1]

   -----------\  Fin du rapport a 22:18:28,82

geoffrey5 · Answer

Non ça ne sert à rien d'avoir plusieurs antivirus, cela ne fera que ralentir 2X plus ton PC et il pourrait y avoir des conflits entre les deux... Tu veux garder Avast mais personnellement je te conseillerai Antivir qui est beaucoup plus performant :

avast vs antivir vs AVG

Je vois que tu as aussi beaucoup de cracks :

le danger des cracks

Après cette petite lecture de prévention, fais ceci stp :

&#x25B6; Télécharge malwarebyte's anti-malware 

&#x25B6; Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
 
&#x25B6; Fais la mise à jour du logiciel (elle se fait normalement à l'installation) 

&#x25B6; Lance une analyse complète en cliquant sur "Exécuter un examen complet"

&#x25B6; Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

&#x25B6; L'analyse peut durer un bon moment.....

&#x25B6; Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

&#x25B6; Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

&#x25B6; Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

pcd · Answer

Depuis hier soir je fais des analyses mais au bout d'une heure ça bloque... L'analyse n'aboutit jamais !!
Je ne sais pas quoi faire...

geoffrey5 · Answer

Bonsoir,

tu parles de Malwarebytes ??

pcd · Answer

oui ...

geoffrey5 · Answer

essaye une analyse rapide stp

pcd · Answer

d'accord

pcd · Answer

Voilà, 

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 6.0.6001 Service Pack 1

19/01/2009 21:28:30
mbam-log-2009-01-19 (21-28-26).txt

Type de recherche: Examen rapide
Eléments examinés: 52596
Temps écoulé: 4 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgaloregames (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5610abfa-5f0b-de2d-5025-f161c36bb4a8} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5610abfa-5f0b-de2d-5025-f161c36bb4a8} (Adware.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> No action taken.
C:\Users\Charlène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\System32\adzgalore-remove.exe (Adware.Agent) -> No action taken.
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe (Adware.Agent) -> No action taken.
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> No action taken.
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> No action taken.
C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> No action taken.
C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> No action taken.
C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk (Adware.Agent) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Lop) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Lop) -> No action taken.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.
C:\ProgramData\svhost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\System32\udnjogdzmkzqnc.dll (Adware.BHO) -> No action taken.

geoffrey5 · Answer

c'est le rapport avant la suppression que tu me donne là...

As-tu affiché les résultats et cliqué sur supprimer la sélection après avoir envoyé ce rapport ??

pcd · Answer

C'est pas ça ? 

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 6.0.6001 Service Pack 1

19/01/2009 21:28:35
mbam-log-2009-01-19 (21-28-35).txt

Type de recherche: Examen rapide
Eléments examinés: 52596
Temps écoulé: 4 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgaloregames (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5610abfa-5f0b-de2d-5025-f161c36bb4a8} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5610abfa-5f0b-de2d-5025-f161c36bb4a8} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Charlène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\System32\adzgalore-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\udnjogdzmkzqnc.dll (Adware.BHO) -> Quarantined and deleted successfully.

geoffrey5 · Answer

Oui c'est bien ça  ;-)

Maintenant fais ceci pour vérifier stp :

Veille à ce que le contrôle des comptes soit toujours désactivé !!

&#x25B6; Télécharger et enregistrer lopSD sur le Bureau 
 
&#x25B6; Double-clic Lop S&D
 
&#x25B6; Faire l'installation 

&#x25B6; Fermer toutes les applications 

&#x25B6; Le lancer par un double-clic sur le raccourci qui est sur le bureau 
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
 
&#x25B6; Taper F pour français , puis presser entrée 

&#x25B6; Taper 1 

&#x25B6; Presser Entrée 

&#x25B6; Le PC va redémarrer 
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
 
&#x25B6; Attendre l'apparition du rapport 
&#x25B6; Copier le rapport et le coller dans la réponse 
le rapport se trouve aussi à C:\lopR

pcd · Answer

Mon ordi n'a pas redemarré mais le rapport c'est ouvert .
Le voici :


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Charlène ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081220-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total:364 Go (Free:209 Go)
   D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 19/01/2009|22:12 )

   [ UAC => 1 ]
 
   --------------------\  Listing des dossiers dans Local

   [04/01/2009|17:58] C:\Users\CHARLN~1\AppData\Local\Adobe
   [10/02/2008|16:02] C:\Users\CHARLN~1\AppData\Local\Apple
   [10/02/2008|16:14] C:\Users\CHARLN~1\AppData\Local\Apple Computer
   [08/02/2008|19:28] C:\Users\CHARLN~1\AppData\Local\Application Data 
   [03/05/2008|14:50] C:\Users\CHARLN~1\AppData\Local\d3d9caps.dat
   [17/01/2009|20:46] C:\Users\CHARLN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [14/01/2009|21:57] C:\Users\CHARLN~1\AppData\Local\eMule
   [19/10/2008|17:37] C:\Users\CHARLN~1\AppData\Local\GDIPFONTCACHEV1.DAT
   [07/06/2008|21:15] C:\Users\CHARLN~1\AppData\Local\Google
   [08/02/2008|19:28] C:\Users\CHARLN~1\AppData\Local\Historique 
   [19/01/2009|21:14] C:\Users\CHARLN~1\AppData\Local\IconCache.db
   [02/01/2009|18:13] C:\Users\CHARLN~1\AppData\Local\Microsoft
   [08/10/2008|17:59] C:\Users\CHARLN~1\AppData\Local\Microsoft Help
   [10/02/2008|00:19] C:\Users\CHARLN~1\AppData\Local\Mozilla
   [07/01/2009|16:56] C:\Users\CHARLN~1\AppData\Local\Shareaza
   [19/01/2009|22:11] C:\Users\CHARLN~1\AppData\Local\Temp
   [08/02/2008|19:28] C:\Users\CHARLN~1\AppData\Local\Temporary Internet Files 
   [06/10/2008|19:16] C:\Users\CHARLN~1\AppData\Local\VirtualStore
   [13/12/2008|23:46] C:\Users\CHARLN~1\AppData\Local\Winamp Toolbar
   [18/11/2008|21:33] C:\Users\CHARLN~1\AppData\Local\Zattoo
   [08/11/2008|20:35] C:\Users\CHARLN~1\AppData\Local\ZattooPlayer
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [19/01/2009 19:56][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{5842DB62-545A-41C4-B777-99A22648A95F}.job
   [26/12/2008 19:47][--a------] C:\Windows	asks\Norton Security Scan.job
   [19/01/2009 21:30][--ah-----] C:\Windows	asks\SA.DAT
   [19/01/2009 21:30][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [24/12/2008|23:16] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [16/01/2008|14:52] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
   [11/01/2009|17:06] C:\ProgramData\Adobe
   [10/02/2008|16:01] C:\ProgramData\Apple
   [24/12/2008|23:16] C:\ProgramData\Apple Computer
   [08/02/2008|19:25] C:\ProgramData\Application Data 
   [02/01/2009|18:15] C:\ProgramData\avg8
   [18/10/2008|11:02] C:\ProgramData\Avira
   [29/05/2008|21:19] C:\ProgramData\BM67319e41.txt
   [11/06/2008|20:23] C:\ProgramData\BM67319e41.xml
   [08/02/2008|19:25] C:\ProgramData\Bureau 
   [08/02/2008|19:25] C:\ProgramData\Documents 
   [14/01/2009|21:58] C:\ProgramData\eMule
   [08/02/2008|19:25] C:\ProgramData\Favoris 
   [27/12/2008|00:30] C:\ProgramData\FLEXnet
   [16/01/2008|14:57] C:\ProgramData\Google
   [07/10/2008|18:38] C:\ProgramData\Google Updater
   [23/12/2008|21:56] C:\ProgramData\Grisoft
   [16/01/2008|15:07] C:\ProgramData\Hewlett-Packard
   [16/01/2008|14:37] C:\ProgramData\HP
   [16/01/2008|14:37] C:\ProgramData\hpzinstall.log
   [28/08/2008|17:03] C:\ProgramData\LauncherAccess.dt
   [27/05/2008|19:05] C:\ProgramData\Lavasoft
   [11/06/2008|20:38] C:\ProgramData\LUUnInstall.LiveUpdate
   [11/06/2008|20:31] C:\ProgramData\Malwarebytes
   [08/02/2008|19:25] C:\ProgramData\Menu D‚marrer 
   [03/05/2008|18:19] C:\ProgramData\Messenger Plus!
   [17/10/2008|22:24] C:\ProgramData\Microsoft
   [15/01/2009|21:22] C:\ProgramData\Microsoft Help
   [08/02/2008|19:25] C:\ProgramData\ModŠles 
   [16/01/2008|14:46] C:\ProgramData\muvee Technologies
   [24/09/2008|16:13] C:\ProgramData\NVIDIA
   [18/01/2009|22:14] C:\ProgramData\OrbNetworks
   [16/01/2008|14:54] C:\ProgramData\PC-Doctor
   [11/06/2008|20:22] C:\ProgramData\pskt.ini
   [16/01/2008|14:42] C:\ProgramData\Roxio
   [07/06/2008|23:30] C:\ProgramData\Skype
   [20/06/2008|22:18] C:\ProgramData\Sonic
   [02/01/2009|20:20] C:\ProgramData\Spybot - Search & Destroy
   [11/06/2008|21:21] C:\ProgramData\Symantec
   [19/01/2009|21:51] C:\ProgramData\TEMP
   [02/09/2008|16:20] C:\ProgramData\UDL
   [13/12/2008|23:39] C:\ProgramData\Winamp Toolbar
   [10/02/2008|00:05] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [16/01/2008|14:52] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [18/01/2009|18:29] C:\Program Files\Adobe
   [13/04/2008|14:05] C:\Program Files\Alwil Software
   [21/12/2008|23:38] C:\Program Files\Apple Software Update
   [02/01/2009|18:15] C:\Program Files\AVG
   [18/10/2008|11:02] C:\Program Files\Avira
   [26/10/2008|12:25] C:\Program Files\AviSynth 2.5
   [21/12/2008|23:46] C:\Program Files\Bonjour
   [09/06/2008|21:40] C:\Program Files\CCleaner
   [10/02/2008|00:20] C:\Program Files\Circle Developement
   [16/01/2009|22:08] C:\Program Files\Common Files
   [22/02/2007|17:37] C:\Program Files\EasyBits
   [14/01/2009|21:57] C:\Program Files\eMule
   [02/09/2008|16:19] C:\Program Files\epson
   [26/10/2008|12:24] C:\Program Files\eRightSoft
   [08/02/2008|19:25] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [12/06/2008|18:51] C:\Program Files\Google
   [23/12/2008|21:56] C:\Program Files\Grisoft
   [16/01/2008|14:55] C:\Program Files\Hewlett-Packard
   [16/01/2008|14:48] C:\Program Files\HP
   [02/09/2008|16:30] C:\Program Files\InstallShield Installation Information
   [18/10/2008|11:02] C:\Program Files\Internet Explorer
   [24/12/2008|23:16] C:\Program Files\iPod
   [24/12/2008|23:16] C:\Program Files\iTunes
   [08/10/2008|18:05] C:\Program Files\Java
   [25/05/2008|19:53] C:\Program Files\K-Lite Codec Pack
   [27/05/2008|19:02] C:\Program Files\Lavasoft
   [25/10/2008|18:14] C:\Program Files\LimeWire
   [19/01/2009|19:52] C:\Program Files\Malwarebytes' Anti-Malware
   [26/10/2008|13:05] C:\Program Files\MediaCoder
   [31/08/2008|16:05] C:\Program Files\Messenger Plus! Live
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [08/10/2008|18:06] C:\Program Files\Microsoft Office
   [23/11/2008|14:15] C:\Program Files\Microsoft Silverlight
   [17/10/2008|22:36] C:\Program Files\Microsoft SQL Server Compact Edition
   [08/10/2008|18:06] C:\Program Files\Microsoft Visual Studio
   [08/10/2008|18:00] C:\Program Files\Microsoft Visual Studio 8
   [08/10/2008|18:07] C:\Program Files\Microsoft Works
   [08/10/2008|18:05] C:\Program Files\Microsoft.NET
   [24/09/2008|15:53] C:\Program Files\Movie Maker
   [28/12/2008|18:50] C:\Program Files\Mozilla Firefox
   [08/10/2008|18:07] C:\Program Files\MSBuild
   [17/10/2008|23:00] C:\Program Files\MSN Messenger
   [10/02/2008|14:20] C:\Program Files\MSXML 4.0
   [16/01/2008|14:46] C:\Program Files\muvee Technologies
   [26/12/2008|15:00] C:\Program Files\Norton Security Scan
   [09/09/2008|21:55] C:\Program Files\OpenOffice.org 2.4
   [08/02/2008|19:33] C:\Program Files\Orange
   [26/12/2008|13:50] C:\Program Files\Panda Security
   [16/01/2008|15:07] C:\Program Files\PC-Doctor 5 for Windows
   [26/09/2008|22:11] C:\Program Files\PhotoFiltre Studio
   [30/09/2008|18:29] C:\Program Files\Picasa2
   [21/12/2008|23:45] C:\Program Files\QuickTime
   [26/10/2008|12:55] C:\Program Files\RADVideo
   [16/01/2008|14:45] C:\Program Files\Real
   [29/03/2008|00:28] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [11/06/2008|14:34] C:\Program Files\Registry Mechanic
   [16/01/2008|14:44] C:\Program Files\Roxio
   [09/02/2008|23:04] C:\Program Files\SAGEM
   [16/05/2008|22:58] C:\Program Files\Samsung
   [16/01/2008|14:57] C:\Program Files\Services en ligne
   [07/01/2009|17:01] C:\Program Files\Shareaza
   [07/06/2008|23:30] C:\Program Files\Skype
   [02/01/2009|18:27] C:\Program Files\Spybot - Search & Destroy
   [19/01/2009|20:09] C:\Program Files\Spyware Doctor
   [11/06/2008|20:37] C:\Program Files\Symantec
   [05/10/2008|19:25] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [25/05/2008|19:04] C:\Program Files\VideoLAN
   [13/12/2008|23:39] C:\Program Files\Winamp
   [13/12/2008|23:39] C:\Program Files\Winamp Remote
   [13/12/2008|23:39] C:\Program Files\Winamp Toolbar
   [24/09/2008|15:53] C:\Program Files\Windows Calendar
   [24/09/2008|15:53] C:\Program Files\Windows Collaboration
   [24/09/2008|15:53] C:\Program Files\Windows Defender
   [24/09/2008|15:53] C:\Program Files\Windows Journal
   [18/10/2008|11:02] C:\Program Files\Windows Live
   [27/12/2008|00:10] C:\Program Files\Windows Live Safety Center
   [15/01/2009|21:22] C:\Program Files\Windows Mail
   [24/09/2008|15:53] C:\Program Files\Windows Media Player
   [08/02/2008|19:25] C:\Program Files\Windows NT
   [24/09/2008|15:53] C:\Program Files\Windows Photo Gallery
   [24/09/2008|15:53] C:\Program Files\Windows Sidebar
   [11/06/2008|15:10] C:\Program Files\WinRAR
   [26/09/2008|22:27] C:\Program Files\Wyzo
   [08/11/2008|20:32] C:\Program Files\Zattoo

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [18/01/2009|18:32] C:\Program Files\Common Files\Adobe
   [24/12/2008|23:16] C:\Program Files\Common Files\Apple
   [08/10/2008|18:06] C:\Program Files\Common Files\DESIGNER
   [16/01/2008|14:37] C:\Program Files\Common Files\HP
   [02/09/2008|16:01] C:\Program Files\Common Files\InstallShield
   [25/05/2008|18:39] C:\Program Files\Common Files\Java
   [16/01/2008|14:45] C:\Program Files\Common Files\LightScribe
   [16/01/2008|14:45] C:\Program Files\Common Files\LS Getting Started
   [11/10/2008|19:18] C:\Program Files\Common Files\Macrovision Shared
   [02/01/2009|18:14] C:\Program Files\Common Files\microsoft shared
   [16/01/2008|14:46] C:\Program Files\Common Files\muvee Technologies
   [16/01/2008|14:43] C:\Program Files\Common Files\PX Storage Engine
   [27/09/2008|22:12] C:\Program Files\Common Files\Real
   [16/01/2008|14:43] C:\Program Files\Common Files\Roxio Shared
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [07/06/2008|23:29] C:\Program Files\Common Files\Skype
   [16/01/2008|14:44] C:\Program Files\Common Files\Sonic Shared
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [16/01/2008|14:44] C:\Program Files\Common Files\SureThing Shared
   [26/12/2008|15:05] C:\Program Files\Common Files\Symantec Shared
   [17/10/2008|22:38] C:\Program Files\Common Files\System
   [17/10/2008|22:26] C:\Program Files\Common Files\Windows Live
   [10/02/2008|00:10] C:\Program Files\Common Files\WindowsLiveInstaller
   [27/05/2008|19:00] C:\Program Files\Common Files\Wise Installation Wizard
   [27/09/2008|22:12] C:\Program Files\Common Files\xing shared

   --------------------\  Process

   ( 59 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\Users\CHARLN~1\AppData\Local\Temp
shE767.tmp
   C:\Program Files\Circle Developement
   C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies\charlene@advertstream[1].txt
   C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies\charlene@advertising[2].txt
   C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies\charlene@adopt.euroclick[2].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-01-19 22:13:11
   Windows 6.0.6001 Service Pack 1 NTFS
   detected NTDLL code modification:
   ZwClose
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 638
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\crack_danger[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\spyware-doctor-2009-keygen_ltr[1].gif
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5YZSX29\keygen-spyware-doctor[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5YZSX29\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\82109-spyware-doctor-2009-keygen[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\crack_danger3[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\crack_danger4[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\crack_danger0[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\crack_danger2[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Temp\Rar$EX00.289\crack.nfo
   C:\Users\CHARLN~1\AppData\Local\Temp\Rar$EX00.904\keygen.nfo
   C:\Users\CHARLN~1\AppData\Roaming\Microsoft\Windows\Recent\crack.txt.lnk
   C:\Users\CHARLN~1\Desktop\a suppr\crack+keygen.exe
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\crack.txt
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\Photoshop.exe
   C:\Users\CHARLN~1\Desktop
ous 3\crack+keygen.exe
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-118459-spyware doctor crack incl license keys.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-128455-spyware doctor crack setup incl serial.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-81459-spyware doctor crack keymaker by RoR.zip
   C:\Users\CHARLN~1\Favorites\serials nero 9 driver detective avast nero office 2007 spyware doctor nero 8 ad kaspersky internet download manager keygen.name.url


   [F:2204][D:61]-> C:\Users\CHARLN~1\AppData\Local\Temp
   [F:365][D:1]-> C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:5971][D:7]-> C:\Users\CHARLN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:5][D:3]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 19/01/2009|22:15 - Option : [1]

   --------------------\  Fin du rapport a 22:15:56
   [ UAC => 1 ]

geoffrey5 · Answer

&#x25B6; Relance Lop S&D

&#x25B6; Choisis cette fois-ci l'option 2 (Suppression)

&#x25B6; Ne ferme pas la fenêtre lors de la suppression !

&#x25B6; Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

et ensuite refais un nouveau rapport hijackthis stp

pcd · Answer

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Charlène ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 081220-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total:364 Go (Free:209 Go)
   D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 19/01/2009|22:23 )

   [ UAC => 1 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\Users\CHARLN~1\AppData\Local\Temp
shE767.tmp
   Supprime! - C:\Program Files\Circle Developement
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans Local

   [04/01/2009|17:58] C:\Users\CHARLN~1\AppData\Local\Adobe
   [10/02/2008|16:02] C:\Users\CHARLN~1\AppData\Local\Apple
   [10/02/2008|16:14] C:\Users\CHARLN~1\AppData\Local\Apple Computer
   [08/02/2008|19:28] C:\Users\CHARLN~1\AppData\Local\Application Data 
   [03/05/2008|14:50] C:\Users\CHARLN~1\AppData\Local\d3d9caps.dat
   [17/01/2009|20:46] C:\Users\CHARLN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [14/01/2009|21:57] C:\Users\CHARLN~1\AppData\Local\eMule
   [19/10/2008|17:37] C:\Users\CHARLN~1\AppData\Local\GDIPFONTCACHEV1.DAT
   [07/06/2008|21:15] C:\Users\CHARLN~1\AppData\Local\Google
   [08/02/2008|19:28] C:\Users\CHARLN~1\AppData\Local\Historique 
   [19/01/2009|21:14] C:\Users\CHARLN~1\AppData\Local\IconCache.db
   [02/01/2009|18:13] C:\Users\CHARLN~1\AppData\Local\Microsoft
   [08/10/2008|17:59] C:\Users\CHARLN~1\AppData\Local\Microsoft Help
   [10/02/2008|00:19] C:\Users\CHARLN~1\AppData\Local\Mozilla
   [07/01/2009|16:56] C:\Users\CHARLN~1\AppData\Local\Shareaza
   [19/01/2009|22:23] C:\Users\CHARLN~1\AppData\Local\Temp
   [08/02/2008|19:28] C:\Users\CHARLN~1\AppData\Local\Temporary Internet Files 
   [06/10/2008|19:16] C:\Users\CHARLN~1\AppData\Local\VirtualStore
   [13/12/2008|23:46] C:\Users\CHARLN~1\AppData\Local\Winamp Toolbar
   [18/11/2008|21:33] C:\Users\CHARLN~1\AppData\Local\Zattoo
   [08/11/2008|20:35] C:\Users\CHARLN~1\AppData\Local\ZattooPlayer
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [19/01/2009 19:56][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{5842DB62-545A-41C4-B777-99A22648A95F}.job
   [26/12/2008 19:47][--a------] C:\Windows	asks\Norton Security Scan.job
   [19/01/2009 21:30][--ah-----] C:\Windows	asks\SA.DAT
   [19/01/2009 21:30][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [24/12/2008|23:16] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [16/01/2008|14:52] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
   [11/01/2009|17:06] C:\ProgramData\Adobe
   [10/02/2008|16:01] C:\ProgramData\Apple
   [24/12/2008|23:16] C:\ProgramData\Apple Computer
   [08/02/2008|19:25] C:\ProgramData\Application Data 
   [02/01/2009|18:15] C:\ProgramData\avg8
   [18/10/2008|11:02] C:\ProgramData\Avira
   [29/05/2008|21:19] C:\ProgramData\BM67319e41.txt
   [11/06/2008|20:23] C:\ProgramData\BM67319e41.xml
   [08/02/2008|19:25] C:\ProgramData\Bureau 
   [08/02/2008|19:25] C:\ProgramData\Documents 
   [14/01/2009|21:58] C:\ProgramData\eMule
   [08/02/2008|19:25] C:\ProgramData\Favoris 
   [27/12/2008|00:30] C:\ProgramData\FLEXnet
   [16/01/2008|14:57] C:\ProgramData\Google
   [07/10/2008|18:38] C:\ProgramData\Google Updater
   [23/12/2008|21:56] C:\ProgramData\Grisoft
   [16/01/2008|15:07] C:\ProgramData\Hewlett-Packard
   [16/01/2008|14:37] C:\ProgramData\HP
   [16/01/2008|14:37] C:\ProgramData\hpzinstall.log
   [28/08/2008|17:03] C:\ProgramData\LauncherAccess.dt
   [27/05/2008|19:05] C:\ProgramData\Lavasoft
   [11/06/2008|20:38] C:\ProgramData\LUUnInstall.LiveUpdate
   [11/06/2008|20:31] C:\ProgramData\Malwarebytes
   [08/02/2008|19:25] C:\ProgramData\Menu D‚marrer 
   [03/05/2008|18:19] C:\ProgramData\Messenger Plus!
   [17/10/2008|22:24] C:\ProgramData\Microsoft
   [15/01/2009|21:22] C:\ProgramData\Microsoft Help
   [08/02/2008|19:25] C:\ProgramData\ModŠles 
   [16/01/2008|14:46] C:\ProgramData\muvee Technologies
   [24/09/2008|16:13] C:\ProgramData\NVIDIA
   [18/01/2009|22:14] C:\ProgramData\OrbNetworks
   [16/01/2008|14:54] C:\ProgramData\PC-Doctor
   [11/06/2008|20:22] C:\ProgramData\pskt.ini
   [16/01/2008|14:42] C:\ProgramData\Roxio
   [07/06/2008|23:30] C:\ProgramData\Skype
   [20/06/2008|22:18] C:\ProgramData\Sonic
   [02/01/2009|20:20] C:\ProgramData\Spybot - Search & Destroy
   [11/06/2008|21:21] C:\ProgramData\Symantec
   [19/01/2009|21:51] C:\ProgramData\TEMP
   [02/09/2008|16:20] C:\ProgramData\UDL
   [13/12/2008|23:39] C:\ProgramData\Winamp Toolbar
   [10/02/2008|00:05] C:\ProgramData\WLInstaller

   --------------------\  Listing des dossiers dans C:\Program Files

   [16/01/2008|14:52] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
   [18/01/2009|18:29] C:\Program Files\Adobe
   [13/04/2008|14:05] C:\Program Files\Alwil Software
   [21/12/2008|23:38] C:\Program Files\Apple Software Update
   [02/01/2009|18:15] C:\Program Files\AVG
   [18/10/2008|11:02] C:\Program Files\Avira
   [26/10/2008|12:25] C:\Program Files\AviSynth 2.5
   [21/12/2008|23:46] C:\Program Files\Bonjour
   [09/06/2008|21:40] C:\Program Files\CCleaner
   [16/01/2009|22:08] C:\Program Files\Common Files
   [22/02/2007|17:37] C:\Program Files\EasyBits
   [14/01/2009|21:57] C:\Program Files\eMule
   [02/09/2008|16:19] C:\Program Files\epson
   [26/10/2008|12:24] C:\Program Files\eRightSoft
   [08/02/2008|19:25] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [12/06/2008|18:51] C:\Program Files\Google
   [23/12/2008|21:56] C:\Program Files\Grisoft
   [16/01/2008|14:55] C:\Program Files\Hewlett-Packard
   [16/01/2008|14:48] C:\Program Files\HP
   [02/09/2008|16:30] C:\Program Files\InstallShield Installation Information
   [18/10/2008|11:02] C:\Program Files\Internet Explorer
   [24/12/2008|23:16] C:\Program Files\iPod
   [24/12/2008|23:16] C:\Program Files\iTunes
   [08/10/2008|18:05] C:\Program Files\Java
   [25/05/2008|19:53] C:\Program Files\K-Lite Codec Pack
   [27/05/2008|19:02] C:\Program Files\Lavasoft
   [25/10/2008|18:14] C:\Program Files\LimeWire
   [19/01/2009|19:52] C:\Program Files\Malwarebytes' Anti-Malware
   [26/10/2008|13:05] C:\Program Files\MediaCoder
   [31/08/2008|16:05] C:\Program Files\Messenger Plus! Live
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [08/10/2008|18:06] C:\Program Files\Microsoft Office
   [23/11/2008|14:15] C:\Program Files\Microsoft Silverlight
   [17/10/2008|22:36] C:\Program Files\Microsoft SQL Server Compact Edition
   [08/10/2008|18:06] C:\Program Files\Microsoft Visual Studio
   [08/10/2008|18:00] C:\Program Files\Microsoft Visual Studio 8
   [08/10/2008|18:07] C:\Program Files\Microsoft Works
   [08/10/2008|18:05] C:\Program Files\Microsoft.NET
   [24/09/2008|15:53] C:\Program Files\Movie Maker
   [28/12/2008|18:50] C:\Program Files\Mozilla Firefox
   [08/10/2008|18:07] C:\Program Files\MSBuild
   [17/10/2008|23:00] C:\Program Files\MSN Messenger
   [10/02/2008|14:20] C:\Program Files\MSXML 4.0
   [16/01/2008|14:46] C:\Program Files\muvee Technologies
   [26/12/2008|15:00] C:\Program Files\Norton Security Scan
   [09/09/2008|21:55] C:\Program Files\OpenOffice.org 2.4
   [08/02/2008|19:33] C:\Program Files\Orange
   [26/12/2008|13:50] C:\Program Files\Panda Security
   [16/01/2008|15:07] C:\Program Files\PC-Doctor 5 for Windows
   [26/09/2008|22:11] C:\Program Files\PhotoFiltre Studio
   [30/09/2008|18:29] C:\Program Files\Picasa2
   [21/12/2008|23:45] C:\Program Files\QuickTime
   [26/10/2008|12:55] C:\Program Files\RADVideo
   [16/01/2008|14:45] C:\Program Files\Real
   [29/03/2008|00:28] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [11/06/2008|14:34] C:\Program Files\Registry Mechanic
   [16/01/2008|14:44] C:\Program Files\Roxio
   [09/02/2008|23:04] C:\Program Files\SAGEM
   [16/05/2008|22:58] C:\Program Files\Samsung
   [16/01/2008|14:57] C:\Program Files\Services en ligne
   [07/01/2009|17:01] C:\Program Files\Shareaza
   [07/06/2008|23:30] C:\Program Files\Skype
   [02/01/2009|18:27] C:\Program Files\Spybot - Search & Destroy
   [19/01/2009|20:09] C:\Program Files\Spyware Doctor
   [11/06/2008|20:37] C:\Program Files\Symantec
   [05/10/2008|19:25] C:\Program Files\Trend Micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [25/05/2008|19:04] C:\Program Files\VideoLAN
   [13/12/2008|23:39] C:\Program Files\Winamp
   [13/12/2008|23:39] C:\Program Files\Winamp Remote
   [13/12/2008|23:39] C:\Program Files\Winamp Toolbar
   [24/09/2008|15:53] C:\Program Files\Windows Calendar
   [24/09/2008|15:53] C:\Program Files\Windows Collaboration
   [24/09/2008|15:53] C:\Program Files\Windows Defender
   [24/09/2008|15:53] C:\Program Files\Windows Journal
   [18/10/2008|11:02] C:\Program Files\Windows Live
   [27/12/2008|00:10] C:\Program Files\Windows Live Safety Center
   [15/01/2009|21:22] C:\Program Files\Windows Mail
   [24/09/2008|15:53] C:\Program Files\Windows Media Player
   [08/02/2008|19:25] C:\Program Files\Windows NT
   [24/09/2008|15:53] C:\Program Files\Windows Photo Gallery
   [24/09/2008|15:53] C:\Program Files\Windows Sidebar
   [11/06/2008|15:10] C:\Program Files\WinRAR
   [26/09/2008|22:27] C:\Program Files\Wyzo
   [08/11/2008|20:32] C:\Program Files\Zattoo

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [18/01/2009|18:32] C:\Program Files\Common Files\Adobe
   [24/12/2008|23:16] C:\Program Files\Common Files\Apple
   [08/10/2008|18:06] C:\Program Files\Common Files\DESIGNER
   [16/01/2008|14:37] C:\Program Files\Common Files\HP
   [02/09/2008|16:01] C:\Program Files\Common Files\InstallShield
   [25/05/2008|18:39] C:\Program Files\Common Files\Java
   [16/01/2008|14:45] C:\Program Files\Common Files\LightScribe
   [16/01/2008|14:45] C:\Program Files\Common Files\LS Getting Started
   [11/10/2008|19:18] C:\Program Files\Common Files\Macrovision Shared
   [02/01/2009|18:14] C:\Program Files\Common Files\microsoft shared
   [16/01/2008|14:46] C:\Program Files\Common Files\muvee Technologies
   [16/01/2008|14:43] C:\Program Files\Common Files\PX Storage Engine
   [27/09/2008|22:12] C:\Program Files\Common Files\Real
   [16/01/2008|14:43] C:\Program Files\Common Files\Roxio Shared
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [07/06/2008|23:29] C:\Program Files\Common Files\Skype
   [16/01/2008|14:44] C:\Program Files\Common Files\Sonic Shared
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [16/01/2008|14:44] C:\Program Files\Common Files\SureThing Shared
   [26/12/2008|15:05] C:\Program Files\Common Files\Symantec Shared
   [17/10/2008|22:38] C:\Program Files\Common Files\System
   [17/10/2008|22:26] C:\Program Files\Common Files\Windows Live
   [10/02/2008|00:10] C:\Program Files\Common Files\WindowsLiveInstaller
   [27/05/2008|19:00] C:\Program Files\Common Files\Wise Installation Wizard
   [27/09/2008|22:12] C:\Program Files\Common Files\xing shared

   --------------------\  Process

   ( 58 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies\charlene@advertstream[1].txt
   C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies\charlene@advertising[2].txt
   C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies\charlene@adopt.euroclick[2].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-01-19 22:23:57
   Windows 6.0.6001 Service Pack 1 NTFS
   detected NTDLL code modification:
   ZwClose
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 638
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\crack_danger[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ME35F7K\spyware-doctor-2009-keygen_ltr[1].gif
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5YZSX29\keygen-spyware-doctor[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5YZSX29\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\82109-spyware-doctor-2009-keygen[1].htm
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\crack_danger3[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVU1RMGM\crack_danger4[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\crack_danger0[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\crack_danger2[1].jpg
   C:\Users\CHARLN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6BDOXFF\keygen_name[1].htm
   C:\Users\CHARLN~1\AppData\Local\Temp\Rar$EX00.289\crack.nfo
   C:\Users\CHARLN~1\AppData\Local\Temp\Rar$EX00.904\keygen.nfo
   C:\Users\CHARLN~1\AppData\Roaming\Microsoft\Windows\Recent\crack.txt.lnk
   C:\Users\CHARLN~1\Desktop\a suppr\crack+keygen.exe
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\crack.txt
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\Photoshop.exe
   C:\Users\CHARLN~1\Desktop
ous 3\crack+keygen.exe
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-118459-spyware doctor crack incl license keys.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-128455-spyware doctor crack setup incl serial.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-81459-spyware doctor crack keymaker by RoR.zip
   C:\Users\CHARLN~1\Favorites\serials nero 9 driver detective avast nero office 2007 spyware doctor nero 8 ad kaspersky internet download manager keygen.name.url


   [F:2204][D:61]-> C:\Users\CHARLN~1\AppData\Local\Temp
   [F:365][D:1]-> C:\Users\CHARLN~1\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:6010][D:7]-> C:\Users\CHARLN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:5][D:3]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 19/01/2009|22:15 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 19/01/2009|22:26 - Option : [2]

   --------------------\  Fin du rapport a 22:26:34
   [ UAC => 1 ]

geoffrey5 · Answer

refais un nouveau rapport hijackthis stp

pcd · Answer

Voilà :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:17, on 19/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

Ok maintenant fais ceci pour vérifier stp :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

&#x25B6; Va dans démarrer puis panneau de configuration 
&#x25B6; Double Clique sur l'icône "Comptes d'utilisateurs" 
&#x25B6; Clique ensuite sur désactiver et valide. 


ensuite :


Option 1 - Recherche :


&#x25B6; télécharge smitfraudfix et enregistre le sur le bureau 
 
&#x25B6; Ensuite double clique sur smitfraudfix puis exécuter

&#x25B6; Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

&#x25B6; copier/coller le rapport dans la réponse.


Voici un tutoriel sonore et animé en cas de problème d'utilisation



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, 
cet utilitaire pourrait arrêter des logiciels de sécurité.)

pcd · Answer

Il me refuse l'accès ...

geoffrey5 · Answer

Tu dois désactiver le contrôle des comptes utilisateurs

pcd · Answer

a oui pardon je n'avais pas redemarré l'ordinateur. :

SmitFraudFix v2.391

Scan done at 23:20:39,73, 19/01/2009
Run from C:\Users\CharlŠne\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CharlŠne


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CHARLN~1\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CharlŠne\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\CHARLN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,C:\Windows\System32\cabview32.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Wi-Fi Wireless LAN USB Adapter
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{ECCFDCE5-B90A-41A5-82DE-A7D8E3E716CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ECCFDCE5-B90A-41A5-82DE-A7D8E3E716CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ECCFDCE5-B90A-41A5-82DE-A7D8E3E716CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

geoffrey5 · Answer

ok maintenant :

Option 2 - Nettoyage :


&#x25B6; redémarre le PC en mode sans échec

&#x25B6; Double cliquer sur smitfraudfix

&#x25B6; Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

&#x25B6; A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

&#x25B6; Enregistre le rapport sur ton bureau


&#x25B6; Redémarrer en mode normal et poster le rapport. 

ensuite refais un nouveau rapport hijackthis stp

pcd · Answer

Voilà je fais l'autre maintenant 

SmitFraudFix v2.391

Scan done at 23:30:21,54, 19/01/2009
Run from C:\Users\CharlŠne\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{ECCFDCE5-B90A-41A5-82DE-A7D8E3E716CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ECCFDCE5-B90A-41A5-82DE-A7D8E3E716CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ECCFDCE5-B90A-41A5-82DE-A7D8E3E716CB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

pcd · Answer

et le rapport Hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:19, on 19/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - 
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) 
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) 
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime     
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"     

puis tu cliques sur fix checked.


ensuite :


Désinstalle Adobe Reader 8.0 et télécharge la dernière version à cette adresse stp :

https://get2.adobe.com/reader/otherversions/


ensuite :


&#x25B6; Télécharge JavaRa.zip
 
&#x25B6; Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

&#x25B6; Double-clique sur le répertoire JavaRa obtenu.

&#x25B6; Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

&#x25B6; Clique sur Search For Updates.

&#x25B6; Sélectionne Update Using jucheck.exe puis clique sur Search.

&#x25B6; Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

&#x25B6; Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

&#x25B6; Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

&#x25B6; Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

 * Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

&#x25B6; Ferme l'application. 


ensuite :


exécute ces logiciels pour supprimer les antivirus que tu as en trop :

désinstaller avast : http://www.commentcamarche.net/telecharger/telecharger 34055246 utilitaire de desinstallation de avast

désinstaller AVG : http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe


ensuite :


&#x25B6; Télécharge RegCleaner

&#x25B6; Une fois installé, double-clique sur son icône pour l'exécuter

&#x25B6; Dans la barre de menu, clique sur Options puis sélectionne Language => Select language

&#x25B6; recherche French.rlg et double-clique dessus pour appliquer la langue

&#x25B6; Clique ensuite sur Outils dans la barre de menu

&#x25B6; Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

&#x25B6; RegCleaner va alors lancer le nettoyage automatiquement

&#x25B6; Coche ensuite les entrées invalides qui sont apparues dans la fenêtre et clique sur Supprimer sélections => Terminer => Quitter


Et ensuite refais un nouveau rapport hijackthis stp

pcd · Answer

voici le premier rapport, je supprime les antivirus en trop

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 20 00:09:53 2009

Found and removed: C:\Program Files\Java\jre1.6.0_04

Found and removed: C:\Program Files\Java\jre1.6.0_06

There was an error removing C:\Program Files\Java\jre1.6.0_07. The error returned was 32.

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\Classes\JavaPlugin.160_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\Classes\JavaPlugin.160_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_04\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_06\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\

------------------------------------

Finished reporting.

pcd · Answer

J'ai eu un petit problème pour désactiver avast... Il y a eu un message d'erreur sinon je pense avoir bien suivi les instructions :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:55, on 20/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conime.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - 
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - 
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) - 
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

Vas regarder dans tes programmes et désinstalle Avast avec le fichier de désinstallation.

pcd · Answer

voilà c'est fait ;-)

geoffrey5 · Answer

Bonjour,

Ok maintenant refais un nouveau rapport hijackthis pour vérifier stp

pcd · Answer

bonsoir,
voilà le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:44, on 22/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Charlène\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - 
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - 
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) - 
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

Bonsoir,

je ne sais pas ce que tu as foutu mais ton PC est maintenant rempli de toolbars infectées  :s

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

&#x25B6; Va dans démarrer puis panneau de configuration 
&#x25B6; Double Clique sur l'icône "Comptes d'utilisateurs" 
&#x25B6; Clique ensuite sur désactiver et valide. 


&#x25B6; Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
  
&#x25B6; Lance l'installation du programme en exécutant le fichier téléchargé. 

&#x25B6; Double-clique maintenant sur le raccourci de Toolbar-S&D. 

&#x25B6; Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 

&#x25B6; Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 

&#x25B6; Poste le rapport généré. (C:\TB.txt)

pcd · Answer

Bonsoir,
aiie...
Oui j'ai installé google toolbar parce que je l'aime bien... C'est deconseillé ?
Voici le rapport:


   -----------\  ToolBar S&D 1.2.2   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Charlène ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
   C:\ (Local Disk) - NTFS - Total : 364 Go Free : 215 Go
   D:\ (Local Disk) - NTFS - Total : 7 Go Free : 1 Go
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
   Option : [1] ( 23/01/2009|22:12 )

   [ UAC => 0 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
   C:\Program Files\Dealio
   C:\Program Files\Dealio\DealioAU.exe
   C:\Program Files\Dealio\kb127
   C:\Program Files\Dealio\SearchSettingsKit.exe
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb127
   C:\Program Files\Search Settings\SearchSettings.exe

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Local Page"="C:\windows\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page Restore"="https://www.google.fr/?gws_rd=ssl"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\CHARLN~1\Desktop\a suppr\crack+keygen.exe
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\crack.txt
   C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\Photoshop.exe
   C:\Users\CHARLN~1\Desktop
ous 3\crack+keygen.exe
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-118459-spyware doctor crack incl license keys.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-128455-spyware doctor crack setup incl serial.zip
   C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-81459-spyware doctor crack keymaker by RoR.zip
   C:\Users\CHARLN~1\Favorites\serials nero 9 driver detective avast nero office 2007 spyware doctor nero 8 ad kaspersky internet download manager keygen.name.url


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 05/10/2008|22:25 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 18/01/2009|22:18 - Option : [1]
   3 - "C:\ToolBar SD\TB_3.txt" - 23/01/2009|22:13 - Option : [1]

   -----------\  Fin du rapport a 22:13:47,52

geoffrey5 · Answer

Bonsoir,

Ce qu'il faut savoir sur les cracks :

le danger des cracks

bagle/beagle

Vas supprimer ce qui est en gras :

C:\Users\CHARLN~1\Desktop\a suppr\crack+keygen.exe
C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack
C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\crack.txt
C:\Users\CHARLN~1\Desktop\a suppr\Nouveau dossier\Adobe PhotoShop CS4\Crack\Photoshop.exe
C:\Users\CHARLN~1\Desktop
ous 3\crack+keygen.exe
C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-118459-spyware doctor crack incl license keys.zip
C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-128455-spyware doctor crack setup incl serial.zip
C:\Users\CHARLN~1\Documents\LimeWire\Incomplete\T-81459-spyware doctor crack keymaker by RoR.zip
C:\Users\CHARLN~1\Favorites\serials nero 9 driver detective avast nero office 2007 spyware doctor nero 8 ad kaspersky internet download manager keygen.name.url 


ensuite :


&#x25B6; Relance Toolbar-S&D en double-cliquant sur le raccourci.

&#x25B6; Tape sur "2" puis valide en appuyant sur "Entrée". 

/!\ Ne ferme pas la fenêtre lors de la suppression /!\ 

&#x25B6; Un rapport sera généré, poste son contenu ici. 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide.

Ce qu'il faut savoir sur les toolbars (barres d'outils) 

ensuite refais un nouveau rapport hijackthis pour vérifier stp

pcd · Answer

voilà^^
   -----------\  ToolBar S&D 1.2.2   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Charlène ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
   C:\ (Local Disk) - NTFS - Total : 364 Go Free : 212 Go
   D:\ (Local Disk) - NTFS - Total : 7 Go Free : 1 Go
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
   Option : [2] ( 24/01/2009| 0:03 )

   [ UAC => 1 ]

   -----------\ SUPPRESSION

   Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
   Supprime! - C:\Program Files\Dealio\DealioAU.exe
   Supprime! - C:\Program Files\Dealio\kb127
   Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
   Supprime! - C:\Program Files\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\Program Files\Dealio
   Supprime! - C:\Program Files\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Local Page"="C:\windows\system32\blank.htm"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Start Page Restore"="https://www.google.fr/?gws_rd=ssl"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 05/10/2008|22:25 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 18/01/2009|22:18 - Option : [1]
   3 - "C:\ToolBar SD\TB_3.txt" - 23/01/2009|22:13 - Option : [1]
   4 - "C:\ToolBar SD\TB_4.txt" - 24/01/2009| 0:05 - Option : [2]

   -----------\  Fin du rapport a  0:05:22,81




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:23, on 24/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - 
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - 
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) - 
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

spyware doctor est très déconseillé

Va désinstaller spyware Doctor.

ensuite :

relance hijackthis en cliquant sur scan onlye et coches ces lignes stp :

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) 
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"     

puis tu cliques sur fix checked.


Est-ce que tu as encore des problèmes ??

pcd · Answer

Ba il va vraiment plus vite donc c'est super !! :-)
Merci beaucoup pour ses réponses aussi rapide.
Par contre je ne sais pas si c'est normal mais dans le gestionnaire de tâche l'UC est souvent utilisée à 100% lorsque je ne fais rien et autre petit soucis mais je ne pense pas que vous ça peut s'arranger sur internet. Mais ça fait trois fois que je change mon clavier parce que lorsque je montais ou baissais le son il y avait un indicateur mais à chaque fois que mon ordi est infecté les touches reagissent mais il n'y a plus d'indicateur  à l'écran... Mais bon c'est un problème pas très important :-) et je ne sais pas si je me suis bien exprimée...
Ce qui compte c'est que l'ordinateur ne soit plus infecté.

Merci beaucoup

geoffrey5 · Answer

Mais de rien, ce n'est pas terminé...

Quel est le processus qui prend beaucoup de ressources ??

pcd · Answer

Il y a csrss.ex, Domino.exe, dwm.exe ceux là prennent beaucoup de ressources mais il y en a d'autres.
Souvent il y a internet explorer alors qu'il n'est pas ouvert aussi ...

geoffrey5 · Answer

- Dans la barre des tâches, cliquer sur Démarrer puis sur Exécuter.

- Taper Msconfig puis cliquer sur OK

- Cliquer sur l'onglet "Démarrage"

- Décocher la case csrss

- Ensuite cliquer sur Appliquer ==> OK

- Ensuite redémarre le PC

Ensuite fais ceci pour vérifier stp :

&#x25B6; Telecharge FindyKill sur ton bureau :

&#x25B6; Lance l installation avec les parametres par default

&#x25B6; Double clic sur le raccourci FindyKill sur ton bureau

&#x25B6; Au menu principal,choisi l option 1 (Recherche)

&#x25B6; Post le rapport FindyKill.txt

 * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

geoffrey5 · Answer

Oups, j'avais oublié que tu étais sous vista..

Cliques sur Démarrer puis tape msconfig dans la zone Rechercher

pcd · Answer

Je cherche mais pourtant je ne trouve pas csrss dans démarage ...

geoffrey5 · Answer

Passe FindyKill stp

pcd · Answer

###################### [ FindyKill V4.714 ] # User : CharlŠne - PC-DE-CHARLÔNE # Emplacement : C:\Program Files\FindyKill # Outils Mis a jours le 19/01/09 par Chiquitine29 # Recherche effectuée à 1:21:38 le 24/01/2009 # Windows Vista - Internet Explorer 7.0.6001.18000 # [ FindyKill V4.714 - Scan ] ############## \\\\\\\\\\ [ Processus actifs ] /////////////////// C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32 askeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Windows\system32\svchost.exe C:\Windows\system32 askeng.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\WINDOWS\ZSSnp211.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conime.exe \\\\\\\\\ [ Fichiers/Dossiers infectieux ] /////////////////// ################## [ C:\ ] ################## [ C:\Windows ] ################## [ C:\Windows\Prefetch ] Found ! - C:\Windows\Prefetch\O4PATCH.EXE-E64A4D7C.pf ################## [ C:\Windows\system32 ] ################## [ C:\Windows\system32\drivers ] ################## [ C:\Users\CharlŠne\AppData\Roaming ] ################## [ C:\Users\CHARLN~1\AppData\Local\Temp ] \\\\\\\\\ [ Registre / Startup ] /////////////////// [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion un] Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background ehTray.exe=C:\Windows\ehome\ehTray.exe swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Orb="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion un\OsdMaestro= ModelName=5189URF Version=1.00.007 Language=1 (0x1) HKEY_CURRENT_USER\software\microsoft\windows\currentversion un\OsdMaestro\Config= DisplayLabel=0 (0x0) TaskbarIcon=1 (0x1) ShowLockOSD=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] RegistryMechanic= ZSSnp211=C:\Windows\ZSSnp211.exe Domino=C:\Windows\Domino.exe SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents= = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\IMAIL= Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MAPI= NoChange=1 Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MSFS= Installed=1 = \\\\\\\\\ [ Registre / Clés infectieuses ] /////////////////// \\\\\\\\\ [ Etat / Services ] /////////////////// # Services : [ Auto=2 / Demande=3 / Désactivé=4 ] Ndisuio - # Type de démarrage = 3 EapHost - # Type de démarrage = 3 Wlansvc - # Type de démarrage = 2 SharedAccess - # Type de démarrage = 2 wuauserv - # Type de démarrage = 2 /!\ wscsvc - # Type de démarrage = 4 WinDefend - # Type de démarrage = 2 /!\ UAC is Disable -> Start = 0x0 \\\\\\\\\ [ Recherche dans supports amovibles] /////////////////// # Informations : C: - Lecteur fixe D: - Lecteur fixe # presence des fichiers : \\\\\\\\\ [ Registre / Mountpoint2 ] /////////////////// -> Not found ! ################## [ ! Fin du rapport # FindyKill V4.714 ! ]

geoffrey5 · Answer

&#x25B6; Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.

&#x25B6; Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


&#x25B6; Fais clic droit sur le raccourci FindyKill sur ton bureau

&#x25B6; Choisi executer en tant qu administrateur

&#x25B6; Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

&#x25B6; ensuite post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque


/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\


A lire :

le danger des cracks

bagle/beagle

pcd · Answer

ok donc je met mon disque dur externe aussi vu que j'ai beaucoup de fichiers dedans mais ça ne supprimera rien hein ?

geoffrey5 · Answer

ça ne supprimera rien d'autres que des infections si il y en a  ;-)

pcd · Answer

###################### [ FindyKill V4.714 ]

# User : CharlŠne - PC-DE-CHARLÔNE
# Executed from : C:\Program Files\FindyKill
# Update on 19/01/09 by Chiquitine29
# Start at  2:00:36 the 24/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000
 
# [ FindyKill V4.714 - Deleting ] ############### 
 
\\\\\\\\\  [ Active Processes ]  ///////////////////  
 

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\userinit.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32unonce.exe
C:\WINDOWS\SMINSTemind.exe
C:\Windows\system32\conime.exe
C:\Windows\system32	askeng.exe
 
\\\\\\\\\  [ Infected Files / Folders ]  ///////////////////  
 
 
################## [ C:\ ] 
 
 
################## [ C:\Windows ] 
 
 
################## [ C:\Windows\Prefetch ] 
 
Deleted ! - C:\Windows\prefetch\O4PATCH.EXE-E64A4D7C.pf 
 
################## [ C:\Windows\system32 ] 
 
 
################## [ C:\Windows\system32\drivers ] 
 
 
################## [ C:\Users\CharlŠne\AppData\Roaming ] 
 
 
################## [ C:\Users\CHARLN~1\AppData\Local\Temp ] 
 
 
################## [ C:\Users\CharlŠne\Local Settings\Temporary Internet Files\Content.IE5 ] 
 
 
\\\\\\\\\  [  Registry / Infected keys ]  ///////////////////  
 
 
\\\\\\\\\  [ States / Restarting of services ]  ///////////////////  
 

# Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio - # Type of startup  = 3 
 
EapHost - # Type of startup  = 2 
 
Wlansvc - # Type of startup  = 2 
 
SharedAccess - # Type of startup  = 2 
 
wuauserv - # Type of startup  = 2 
 
wscsvc - # Type of startup  = 2 
 
WinDefend - # Type of startup  = 2 
 
-> UAC is Enable  
 
\\\\\\\\\  [ Cleaning Removable drives ]  ///////////////////  
 
# Informations : 

C: - Lecteur fixe
D: - Lecteur fixe
J: - Lecteur fixe
 
# deleting files : 
 
 
\\\\\\\\\  [ Registry / Mountpoint2 ]  ///////////////////  
 
 
 -> Not found ! 
 
 
\\\\\\\\\  [ Searching Other Infections ]  ///////////////////  
 
 
\\\\\\\\\  [ Searching Cracks / Keygen ]  ///////////////////  
 
 
################## [ ! End of report # FindyKill V4.714 ! ]

geoffrey5 · Answer

Bonjour,

tu peux faire ceci pour terminer stp :

Voici un excellent petit logiciel très utile qui te permettra de savoir les nouvelles mises à jour disponibles pour les différents logiciels installés sur ton PC :

&#x25B6; Télécharge Update Checker

&#x25B6; Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.

&#x25B6; Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.

&#x25B6; Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.

&#x25B6; Un conseil : n'installe pas les BETA qui sont listées en dessous.

&#x25B6; Tu installes les mises à jour que tu désires, les plus importantes sont :

&#9679; Java

&#9679; Adobe Reader

&#9679; Adobe Flash Player

&#9679; Internet explorer


Ensuite :


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

&#x25B6; Va dans démarrer puis panneau de configuration 
&#x25B6; Double Clique sur l'icône "Comptes d'utilisateurs" 
&#x25B6; Clique ensuite sur désactiver et valide. 


Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :  

&#x25B6; Télécharge Toolscleaner sur ton Bureau  


&#x25B6; Double-clique sur ToolsCleaner2.exe et laisse le travailler 
&#x25B6; Clique sur Recherche et laisse le scan se terminer. 
&#x25B6; Clique sur Suppression pour finaliser. 
&#x25B6; Tu peux, si tu le souhaites, te servir des Options facultatives. 
&#x25B6; Clique sur Quitter, pour que le rapport puisse se créer. 
&#x25B6; Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse




Désactive et réactive la Restauration du système :


Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire : 

 
Voici un tutoriel qui t expliquera comment désactiver et réactiver la restauration du système.


Tu peux mettre ton problème résolu !! Comment mettre résolu ??


Ensuite vas réactiver le contrôle des comptes et créer un point de restauration !! IMPORTANT


IMPORTANT : lire les quelques liens pour la prévention et la sécurité de votre PC qui se trouvent en bas de la page !!


Pour les utilisateurs de Firefox :

Voici une extension à télécharger qui vous permettra, en faisant vos recherches sur google, de savoir si le site proposé lors de vos recherches est un site de confiance ou un site à éviter car il pourrait infecter votre PC :

https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

Il faut cliquer sur "Ajouter à Firefox"

pcd · Answer

Euh quel pare-feu me conseillez vous?
Et une petite dernière chose: je ne sais plus ce que j'avais fait mais antivir est introuvable. Il figure toujours dans mes programme mais je ne peux plus le desinstaller car il ne le trouve pas... Comment je pourrais le retelecharger? ou si vous en avez un autre gratuit à me conseillez ce serait parfait^^

Merci d'avance :-)

pcd · Answer

a oui et aussi comment je crée un point de restauration ? je pose beaucoup de questions^^

geoffrey5 · Answer

Comme pare feu je te conseille Kerio qui est très bien...

Voici un tutoriel

As-tu quitté Antivir en faisant un clic droit sur son icone dans le barre des tâches avant d'aller le désinstaller ??

pcd · Answer

iil n'est même pas dans ma barre de tâches...

geoffrey5 · Answer

Fais une recherche en tapant antivir et supprime tout ce qu'il trouvera

pcd · Answer

Voilà c'est fait mais il reste avira antivir personal je ne peux pas le supprimer ...

geoffrey5 · Answer

Essaye de le supprimer en mode sans échec

pcd · Answer

J'ai essayé mais impossible de le supprimer voilà ce qu'il me dit " setup could not determine the feature control file or was not able to read it correctly" et en tappant cette phrase dans google j'ai vu que d'autre avaient ce problème...

geoffrey5 · Answer

Essaye de le réinstaller par dessus et de le désinstaller ensuite

pcd · Answer

Aurais-tu un lien pourque je puisse l'installer stp ?

geoffrey5 · Answer

Antivir

Voici un tutoriel pour l'installer et l'utiliser correctement.

Voici aussi un autre tutoriel pour Antivir en français : http://www.libellules.ch/tuto_antivir.php

pcd · Answer

j'ai essayé mais il m'affiche encore le même message... que faire ?

geoffrey5 · Answer

refais un rapport hijackthis stp

pcd · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:35, on 24/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\WINDOWS\ZSSnp211.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - 
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - 
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) - 
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\Windows\System32\cabview32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

geoffrey5 · Answer

Ouvre le gestionnaire des tâches :

* Presser les touches Ctrl+Alt+Del pour ouvrir le gestionnaire des tâches.

* Cliquer sur l'onglet "Processus"

* Faire un clic gauche sur sched.exe et cliquer sur "Terminer le processus".

* Faire un clic gauche sur avguard.exe et cliquer sur "Terminer le processus".

Ensuite réessaye de le désinstaller.

pcd · Answer

bizarre mais aucun des deux ne figure dans les processus

geoffrey5 · Answer

* Dans la barre des tâches, cliquer sur Démarrer puis sur Exécuter.

* Taper Msconfig puis cliquer sur OK

* Cliquer sur l'onglet "Services"

* Décocher les cases Avira AntiVir Personal

* Ensuite cliquer sur Appliquer ==> OK

* Et ensuite redémarrer le PC

pcd · Answer

c'est fait

geoffrey5 · Answer

Ok... Maintenant réessaye de le désinstaller stp

pcd · Answer

non ça marche toujours pas :-(

Et puis mon internet va très doucement et lorsque je clique sur un lien la fenêtre ne s'affiche pas entiierement...

pcd · Answer

...

geoffrey5 · Answer

Bonsoir,

Essaye avec ceci stp :

http://dlpro.antivir.com/down/windows/registrycleaner_en.zip

pcd · Answer

voilà j'ai supprimé ce qu'il a trouvé ...

geoffrey5 · Answer

Bonsoir,

As-tu essayé de le désinstaller ?

pcd · Answer

apperment il n'est plus dans mes programmes ...^^

geoffrey5 · Answer

réessaye de l'installer stp

pcd · Answer

a oui ça marche :-)

geoffrey5 · Answer

Ok  ;-)

Avais tu fais tout de ce message ci ??

pcd · Answer

non je ne sais pas comment creer un point de restauration ...

geoffrey5 · Answer

Bonjour,

regarde le tutoriel que je t'ai donné pour désactiver et réactiver la restauration du système et tu trouveras comment créer ensuite un nouveau point de restauration  ;-)

pcd · Answer

Oui j'ai tout fait alors^^

geoffrey5 · Answer

Bonjour,

Si tu as fais tout ce message ci alors c'est bon  ;-)

pcd · Answer

D'accord ba merci beaucoup :-) Donc normalement je ne suis plus infectée
PAr contre pour le mettre en "résolu" je n'y arrive pas ... je crois qu'il faut demander aux modérateurs."
Voilà merci encore de votre aide et de vos réponses rapides.

geoffrey5 · Answer

Mais de rien, je t'ai aidé avec plaisir...

Etant contributeur, je peux le faire à ta place aussi  ;-)

Le bouton résolu se trouve au dessus de ton premier message mais il faut être membre pour pouvoir le cocher soi-même, tu le sauras pour la prochaine fois  ;-)

@+

pcd · Answer

Merci encore :-)

Mon ordinateur est infecté !!

86 réponses

Votre réponse

Newsletters