virus muwmseq.exe

Question

Bonjour,
je viens de terminer un scan antivirus en ligne avec bitdefender et voila le rapport. Je suis infecter par 8 virus sur 11 fichiers et bitdefender a pu effacer 10 fichier sans desinfecter totalement le virus (d'apres ce que j ai compris). Il semblerait que le virus muwmseq.exe qui figure dans mon gestionnaire des taches, lui n a pas pu etre desinfecter ni supprimer.

Quelqu un aurait il l amabilite de m aider s il vous plait a rendre mon PC propre?
De plus j ai un problemem avec mozilla qui n arrete pas le processus quand je le ferme mais ca viens peut etre du virus?

BitDefender Online Scanner
  
  
 
Scan report generated at: Tue, Apr 14, 2009 - 19:19:15
 
 
  
  
 
Scan path: C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistics
 
Time
 09:38:16
 
Files
 645834
 
Folders
 10037
 
Boot Sectors
 0
 
Archives
 13609
 
Packed Files
 41926
 
  
  
 
Results
 
Identified Viruses 
 8
 
Infected Files 
 11
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 10
 
  
  
 
Engines Info
 
Virus Definitions
 2846444
 
Engine build
 AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
 
Scan plugins
 17
 
Archive plugins
 45
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 4
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\THAT ME\Local Settings\Application Data\muwmseq.exe
 Infected with: Gen:Trojan.Heur.21659AB1B1
 
C:\Documents and Settings\THAT ME\Local Settings\Application Data\muwmseq.exe
 Disinfection failed
 
C:\Documents and Settings\THAT ME\Local Settings\Application Data\muwmseq.exe
 Delete failed
 
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32
 Infected with: Backdoor.Generic.89850
 
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP101\A0023915.exe
 Infected with: Gen:Adware.Heur.C0E01F0F0F
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP101\A0023915.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP101\A0023915.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP110\A0027277.exe
 Detected with: Adware.NaviPromo.Gen.5
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP110\A0027277.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP110\A0027277.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP127\A0031437.exe
 Infected with: Gen:Adware.Heur.21619E8E8E
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP127\A0031437.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP127\A0031437.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP131\A0032617.exe
 Detected with: Adware.NaviPromo.Gen.5
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP131\A0032617.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP131\A0032617.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP136\A0034487.exe
 Infected with: Gen:Adware.Heur.C0E01F0F0F
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP136\A0034487.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP136\A0034487.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP142\A0037852.exe
 Infected with: Gen:Adware.Heur.F0C03F2F2F
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP142\A0037852.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP142\A0037852.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP147\A0040701.exe
 Infected with: Gen:Adware.Heur.F0C03F2F2F
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP147\A0040701.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP147\A0040701.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP153\A0041747.exe
 Infected with: Gen:Adware.Heur.F0B04F5F5F
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP153\A0041747.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP153\A0041747.exe
 Deleted
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP99\A0020904.exe
 Detected with: Adware.NaviPromo.Gen.3
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP99\A0020904.exe
 Disinfection failed
 
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP99\A0020904.exe
 Deleted

archet9 · Answer

Salut poulain 13

Cliques sur ce lien : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Clique sur navilog1.exe pour le télécharger 
Choisis Enregistrer 

et enregistre-le sur ton bureau. 

Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valide. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Terminée le ..... *** 
Appuie sur une touche comme demandé, le bloc note va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le bloc note. 
Le rapport est en outre sauvegardé à la racine du disque (C:\fixnavi.txt) 
poste le rapport obtenu 
a+

archet9 · Answer

Tu cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider. 
Au menu principal, choisis 2 et valide. 
(ne fais pas le choix ,3 ou 4 sans notre avis/accord) 

Le fix va t'informer qu'il va alors redémarrer ton PC 
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts 
Appuies sur une touche comme demandé. 
(si ton Pc ne redémarre pas automatiquement, fais le toi même) 
Au redémarrage de ton PC, choisis ta session habituelle. 

Patiente jusqu'au message : 
*** Nettoyage Termine le ..... *** 
Le bloc-notes va s'ouvrir. 
Sauvegarde le rapport de manière à le retrouver 
Referme le bloc-notes. Ton bureau va réapparaitre 

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches. 
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter" 
Tape explorer et valide. Celà te fera apparaitre ton bureau. 

Poste le rapport

Ensuite:
Pour voir si rien d'autre:
télécharge RSIT (de random/random) sur le bureau ici : (outil de diagnostic)
http://images.malwareremoval.com/random/RSIT.exe 

- Double clique sur RSIT.exe qui est sur le bureau 
- Clique sur Continue dans la fenêtre 
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence 
- Poste le contenu de log.txt   uniquement à la fin de l’analyse 

Les rapports sont dans le dossier ici C:\rsit

a+

poulain13 · Answer

voila le rapport, 

je peux commencer l'autre analyse RSIT ou apres que tu ai vu le rapport?

Clean Navipromo version 3.7.6 commencé le Wed 04/15/2009 à  8:16:01.32

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M CPU        420  @ 1.60GHz )
BIOS : Ver 1.00PARTTBL
USER : THAT ME ( Administrator )
BOOT : Normal boot

Antivirus : Norton Internet Security 16.0.0.125 (Activated)
Firewall  : Norton Internet Security 16.0.0.125 (Activated)

C:\ (Local Disk) - NTFS - Total:66 Go (Free:12 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
E:\ (CD or DVD)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\THAT ME\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Suppression dans "C:\DOCUME~1\fabien\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\startm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\THAT ME\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\fabien\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\THAT ME\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\fabien\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\THAT ME\startm~1\programs" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\THAT ME\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *



* Dans "C:\Documents and Settings\THAT ME\locals~1\applic~1" * 


muwmseq.exe trouvé ! 
Copie muwmseq.exe réalisée avec succès !
muwmseq.exe supprimé !

muwmseq.dat trouvé ! 
Copie muwmseq.dat réalisée avec succès !
muwmseq.dat supprimé !

muwmseq_nav.dat trouvé ! 
Copie muwmseq_nav.dat réalisée avec succès !
muwmseq_nav.dat supprimé !

muwmseq_navps.dat trouvé ! 
Copie muwmseq_navps.dat réalisée avec succès !
muwmseq_navps.dat supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



* Dans "C:\DOCUME~1\fabien\locals~1\applic~1" * 



*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le Wed 04/15/2009 à  8:25:28.26 ***

poulain13 · Answer

voila le rapport log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by THAT ME at 2009-04-15 08:32:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (19%) free of 68 GB
Total RAM: 502 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:00 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\THAT ME\Temporary Internet Files\Content.IE5\G1I74T27\RSIT[1].exe
C:\Program Files	rend micro\THAT ME.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://isp.netscape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.aol.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c98bdb385e2544) (gupdate1c98bdb385e2544) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

poulain13 · Answer

voila le rapport log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by THAT ME at 2009-04-15 08:32:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (19%) free of 68 GB
Total RAM: 502 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:00 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\THAT ME\Temporary Internet Files\Content.IE5\G1I74T27\RSIT[1].exe
C:\Program Files	rend micro\THAT ME.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://isp.netscape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.aol.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c98bdb385e2544) (gupdate1c98bdb385e2544) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

archet9 · Answer

Eh bien....On a bien fait de continuer!!!!
Télécharges Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis directement l'option 2 (Supression). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

ENSUITE:
Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :  

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

Tu l´installes; mets le a jour...(onglet mise a jour)
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".  
Laisse le scanner le pc... 
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copies et colles le rapport stp.

PUIS:
Relances 1 nouveau RSIT et colles moi le LOG.TXT...

a+

poulain13 · Answer

voici le rapport


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M CPU        420  @ 1.60GHz )
   BIOS : Ver 1.00PARTTBL
   USER : THAT ME ( Administrator )
   BOOT : Normal boot
   Antivirus : Norton Internet Security 16.0.0.125 (Activated)
   Firewall  : Norton Internet Security 16.0.0.125 (Activated)
   C:\ (Local Disk) - NTFS - Total:66 Go (Free:12 Go)
   D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( Wed 04/15/2009| 9:17 )
   C:\WINDOWS\iun6002.exe

   -----------\ SUPPRESSION

   Supprime! - [Service] ASKService
   Supprime! - [Service] ASKUpgrade
   Supprime! - C:\Program Files\AskBarDis\bar
   Supprime! - C:\Program Files\AskBarDis\unins000.dat
   Supprime! - C:\Program Files\AskBarDis\unins000.exe
   Supprime! - C:\WINDOWS\iun6002.exe
   Supprime! - C:\Program Files\AskBarDis

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (fabien) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="http://google.atcomet.com/b/"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Bar"="https://isp.netscape.com/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.aol.com/"
   "Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q="
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - Wed 04/15/2009| 9:20 - Option : [2]

   -----------\  Fin du rapport a  9:20:55.87

poulain13 · Answer

l autre rapport et encore une fois merci, j aurais jamais pu faire ca tout seul lol:



Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1987
Windows 5.1.2600 Service Pack 3

4/15/2009 9:38:46 AM
mbam-log-2009-04-15 (09-38-46).txt

Type de recherche: Examen rapide
Eléments examinés: 78824
Temps écoulé: 8 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\rhcemjj0e705 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcemjj0e705 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhcemjj0e705 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\rhcemjj0e705\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\THAT ME\Application Data\rhcemjj0e705\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\rhcemjj0e705\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcemjj0e705\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcemjj0e705\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcemjj0e705\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcemjj0e705\rhcemjj0e705.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\fabien\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

poulain13 · Answer

le rapport log txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by THAT ME at 2009-04-15 09:49:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (19%) free of 68 GB
Total RAM: 502 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:24 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\THAT ME\Desktop\anti virus\RSIT.exe
C:\Program Files	rend micro\THAT ME.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://isp.netscape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.aol.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c98bdb385e2544) (gupdate1c98bdb385e2544) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

archet9 · Answer

Compte tenu de l'heure de tes rapports: Est-il indiscret de te demander d'ou tu écris?
La Réunion?
Ensuite: 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau : 
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\ 
---> Double-clique sur Combofix.exe 
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...". 
Accepte en cliquant sur "Oui" 

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ 
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+

poulain13 · Answer

voila le rapport, je t ecris de mexico city j y suis depuis janvier a la recherche de boulot. Ma copine est mexicaine je l ai rencontre y a deux ans quand j etudiais a mexico.


ComboFix 09-04-15.08 - THAT ME 04/15/2009 10:35.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.502.217 [GMT -7:00]
Running from: c:\documents and settings\THAT ME\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((((   Files Created from 2009-03-15 to 2009-04-15  )))))))))))))))))))))))))))))))
.

2009-04-15 16:26 . 2009-04-15 16:26	--------	d-----w	c:\documents and settings\THAT ME\Application Data\Malwarebytes
2009-04-15 16:26 . 2009-04-06 22:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-15 16:26 . 2009-04-06 22:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 16:16 . 2009-04-15 16:20	--------	d-----w	C:\ToolBar SD
2009-04-15 15:32 . 2009-04-15 15:33	--------	d-----w	C:sit
2009-04-15 15:25 . 2008-06-06 01:18	5737	----a-w	c:\documents and settings\fabien\Local Settings\Application Data\gnc.exe
2009-04-15 15:25 . 2008-06-06 01:18	5737	----a-w	c:\documents and settings\THAT ME\Local Settings\Application Data\gnc.exe
2009-04-15 14:35 . 2008-06-06 01:18	5737	----a-w	c:\windows\system32\gnc.exe
2009-04-14 14:37 . 2009-04-15 02:19	--------	d-----w	c:\windows\BDOSCAN8
2009-04-06 21:27 . 2009-04-15 17:31	--------	d-----w	c:\documents and settings\THAT ME\Application Data\uTorrent
2009-03-19 01:38 . 2009-03-19 01:38	--------	d-----w	c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 17:43 . 2006-08-19 09:49	313	----a-w	C:\hpqp.ini
2009-04-15 17:43 . 2006-08-19 09:49	39	----a-w	C:\XP_TV.ini
2009-04-15 16:49 . 2009-04-15 15:32	--------	d-----w	c:\program files	rend micro
2009-04-15 16:26 . 2009-04-15 16:26	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-15 16:20 . 2009-04-15 16:17	2217	----a-w	C:\TB.txt
2009-04-15 15:25 . 2009-04-15 15:16	3772	----a-w	C:\cleannavi.txt
2009-04-15 15:25 . 2009-04-15 14:15	--------	d-----w	c:\program files\Navilog1
2009-04-15 14:37 . 2009-04-15 14:18	3610	----a-w	C:\fixnavi.txt
2009-04-14 14:18 . 2009-02-27 22:05	--------	d-----w	c:\documents and settings\THAT ME\Application Data\Azureus
2009-04-13 23:47 . 2009-02-27 22:04	--------	d-----w	c:\program files\Vuze
2009-04-13 22:00 . 2008-08-31 16:57	--------	d-----w	c:\program files\Norton Security Scan
2009-04-08 14:57 . 2008-12-12 21:42	--------	d-----w	c:\documents and settings\THAT ME\Application Data\dvdcss
2009-04-06 21:27 . 2009-04-06 21:27	--------	d-----w	c:\program files\uTorrent
2009-04-06 03:24 . 2006-08-19 08:16	--------	d-----w	c:\program files\Java
2009-04-01 01:00 . 2007-12-27 10:54	--------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-26 16:29 . 2008-12-04 06:41	--------	d-----w	c:\program files\Peer2Peer
2009-03-25 22:02 . 2008-11-17 21:58	--------	d-----w	c:\program files\Symantec
2009-03-25 22:02 . 2008-11-17 21:58	805	----a-w	c:\windows\system32\drivers\SYMEVENT.INF
2009-03-25 22:02 . 2008-11-17 21:58	7386	----a-w	c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-25 22:02 . 2008-11-17 21:58	60808	----a-w	c:\windows\system32\S32EVNT1.DLL
2009-03-25 22:02 . 2008-11-17 21:58	124464	----a-w	c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-12 09:03 . 2008-12-20 00:47	36400	----a-r	c:\windows\system32\drivers\SymIM.sys
2009-03-09 12:19 . 2008-12-26 21:31	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-04 19:54 . 2008-10-13 00:14	--------	d-----w	c:\documents and settings\THAT ME\Application Data\HP
2009-02-27 22:06 . 2009-02-27 22:06	--------	d-----w	c:\documents and settings\All Users\Application Data\Azureus
2009-02-27 22:05 . 2009-02-27 22:05	--------	d-----w	c:\program files\AskSearch
2009-02-27 21:45 . 2009-02-27 21:32	--------	d-----w	c:\program files\BitComet
2009-02-27 18:45 . 2008-11-19 04:20	--------	d-----w	c:\documents and settings\THAT ME\Application Data\LimeWire
2009-02-27 00:54 . 2008-12-03 05:28	--------	d-----w	c:\program files\DivX
2009-02-26 01:12 . 2008-09-23 01:46	103064	----a-w	c:\documents and settings\THAT ME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-26 01:10 . 2009-02-10 23:51	--------	d-----w	c:\program files\Google
2009-02-26 00:30 . 2006-08-19 08:16	--------	d-----w	c:\program files\Common Files\Sonic Shared
2009-02-26 00:29 . 2006-08-19 08:16	--------	d-----w	c:\program files\Sonic
2009-02-26 00:23 . 2006-08-19 09:55	--------	d-----w	c:\documents and settings\All Users\Application Data\WildTangent
2009-02-26 00:14 . 2009-02-25 22:54	--------	d-----w	c:\program files\Mérops
2009-02-09 11:13 . 2008-12-02 18:26	1846784	------w	c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-04 21:00	1846784	----a-w	c:\windows\system32\win32k.sys
2008-09-23 01:49 . 2008-09-23 01:46	130	----a-w	c:\documents and settings\THAT ME\Local Settings\Application Data\fusioncache.dat
2008-07-18 17:10 . 2007-09-10 21:38	1112	----a-w	c:\documents and settings\fabien\Application Data\wklnhst.dat
2008-04-16 10:14 . 2008-04-16 10:14	32	----a-w	c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-25 14:08 . 2008-01-25 14:08	14290	----a-w	c:\program files\settings.dat
2007-12-27 11:10 . 2007-09-10 22:57	102672	----a-w	c:\documents and settings\fabien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-09-10 22:59 . 2007-09-10 22:57	129	----a-w	c:\documents and settings\fabien\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1b05fc31-35fb-4d12-86b9-d88a52736349}"= "c:\program files\Peer2Peer	bPee1.dll" [2009-03-26 1883672]

[HKEY_CLASSES_ROOT\clsid\{1b05fc31-35fb-4d12-86b9-d88a52736349}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b05fc31-35fb-4d12-86b9-d88a52736349}]
2009-03-26 16:29	1883672	----a-w	c:\program files\Peer2Peer	bPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1b05fc31-35fb-4d12-86b9-d88a52736349}"= "c:\program files\Peer2Peer	bPee1.dll" [2009-03-26 1883672]

[HKEY_CLASSES_ROOT\clsid\{1b05fc31-35fb-4d12-86b9-d88a52736349}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1B05FC31-35FB-4D12-86B9-D88A52736349}"= "c:\program files\Peer2Peer	bPee1.dll" [2009-03-26 1883672]

[HKEY_CLASSES_ROOT\clsid\{1b05fc31-35fb-4d12-86b9-d88a52736349}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-06-23 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Readereader_sl.exe [2005-9-23 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11247:TCP"= 11247:TCP:BitComet 11247 TCP
"11247:UDP"= 11247:UDP:BitComet 11247 UDP

R2 gupdate1c98bdb385e2544;Google Update Service (gupdate1c98bdb385e2544);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-03-24 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090408.002\IDSxpx86.sys [2009-04-01 276344]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]

.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 17:55]

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 23:55]

2009-04-13 c:\windows\Tasks\Norton Security Scan for THAT ME.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]

2009-04-13 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:18]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
mWindow Title = 
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\THAT ME\Application Data\Mozilla\Firefox\Profiles\va0oxh8w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF - plugin: c:\program files\Google\Update\1.2.141.5
pGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 10:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???p[??????`?@?????L?@ 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2796)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-04-15 10:48 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-15 17:47
ComboFix2.txt  2008-09-09 12:47

Pre-Run: 17,419,460,608 bytes free
Post-Run: 17,685,028,864 bytes free

220	--- E O F ---	2009-03-19 01:43

archet9 · Answer

E ffectivement... le soleil tourne ds le bon sens d'est en ouest... et "excuses" car je te voyais de l'autre coté de la planète...Pero eso no es importante..!!!
Lo mas importante es la salud del pc...
On continue:
Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau. 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

! Déconnectes toi et fermes toute tes applications en cours ! 

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg . 
Puis copies ce qui se trouve en gras ci-dessous, 


:Processes
explorer.exe




:Files
 c:\windows\system32\gnc.exe
 c:\program files\AskSearch 



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

et colles le dans le cadre de gauche de OTMoveIt3 : 
Paste Instructions for items to be moved. (ne touche à rien d'autre !) 

-> cliques sur MoveIt! pour lancer la suppression. 
-> laisses travailler l'outil ... 

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .) 

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " . 

Ton PC va redémarrer de lui même ... 

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
 Hasta la vista !

poulain13 · Answer

voici le rapport,

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\gnc.exe moved successfully.
c:\program files\AskSearch\bin moved successfully.
c:\program files\AskSearch moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\THATME~1\LOCALS~1\Temp\~DF21C6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\JET5493.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_17c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_244.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04152009_115850

Files moved on Reboot...
File C:\DOCUME~1\THATME~1\LOCALS~1\Temp\~DF21C6.tmp not found!
File C:\WINDOWS	emp\JET5493.tmp not found!
File C:\WINDOWS	emp\Perflib_Perfdata_17c.dat not found!
File C:\WINDOWS	emp\Perflib_Perfdata_244.dat not found!

archet9 · Answer

Je pense.. j'espère que ton nouveau RSIT ne montrera plus rien... j'attends le log.text... a+

poulain13 · Answer

voila le rapport, j espere que c bon 

Logfile of random's system information tool 1.06 (written by random/random)
Run by THAT ME at 2009-04-15 12:36:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (25%) free of 68 GB
Total RAM: 502 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:20 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\THAT ME\Desktop\anti virus\RSIT.exe
C:\Program Files	rend micro\THAT ME.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Peer2Peer Toolbar - {1b05fc31-35fb-4d12-86b9-d88a52736349} - C:\Program Files\Peer2Peer	bPee1.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Google Update Service (gupdate1c98bdb385e2544) (gupdate1c98bdb385e2544) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

archet9 · Answer

Super,!!!!! poulain13
POUR MOI C'EST OK....

PS: je poste de bretagne.

Pour desinstaller les outils utilisés

Telecharge ToolsCleaner2--> 
http://pc-system.fr/ 
-Une fois téléchargé, installe-le et lance-le 
-Clique sur Recherche et laisse le scan se terminer 
-Clique sur SUPPRESSION 
-Clique sur Quitter pour que le rapport puisse se créer
-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt 


puis
---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html 

 * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... 
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).  
* Décoche la case plus vieux que 48 h 

 

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger : 
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme 

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème : 
https://www.vulgarisation-informatique.com/creer-point-restauration.php 

ENSUITE:

RELANCES 1 scan BITDEFENDER en ligne : et contactes moi si probleme(s)

Vraiment ravi de cette incursion au MEXIQUE....

A+

poulain13 · Answer

c moi qui suis ravi tu m a super bien aide merci enormement.

Je t envoi le rapport t cleaner:

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\THAT ME\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\Navilog1.exe: trouvé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\Navilog1.lnk: trouvé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\ToolBarSD.exe: trouvé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\cleannavi.txt: trouvé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\Rsit.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\THAT ME\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\THAT ME\Desktop\anti virus\Navilog1.exe: supprimé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\Navilog1.lnk: supprimé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\ToolBarSD.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\cleannavi.txt: supprimé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\THAT ME\Desktop\anti virus\Rsit.exe: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !

poulain13 · Answer

J ai tout fait chef,merci beaucoup je vais lancer le scan bitdefender mais je crois que ca dure pas mal de temps donc des que j ai le rapport je t envoie ca..

Merci beaucoup pour ton aide et ta sympathie.
A bientot, 

PS: comment je procede si je dois utiliser mon point de restauration?
merci

poulain13 · Answer

Au fait tu viens d ou de bretagne, de la brest cost ou de lorient geles ???

a plus

archet9 · Answer

de la brest cost ou de lorient geles ??? 
LOL..... I come  more from the BREST'S coast...North's coast...MORLAIX'city dans  le Leon...
a+

Virus muwmseq.exe

21 réponses

Votre réponse