Kaspersky 6.0 est désactivé Fermé

Question

Bonjour,
Je vous axplique mon problème,
Mon Antivirus Kaspersky 6.0 for Windows workstations s'est désactivé et je ne peux plus accéder au gestionnaire des tache, je ne peux pas ouvrir le site de Kaspersky. Même cette page, j'ai du utilisé un autre ordinateur pour pouvoir poster sur ce forum.
J'ai téléchargé ccCleaner et installer, mais quand je le demarre en doublant cliquant, il demarre et après quelques secondes il disparait.
Please aidre moi
Ps le même probleme s'est répeter sur mon Laptop et sur l'ordi du bureau.

J'ai essayer de demmarrer en mode sans echec, mais ca refuse de demmarer dans ce mode

Configuration:
Windows XP SP3
Internet explorer 7 sur mon desktop
Firefox 3 sur mon Laptop

Merci

plopus · Answer

salut

debranche le reseau entre les machine si il y a puis :

Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

mkgb · Answer

Merci de votre aide,
Voici le permier rapport

info.txt logfile of random's system information tool 1.06 2009-07-31 10:36:17

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Color LaserJet 3700-->msiexec /x{3A4FDC2E-6803-459B-89BD-57345F8D6969}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
TypingMaster Pro-->"C:\Program Files\TypingMaster\unins000.exe"
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zuma Deluxe fr-->"C:\Program Files\BoontyGames\Zuma Deluxe\unins000.exe"

======Security center information======

AV: Kaspersky Anti-Virus (outdated)
FW: Kaspersky Anti-Virus

======System event log======

Computer Name: SERVEUR
Event Code: 10009
Message: DCOM was unable to communicate with the computer ALICE-D2BD5E547 using any of the configured
protocols.

Record Number: 29122
Source Name: DCOM
Time Written: 20090821111803.000000+120
Event Type: error
User: SERVEUR\Administrator

Computer Name: SERVEUR
Event Code: 10009
Message: DCOM was unable to communicate with the computer THEOPIST-683A36 using any of the configured
protocols.

Record Number: 29121
Source Name: DCOM
Time Written: 20090821111710.000000+120
Event Type: error
User: SERVEUR\Administrator

Computer Name: SERVEUR
Event Code: 10009
Message: DCOM was unable to communicate with the computer PSD5 using any of the configured
protocols.

Record Number: 29120
Source Name: DCOM
Time Written: 20090821111707.000000+120
Event Type: error
User: SERVEUR\Administrator

Computer Name: SERVEUR
Event Code: 10009
Message: DCOM was unable to communicate with the computer MANU using any of the configured
protocols.

Record Number: 29119
Source Name: DCOM
Time Written: 20090821111646.000000+120
Event Type: error
User: SERVEUR\Administrator

Computer Name: SERVEUR
Event Code: 10009
Message: DCOM was unable to communicate with the computer ALICE-D2BD5E547 using any of the configured
protocols.

Record Number: 29118
Source Name: DCOM
Time Written: 20090821111625.000000+120
Event Type: error
User: SERVEUR\Administrator

=====Application event log=====

Computer Name: SERVEUR
Event Code: 1000
Message: Faulting application hpbpro.exe, version 1.0.42.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00085001.

Record Number: 856
Source Name: Application Error
Time Written: 20090727105627.000000+120
Event Type: error
User: 

Computer Name: SERVEUR
Event Code: 1517
Message: Windows saved user SERVEUR\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. 


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 851
Source Name: Userenv
Time Written: 20090727101140.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SERVEUR
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  



Record Number: 850
Source Name: Userenv
Time Written: 20090727101139.000000+120
Event Type: warning
User: SERVEUR\Administrator

Computer Name: SERVEUR
Event Code: 1517
Message: Windows saved user SERVEUR\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. 


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 847
Source Name: Userenv
Time Written: 20090727100138.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SERVEUR
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  



Record Number: 843
Source Name: Userenv
Time Written: 20090727095222.000000+120
Event Type: warning
User: SERVEUR\Administrator

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

mkgb · Answer

Voici le deuxième rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-31 10:36:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (51%) free of 30 GB
Total RAM: 2037 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:15, on 31/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\iybh.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe
O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] C:\WINDOWS\system32\dllcache\Default.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

plopus · Answer

salut

tu m'etonne que kaspersky est desactivé, tu es bien infecté, fait ceci pour voir une chose :

    *  Telecharge UsbFix de C_XX & Chiquitine29
    http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

    * Lance l installation avec les parametres par default
    * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d'avoir été infectés sans les ouvrir
    * Double clic sur le raccourci UsbFix sur ton bureau
    * Choisi l'option 1 (recherche)
    * Laisse travailler l'outil
    * Ensuite post le rapport UsbFix.txt qui apparaîtra
    * Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus

mkgb · Answer

Salut et merci pour ton aide,

Je ne parviens pas à téléchargé UsbFix, quand je clic sur le lien , la page ne s'ouvre pas elle me dit: Délai d'attente dépassé, Le serveur à l'adresse sd-1.archive-host.com met trop de temps à répondre.

J'ai même essayer avec internet explorer, c'est le même message.

Ps. Même pour ouvrir ce forum, je suis obligé de passer par ma boite de messagerie de Yahoo et de cliquer sur le lien.

Please aidez moi

plopus · Answer

Bon ok 

essaye ceci alors :

==> Télécharger et enregistre sur ton bureau SDfix (créé par AndyManchesta)

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

==> Double cliquer sur SDFix.exe et choisir Install pour l'extraire dans un dossier dédié sur ton disque C:.

/!\ Démarre en mode sans échec : après le bip et avant le logo windows tapoter sur la touche F8 (ou F5): menu M.S.E..

==> Choisir son compte, pas celui de l'Administrateur ou autre.

==> Dérouler la liste des instructions ci-dessous :

• Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuyer sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuyer sur une touche pour redémarrer le PC.
• Le système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copier/coller le contenu du fichier Report.txt dans la prochaine réponse sur le forum

mkgb · Answer

Salut, l'ordinateur refuse de démarrer en mode sans échec, Quand je sélectionne le mode sans échec, il redémarre et me demande encore et encore.

mkgb · Answer

PS. Même cette page ne s'ouvre pas des que je clic sur Ajouter, elle tourne et ne termine jamais, je suis obligé de rentrer dans ma boite de Yahoo et de cliquer sur le lien.

Merci

plopus · Answer

ok bon on ben passe a outils trés puisssant :

j'ai renommer le fichier en CF a la place de combofix :

telecharge CF.zip sur TON BUREAU

http://www.cijoint.fr/cj200907/cij7gAgrh8.zip

ouvre le et decompresse sur ton bureau CF.exe

puis DECONNECTE TOI D'INTERNET et DESACTIVE TOUTES tes defences (antivirus, antispyware et parefeu si autre que windows)

lance le suit les indication et ne touche a rien meme a la souris et poste le rapport a la fin

tu peux aussi le retrouver dans C:\combofix.txt

mkgb · Answer

Je dois sortir et je reviens vers 14h

mkgb · Answer

Voici le rapport

ComboFix 09-07-29.04 - Administrator 03/08/2009 14:32.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.33.1033.18.2037.1634 [GMT 2:00]
Running from: c:\docume~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for cij7gAgrh8.zip\CF.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\MS-DOS.com
c:\windows\Cursors\Boom.vbs
c:\windows\Fonts\Fonts.exe
c:\windows\Fonts	skmgr.exe
c:\windows\Fonts\wav.wav
c:\windows\Help\Microsoft.hlp
c:\windows\Mediandll32.pif
c:\windows\pchealth\Global.exe
c:\windows\pchealth\helpctr\binaries\HelpHost.com
c:\windows\system\KEYBOARD.exe
c:\windows\system32\dllcache\autorun.inf
c:\windows\system32\dllcache\Default.exe
c:\windows\system32\dllcache\Global.exe
c:\windows\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}
c:\windows\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe
c:\windows\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe
c:\windows\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe
c:\windows\system32\dllcachendll32.exe
c:\windows\system32\dllcache	skmgr.exe
c:\windows\system32\drivers\drivers.cab.exe
c:\windows\system32egedit.exe
D:\autorun.inf
c:\windows\Cursors\Boom.vbs . . . . failed to delete

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_DAC970NT
-------\Service_Boonty Games
-------\Service_dac970nt


(((((((((((((((((((((((((   Files Created from 2009-07-03 to 2009-08-03  )))))))))))))))))))))))))))))))
.

2009-07-31 09:25 . 2008-11-06 00:03	--------	d-----w-	C:\SDFix
2009-07-31 08:36 . 2009-07-31 08:36	--------	d-----w-	C:sit
2009-07-31 06:54 . 2009-07-03 17:09	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-07-31 06:54 . 2009-07-19 16:48	11067392	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2009-07-31 06:54 . 2009-07-03 17:09	594432	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2009-07-31 06:54 . 2009-07-03 17:09	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-31 06:54 . 2009-07-03 17:09	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2009-07-31 06:54 . 2009-07-03 17:09	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-07-31 06:54 . 2009-07-01 07:08	101376	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-07-31 04:51 . 2008-06-13 11:05	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-07-31 04:42 . 2009-02-06 11:06	2145280	-c----w-	c:\windows\system32\dllcache
tkrnlmp.exe
2009-07-31 04:42 . 2009-02-06 11:08	2189056	-c----w-	c:\windows\system32\dllcache
toskrnl.exe
2009-07-31 04:42 . 2009-02-06 10:32	2023936	-c----w-	c:\windows\system32\dllcache
tkrpamp.exe
2009-07-31 04:36 . 2008-10-24 11:21	455296	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-07-30 09:26 . 2007-10-30 14:39	172032	----a-w-	c:\windows\system32\igfxres.dll
2009-07-30 09:08 . 2008-04-14 12:00	9728	-c--a-w-	c:\windows\system32\dllcachewnh.dll
2009-07-30 09:07 . 2008-04-14 12:00	13463552	-c--a-w-	c:\windows\system32\dllcache\hwxjpn.dll
2009-07-30 09:06 . 2008-04-14 12:00	829440	-c--a-w-	c:\windows\system32\dllcache\inetmgr.dll
2009-07-30 08:51 . 2008-04-14 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2009-07-30 08:51 . 2008-04-14 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2009-07-30 08:51 . 2008-04-14 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2009-07-30 08:51 . 2008-04-14 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2009-07-29 09:17 . 2009-07-29 09:17	--------	d-----w-	c:\program files\CCleaner
2009-07-29 09:00 . 2009-07-29 09:00	--------	d-sh--w-	c:\documents and settings\Administrator\IECompatCache
2009-07-21 10:08 . 2009-07-21 10:10	--------	d-----w-	c:\program files\Bible
2009-07-14 06:31 . 2009-07-14 06:31	--------	d-----w-	c:\windows\ie8updates
2009-07-13 09:46 . 2009-07-14 06:34	--------	d-----w-	C:\LA20
2009-07-13 09:45 . 2009-07-13 09:45	--------	d-----w-	c:\documents and settings\Administrator\WINDOWS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 12:36 . 2009-07-27 07:53	4356	------w-	c:\windows\Cursors\Boom.vbs
2009-07-31 09:32 . 2009-05-14 10:29	32564	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-07-31 09:32 . 2009-05-14 10:29	247072	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-07-31 09:32 . 2009-05-14 10:29	213092	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-31 09:32 . 2009-05-14 10:29	17794592	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-31 08:30 . 2009-04-28 01:23	73448	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-30 09:02 . 2009-04-28 01:11	22720	----a-w-	c:\windows\system32\emptyregdb.dat
2009-07-29 08:55 . 2009-05-14 10:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-27 07:55 . 2009-01-15 08:27	1985152	----a-w-	c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-03 17:09 . 2008-04-14 12:00	915456	----a-w-	c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-06-26 16:50	81920	------w-	c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-03 19:09 . 2008-04-14 12:00	1291264	----a-w-	c:\windows\system32\quartz.dll
2009-05-21 12:43 . 2009-05-14 15:18	1	----a-w-	c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-20 15:10 . 2009-05-14 10:30	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-20 15:10 . 2009-05-14 10:30	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-20 11:42 . 2009-05-20 11:42	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-05-20 11:41 . 2009-05-20 11:41	152576	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 08:40 . 2009-05-18 08:40	0	----a-w-	c:\windows
sreg.dat
2009-05-18 07:10 . 2009-04-28 01:13	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 14:12 . 2007-07-18 12:39	112144	----a-w-	c:\windows\system32\drivers\kl1.sys
2009-05-14 14:11 . 2009-05-14 14:11	112144	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\X86\kl1.sys
2009-05-14 14:11 . 2009-05-14 14:11	715280	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\updater.dll
2009-05-14 14:11 . 2009-05-14 14:11	158224	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\scrchpg.dll
2009-05-14 14:10 . 2009-05-14 14:10	201504	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\klif.sys
2009-05-14 14:10 . 2009-05-14 14:10	41488	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\fssync.dll
2009-05-14 14:10 . 2009-05-14 14:10	342544	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\ckahum.dll
2009-05-14 14:09 . 2009-05-14 14:09	231952	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files	emporaryFolder\AutoPatches\kav6\6.0.3.830\avp.exe
2009-05-07 15:32 . 2008-04-14 12:00	345600	----a-w-	c:\windows\system32\localspl.dll
2009-06-23 07:22 . 2009-05-18 08:39	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4437232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1773056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 226712]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 218688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 144944]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 134176]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 135168]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 229376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 116592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 215576]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 240152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 207384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-12 16859136]
"SRFirstRun"="srclient.dll" - c:\windows\system32\srclient.dll [2008-04-14 67584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 457728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ComPlusSetup]
2008-04-14 12:00	625664	----a-w-	c:\windows\system32\catsrvut.dll

[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. /COLOR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\McAfee\Common Framework\FrameworkService.exe"=
"c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"d:\MS-DOS.com"=
"c:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe"=
"c:\Program Files\CyberLink\PowerDVD\Language\Language.exe"=
"c:\WINDOWS\RTHDCPL.EXE"=
"c:\Program Files\Java\jre6\bin\jusched.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/05/2007 17:49 24344]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32undll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-tscuninstall - c:\windows\system32	scupgrd.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j3jg6ibp.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=fr&.done=https://fr.mail.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 14:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-1482476501-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,4f,b9,87,7e,97,0b,4c,a3,ff,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,4f,b9,87,7e,97,0b,4c,a3,ff,36,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-08-03 14:52 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-03 12:52

Pre-Run: 15 504 908 288 bytes free
Post-Run: 17 570 615 296 bytes free

256	--- E O F ---	2009-07-31 06:57

mkgb · Answer

Merci poplus de votre aide, je n'ai pas pu poster le rapport avant car j'avais un problème de connection.
Je suis en Afrique, vous comprenez?
Merci encore

plopus · Answer

salut

va trouver ce fichier et supprime le  c:\windows\Cursors\Boom.vbs 

si tu y arrive pas redemarre ton PC au bip tapote F8 et choisit mode sans echec et ensuite supprime ce fichier et vide ta corbeille et utilise CCleaner, si tu l'as pas voir ici :  https://www.malekal.com/tutoriel-ccleaner/

et une fois que tu as fait  sa redemarre en mode normal et poste moi un nouveau RSIt et retourne voir si tu trouve encore le fichier que tu viens de supprimer et dit le moi

edit : essaye le mode sans echec mais apparament il est "cassé" a voir si tu arrive pas supprimé le fichier, passe CCleaner et poste le RSIT

mkgb · Answer

Ccleaner demarre et après quelques seconde il disparait. J'ai pu effacer ce fichier Boom.vbs.
Le mode sans echec refuse toujour.

Voici le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-03 16:27:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (55%) free of 30 GB
Total RAM: 2037 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:59, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingmcj.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

plopus · Answer

re

clic iic  http://www.cijoint.fr/cj200908/cijVBxxjdi.txt   et suit les indications et poste lerapport et ensuite essaye de faire ceci deja repasse CCleaner plusieurs fois si sa marche :

    *  Télécharge Malwarebytes
   https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
    * Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
    * Lance une analyse complète en cliquant sur "Exécuter un examen complet"
    * Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
    * L'analyse peut durer un bon moment.....
    * Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
    * Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
    * Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

mkgb · Answer

Bonjour plopus,
J'ai fait ce que tu m'as demandé,

Pour le OTM.exe ca va et voici le rapport

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named TeaTimer.exe was found!
Process wingmcj.exe killed successfully!
========== SERVICES/DRIVERS ==========

Service\Driver dac970nt deleted successfully.
========== FILES ==========
C:\SDFix\apps\Replace\xp moved successfully.
C:\SDFix\apps\Replace\w2k moved successfully.
C:\SDFix\apps\Replace moved successfully.
C:\SDFix\apps moved successfully.
C:\SDFix moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\pchealth\helpctr\binaries moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\pchealth\helpctr moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\pchealth moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Media moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Help moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Fonts moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Cursors moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
C:\WINDOWS\SET6F.tmp moved successfully.
C:\WINDOWS\SET63.tmp moved successfully.
C:\WINDOWS\SET60.tmp moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingmcj.exe moved successfully.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhkrls.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cwig.exe not found.
D:\MS-DOS.com moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\D:\MS-DOS.com deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cwig.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhkrls.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingmcj.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 610355 bytes
->Temporary Internet Files folder emptied: 2557962 bytes
->Java cache emptied: 8055378 bytes
->FireFox cache emptied: 60944408 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 65536 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 16791009 bytes
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_4e84.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49635 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 87,27 mb
 
 
OTM by OldTimer - Version 3.0.0.5 log created on 08042009_083144

Files moved on Reboot...
C:\WINDOWS	emp\Perflib_Perfdata_4e84.dat moved successfully.

Registry entries deleted on Reboot...

mkgb · Answer

Mais je ne parviens pas à télécharger Malwarebytes ; on me dit que 
The requested URL /files/0247f3dd84906223785fddb18353bafe/spyware/mbam-setup.exe was not found on this server.

Et Ccleaner ne demarre tours pas

Vraiment merci de votre aide

mkgb · Answer

Je passé par le site de l'éditeur et je viens de reussir à téléchargé Malwarebytes

Je scane et je vais posté le rapport à tout à l'heure

plopus · Answer

lol c'est un bug du site  ^^

mais prends celui ci il est tout chaud pour toi,

tu dezippe le fichier sur ton bureau et execute le pour l'installer et éssaye de le lancer en renommant le mbam.exe que tu retrouve dans C:\programmefile/malarebyte antimalware:
http://www.cijoint.fr/cj200908/cijPF4wAiD.zip

si sa marche pas reposte un nouveau RSIT

mkgb · Answer

Je passé par le site de l'éditeur et je viens de reussir à téléchargé Malwarebytes
Je suis entrain de scanner et je poste  le rapport apres.
Merci de votre patience

plopus · Answer

ok tant mieux

supprime bien ce qu'il trouve a la fin et poste le rapport final

puis passe au scan en ligne et poste le rapport en entier avec les lignes

mkgb · Answer

Voici le rapport re Malwarebytes

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2557
Windows 5.1.2600 Service Pack 3

04/08/2009 09:39:41
mbam-log-2009-08-04 (09-39-41).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 119798
Temps écoulé: 16 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

plopus · Answer

ok passe au scan en ligne et poste le rapport en entier avec les lignes c'est ici :  http://www.bitdefender.com/scan_fr/scan8/ie.html

puis si tu n'as pas utilise CCleaner :  https://www.malekal.com/tutoriel-ccleaner/

comment va le PC, que te reste t il comme probleme ?

et après reposte un nouveau RSIT :

mkgb · Answer

La page de Bitdefender ne s'ouvre pas
Je ne parviens pas à ouvrir la page du forum actualisée
Même la page de Kaspersky ne s'ouvre pas non plus
J'ai comme l'impression que toute les pages qui peuvent m'aider refuse de s'ouvrir.
C'est quel sorte de virus qui m'a attaqué?

La page de ce forum ne peut pas s'actualiser et il me donne les réponse de 09h18"

Aidez moi je commence à perdre espoir

plopus · Answer

salut

telecharge firefox pour windows ici :

http://www.mozilla-europe.org/fr/firefox/

et essaye avec voir ce que sa donne, si sa marche pas reposte un nouveau RSIT

mkgb · Answer

Je viens d'installer Firefox 3.5.2, mais la page de Bitdefender ne s'ouvre pas.
Quand je redemarre l'ordinateur il y'a un message qui vien :( Netsh.exe The application feild)

J'ai refais le scan avec Malwarebytes et il me dit toujour qu'il a trouvé 5 éléments, je les suprime et quand je refais, il les trouve encore et encore, J'ai même désactivé le system restore de windows, et c'est la même chose.

Pour le moment le system restore est toujours désactivé, devrai-je le laisser ainsi?

Voici le raport de Malwarebytes

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2557
Windows 5.1.2600 Service Pack 3

04/08/2009 14:31:13
mbam-log-2009-08-04 (14-31-13).txt

Type de recherche: Examen rapide
Eléments examinés: 82443
Temps écoulé: 2 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

mkgb · Answer

Voici le rapport de RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-04 14:48:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (59%) free of 30 GB
Total RAM: 2037 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:00, on 04/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwphis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

plopus · Answer

ca dans demarré et executer et tape  combofix /u

il y a un espace entre combofix et /u  ceci va desinstalé combofix, si il reste tojours l'icone su rton bureau supprime le

puis retelecharge combofix deconnecte toi d'internet

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et lance et poste le rapport

et ensuite  refait un scan rapide avec malwarebyte, réessaye le scan en ligne et poste un nouveau RSIT

mkgb · Answer

Bonjour,
Je n'ai pas répondu vite car j'étais à l'étranger en mission.
J'ai fais ce que vous m'aviez recommandé et voici le rapport de Combofix.

Je fais le scan avec Malwarebytes et je le poste

ComboFix 09-08-10.06 - Administrator 13/08/2009 10:13.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.33.1033.18.2037.1526 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\Téléchargements\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt


(((((((((((((((((((((((((   Files Created from 2009-07-13 to 2009-08-13  )))))))))))))))))))))))))))))))
.

2009-08-04 07:18 . 2009-08-04 07:18	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-04 07:18 . 2009-08-03 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 07:18 . 2009-08-04 07:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-04 07:18 . 2009-08-04 07:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 07:18 . 2009-08-03 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-04 06:31 . 2009-08-04 06:31	--------	d-----w-	C:\_OTM
2009-08-03 14:14 . 2009-08-03 14:14	--------	d-----w-	c:\program files\CCleaner
2009-07-31 08:36 . 2009-07-31 08:36	--------	d-----w-	C:sit
2009-07-31 06:54 . 2009-07-03 17:09	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-07-31 06:54 . 2009-07-19 16:48	11067392	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2009-07-31 06:54 . 2009-07-03 17:09	594432	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2009-07-31 06:54 . 2009-07-03 17:09	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-31 06:54 . 2009-07-03 17:09	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2009-07-31 06:54 . 2009-07-03 17:09	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-07-31 06:54 . 2009-07-01 07:08	101376	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-07-31 04:51 . 2008-06-13 11:05	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-07-31 04:42 . 2009-02-06 11:06	2145280	-c----w-	c:\windows\system32\dllcache
tkrnlmp.exe
2009-07-31 04:42 . 2009-02-06 11:08	2189056	-c----w-	c:\windows\system32\dllcache
toskrnl.exe
2009-07-31 04:42 . 2009-02-06 10:32	2023936	-c----w-	c:\windows\system32\dllcache
tkrpamp.exe
2009-07-31 04:36 . 2008-10-24 11:21	455296	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-07-30 09:26 . 2007-10-30 14:39	172032	----a-w-	c:\windows\system32\igfxres.dll
2009-07-30 09:08 . 2008-04-14 12:00	9728	-c--a-w-	c:\windows\system32\dllcachewnh.dll
2009-07-30 09:07 . 2008-04-14 12:00	13463552	-c--a-w-	c:\windows\system32\dllcache\hwxjpn.dll
2009-07-30 09:06 . 2008-04-14 12:00	829440	-c--a-w-	c:\windows\system32\dllcache\inetmgr.dll
2009-07-30 08:51 . 2008-04-14 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2009-07-30 08:51 . 2008-04-14 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2009-07-30 08:51 . 2008-04-14 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2009-07-30 08:51 . 2008-04-14 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2009-07-29 09:00 . 2009-07-29 09:00	--------	d-sh--w-	c:\documents and settings\Administrator\IECompatCache
2009-07-21 10:08 . 2009-07-21 10:10	--------	d-----w-	c:\program files\Bible

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 09:32 . 2009-05-14 10:29	32564	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-07-31 09:32 . 2009-05-14 10:29	247072	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-07-31 09:32 . 2009-05-14 10:29	213092	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-07-31 09:32 . 2009-05-14 10:29	17794592	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-07-31 08:30 . 2009-04-28 01:23	73448	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-30 09:02 . 2009-04-28 01:11	22720	----a-w-	c:\windows\system32\emptyregdb.dat
2009-07-29 08:55 . 2009-05-14 10:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-27 07:55 . 2009-01-15 08:27	1985152	----a-w-	c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-03 17:09 . 2008-04-14 12:00	915456	----a-w-	c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-06-26 16:50	81920	------w-	c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-03 19:09 . 2008-04-14 12:00	1291264	----a-w-	c:\windows\system32\quartz.dll
2009-05-21 12:43 . 2009-05-14 15:18	1	----a-w-	c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-20 15:10 . 2009-05-14 10:30	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-20 15:10 . 2009-05-14 10:30	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-05-20 11:42 . 2009-05-20 11:42	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-05-20 11:41 . 2009-05-20 11:41	152576	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 08:40 . 2009-05-18 08:40	0	----a-w-	c:\windows
sreg.dat
2009-05-18 07:10 . 2009-04-28 01:13	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4437232]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1773056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 226712]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 218688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 144944]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 134176]
"StatusClient 2.5"="c:\program files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-09-30 135168]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 229376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 116592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 215576]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 240152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 207384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-12 16859136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 457728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\McAfee\Common Framework\FrameworkService.exe"=
"c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe"=
"c:\Program Files\CyberLink\PowerDVD\Language\Language.exe"=
"c:\WINDOWS\RTHDCPL.EXE"=
"c:\Program Files\Java\jre6\bin\jusched.exe"=
"c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"=
"c:\Program Files\McAfee\Common Framework\UdaterUI.exe"=
"c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/05/2007 17:49 24344]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32undll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j3jg6ibp.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=fr&.done=https://fr.mail.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 10:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-1482476501-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,78,b0,3a,9e,73,53,44,8b,9a,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,78,b0,3a,9e,73,53,44,8b,9a,8a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\winnekw.exe
c:\windows\system32\HPBPRO.EXE
.
**************************************************************************
.
Completion time: 2009-08-13 10:22 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-13 08:22
ComboFix2.txt  2009-08-03 12:52

Pre-Run: 18 242 539 520 bytes free
Post-Run: 18 639 704 064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

255	--- E O F ---	2009-07-31 06:57

mkgb · Answer

Voici le rapport de Malwarebytes

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2557
Windows 5.1.2600 Service Pack 3

13/08/2009 10:34:31
mbam-log-2009-08-13 (10-34-31).txt

Type de recherche: Examen rapide
Eléments examinés: 82322
Temps écoulé: 3 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

mkgb · Answer

Voici le rapport de RSIT
Merci encore une fois de votre aide

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-13 10:48:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (59%) free of 30 GB
Total RAM: 2037 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:53, on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

plopus · Answer

*  Télécharge OtmoveIT (de Old_Timer) sur ton Bureau

     http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    * Double-clique sur OTMoveIt.exe pour le lancer.

    * Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

    * Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


-----------------------------

:processes
explorer.exe
TeaTimer.exe

:services
dac970nt

:files
c:\docume~1\ADMINI~1\LOCALS~1\Temp\winnekw.exe 
C:\Windows\system32\wmimgr32.dll    

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] 
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnekw.exe"=-

:commands
[emptytemp]
[purity]
[start explorer]
[reboot]

-----------------------------


    * clique sur MoveIt! pour lancer la suppression.

    * Le résultat apparaitra dans le cadre "Results".

    * Clique sur Exit pour fermer.

    * Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    * Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.


ensuite fait un scan en ligne ici avec internet explorer :
https://www.kaspersky.fr/downloads

et poste le rapport enentier (tu le copie colle)

mkgb · Answer

Cela fait 20 minutes que j'ai fait ca, c'est normale que ca dure comme ca?

mkgb · Answer

J'ai essayer à 3 reprises mais le computer se plante apres que j'ai lancé OTM.
Que dois-je faire?

mkgb · Answer

Je vous donne l'état de mon ordinateur,
L'antivirus reste toujours invisible,
Je ne peux pas accéder au gestionnaire de des taches, quand j'appuie sur Ctrl+ Alt+Dellete , ca ,e dit que le gestionnaire des tache a été désactivé par l'administrateur.
Je ne peux pas faire un scan en ligne, quand j'essaie d'ouvrir la page de Kaspersky, betdefender ou Avira, la page ne s'ouvre pas.

Merci de votre aide et on continue

plopus · Answer

as tu fait OTM ? si non fait le et aprés réessaye le scan en ligne si tu l'as fait

poste le rapport qui ce trouve dans C:/OTM c'est important

Kaspersky 6.0 est désactivé

36 réponses

Discussions similaires