Spyworn.win32 et bestsellerantivirus

Résolu
Utilisateur anonyme -  
 Utilisateur anonyme -
Bonjour,
voila j'ai un probleme avec spyworn.win32 (comment enlever e tun programme antivirus qui c'est placer seul et impossible d'enlever!

voila un rapport fait avec Hijackthis Version Française
Logfile of HijackThis v1.99.1
Scan saved at 17:25:52, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\mljhede.dll
O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\yvmqpgqg.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsu60.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dtyoaidw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C0104A8A-857C-45DB-9AFC-A0274CB45102} - C:\WINDOWS\system32\ddayv.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dtyoaidw.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\hsmtjanl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dtyoaidw - C:\WINDOWS\SYSTEM32\dtyoaidw.dll
O20 - Winlogon Notify: mljhede - C:\WINDOWS\SYSTEM32\mljhede.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Configuration: Windows XP
Internet Explorer 7.0

32 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    ____________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    ________________

    AVG antispyware

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    ___________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ____________________

    ensuite recolle un rapport hijackthis et dis tes pbs
    0
  2. Utilisateur anonyme
     
    [11/12/2007, 6:35:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\IY2LWP9T\VirtumundoBeGone[1].exe" )
    [11/12/2007, 6:35:18] - Detected System Information:
    [11/12/2007, 6:35:18] - Windows Version: 5.1.2600, Service Pack 2
    [11/12/2007, 6:35:18] - Current Username: yves (Admin)
    [11/12/2007, 6:35:18] - Windows is in NORMAL mode.
    [11/12/2007, 6:35:18] - Searching for Browser Helper Objects:
    [11/12/2007, 6:35:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [11/12/2007, 6:35:18] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - No filename found. Continuing.
    [11/12/2007, 6:35:18] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\mljhede
    [11/12/2007, 6:35:18] - Found: HKLM\...\Winlogon\Notify\mljhede - This is probably Virtumundo.
    [11/12/2007, 6:35:18] - Assigning {25997E08-274A-4217-8F71-C89C754242C1} MSEvents Object
    [11/12/2007, 6:35:18] - BHO list has been changed! Starting over...
    [11/12/2007, 6:35:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [11/12/2007, 6:35:18] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - No filename found. Continuing.
    [11/12/2007, 6:35:18] - BHO 3: {25997E08-274A-4217-8F71-C89C754242C1} (MSEvents Object)
    [11/12/2007, 6:35:18] - ALERT: Found MSEvents Object!
    [11/12/2007, 6:35:18] - BHO 4: {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - No filename found. Continuing.
    [11/12/2007, 6:35:18] - BHO 5: {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - No filename found. Continuing.
    [11/12/2007, 6:35:18] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/12/2007, 6:35:18] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/12/2007, 6:35:18] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - No filename found. Continuing.
    [11/12/2007, 6:35:18] - BHO 9: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
    [11/12/2007, 6:35:18] - BHO 10: {A57F4CFD-97E1-49C7-9580-C923BE27C63D} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\ddayv
    [11/12/2007, 6:35:18] - Key not found: HKLM\...\Winlogon\Notify\ddayv, continuing.
    [11/12/2007, 6:35:18] - BHO 11: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/12/2007, 6:35:18] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/12/2007, 6:35:18] - BHO 13: {bc1a2329-4b48-4513-84f5-3eb216da9064} ()
    [11/12/2007, 6:35:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:18] - Checking for HKLM\...\Winlogon\Notify\rbfwokwp
    [11/12/2007, 6:35:18] - Key not found: HKLM\...\Winlogon\Notify\rbfwokwp, continuing.
    [11/12/2007, 6:35:19] - BHO 14: {FAAD2038-C371-473D-86F1-5B11D39C3775} (IEFW Object)
    [11/12/2007, 6:35:19] - Finished Searching Browser Helper Objects
    [11/12/2007, 6:35:19] - *** Detected MSEvents Object
    [11/12/2007, 6:35:19] - Trying to remove MSEvents Object...
    [11/12/2007, 6:35:20] - Terminating Process: IEXPLORE.EXE
    [11/12/2007, 6:35:20] - Terminating Process: RUNDLL32.EXE
    [11/12/2007, 6:35:20] - Disabling Automatic Shell Restart
    [11/12/2007, 6:35:20] - Terminating Process: EXPLORER.EXE
    [11/12/2007, 6:35:20] - Suspending the NT Session Manager System Service
    [11/12/2007, 6:35:20] - Terminating Windows NT Logon/Logoff Manager
    [11/12/2007, 6:35:20] - Re-enabling Automatic Shell Restart
    [11/12/2007, 6:35:21] - File to disable: C:\WINDOWS\system32\mljhede.dll
    [11/12/2007, 6:35:21] - Renaming C:\WINDOWS\system32\mljhede.dll -> C:\WINDOWS\system32\mljhede.dll.vir
    [11/12/2007, 6:35:21] - File successfully renamed!
    [11/12/2007, 6:35:21] - Removing HKLM\...\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}
    [11/12/2007, 6:35:21] - Removing HKCR\CLSID\{25997E08-274A-4217-8F71-C89C754242C1}
    [11/12/2007, 6:35:21] - Adding Kill Bit for ActiveX for GUID: {25997E08-274A-4217-8F71-C89C754242C1}
    [11/12/2007, 6:35:21] - Deleting ATLEvents/MSEvents Registry entries
    [11/12/2007, 6:35:21] - Removing HKLM\...\Winlogon\Notify\mljhede
    [11/12/2007, 6:35:21] - Searching for Browser Helper Objects:
    [11/12/2007, 6:35:21] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [11/12/2007, 6:35:21] - BHO 2: {14304D95-043D-4994-B6F7-7C145682A2BA} ()
    [11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:21] - No filename found. Continuing.
    [11/12/2007, 6:35:21] - BHO 3: {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} ()
    [11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:21] - No filename found. Continuing.
    [11/12/2007, 6:35:21] - BHO 4: {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} ()
    [11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:21] - No filename found. Continuing.
    [11/12/2007, 6:35:21] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/12/2007, 6:35:21] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/12/2007, 6:35:21] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/12/2007, 6:35:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:22] - No filename found. Continuing.
    [11/12/2007, 6:35:22] - BHO 8: {9C8A568E-4201-478a-8536-526CF371D2E2} (ads_optimizer)
    [11/12/2007, 6:35:22] - BHO 9: {A57F4CFD-97E1-49C7-9580-C923BE27C63D} ()
    [11/12/2007, 6:35:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:22] - Checking for HKLM\...\Winlogon\Notify\ddayv
    [11/12/2007, 6:35:22] - Key not found: HKLM\...\Winlogon\Notify\ddayv, continuing.
    [11/12/2007, 6:35:22] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/12/2007, 6:35:22] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/12/2007, 6:35:22] - BHO 12: {bc1a2329-4b48-4513-84f5-3eb216da9064} ()
    [11/12/2007, 6:35:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/12/2007, 6:35:22] - Checking for HKLM\...\Winlogon\Notify\rbfwokwp
    [11/12/2007, 6:35:22] - Key not found: HKLM\...\Winlogon\Notify\rbfwokwp, continuing.
    [11/12/2007, 6:35:22] - BHO 13: {FAAD2038-C371-473D-86F1-5B11D39C3775} (IEFW Object)
    [11/12/2007, 6:35:22] - Finished Searching Browser Helper Objects
    [11/12/2007, 6:35:22] - Finishing up...
    [11/12/2007, 6:35:22] - A restart is needed.
    [11/12/2007, 6:35:28] - Attempting to Restart via STOP error (Blue Screen!)
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais bien toput et colle les rapport de chauque

    a plus
    0
  4. Utilisateur anonyme
     
    + Créé à: 15:16:36 12/11/2007

    + Résultat de l'analyse:

    HKLM\SOFTWARE\uga6pcw -> Adware.AvSystemcare : Nettoyé et sauvegardé (mise en quarantaine).
    C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP221\A0126257.exe -> Downloader.VB.bkw : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\yves\Cookies\yves@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.2o7 : Nettoyé.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Atdmt : Nettoyé.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\yves\Cookies\yves@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\yves\Cookies\yves@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\yves\Cookies\yves@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\yves\Cookies\yves@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\yves\Cookies\yves@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.

    Fin du rapport
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait
    fais la suite

    apres combofix pour bien virer les virus qui sont dans ta restauration system: comme celui là:
    C:\System Volume Information\_restore{33B876CD-58C2-4D27-B29A-7391664323E4}\RP221\A0126257.exe -> Downloader.VB.bkw : Nettoyé et sauvegardé (mise en quarantaine).

    désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre) puis réactive la
    ______________

    a plus
    0
  7. Utilisateur anonyme
     
    si joint un dernier raport et te dit milles fois merci !
    sa marche !!
    tu sait me dire le meilleur prg pr plus avoir ce probleme?
    Logfile of HijackThis v1.99.1
    Scan saved at 7:29:40, on 13/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~2\wcescomm.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
    O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
    O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
    O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
    O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zscprlhp.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
    O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zscprlhp.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: zscprlhp - C:\WINDOWS\SYSTEM32\zscprlhp.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    merci
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt, c'est pas fini!

    tu ne m'a pas collé le rapport vundofix et combofix

    ___________
    desinstalle via AJOUT/SUPPRESION DE PROG si present:
    Security Toolbar
    ___________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
    O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
    O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
    O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
    O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zscprlhp.dll

    O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
    O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zscprlhp.dll

    O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b

    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O20 - Winlogon Notify: zscprlhp - C:\WINDOWS\SYSTEM32\zscprlhp.dll

    _______________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\hblqlbbh.dll
    C:\WINDOWS\SYSTEM32\zscprlhp.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _______________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    pour te proteger, je te conseillle de remplacer avast par antivir et de mettre spywareblaster protegeant contre les infections vundo

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    AD AWARE + SPYBOT + /- si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  9. Utilisateur anonyme
     
    j'ai eu ptit probleme j'ai du refaire !
    ComboFix 07-11-08.1 - yves 2007-11-13 11:20:07.3 - [color=red][b]FAT32[/b][/color]x86
    Running from: C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\295CAOB2\ComboFix[1].exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
    C:\Documents and Settings\yves\Bureau\Live Safety Center.lnk
    C:\Documents and Settings\yves\Bureau\Online Security Guide.lnk
    C:\Documents and Settings\yves\Favoris\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\zscprlhp.dllbox

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-13 08:50 <REP> d-------- C:\Program Files\Common Files
    2007-11-13 08:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-11-13 07:45 <REP> d--hs---- C:\FOUND.047
    2007-11-12 15:44 81,472 --a------ C:\WINDOWS\SYSTEM32\hblqlbbh.dll
    2007-11-12 15:41 89,664 --a------ C:\WINDOWS\SYSTEM32\rbosmtxq.dll
    2007-11-12 15:32 <REP> d--hs---- C:\FOUND.046
    2007-11-12 15:25 145,984 --a------ C:\WINDOWS\SYSTEM32\saxnxsma.dll
    2007-11-12 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-12 06:34 81,472 --a------ C:\WINDOWS\SYSTEM32\rbfwokwp.dll
    2007-11-12 06:25 <REP> d-------- C:\VundoFix Backups
    2007-11-12 05:59 <REP> d--hs---- C:\FOUND.045
    2007-11-12 05:20 <REP> d--hs---- C:\FOUND.044
    2007-11-11 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-11 17:11 71,232 --a------ C:\WINDOWS\SYSTEM32\jdmpsuyj.exe
    2007-11-11 10:04 <REP> d--hs---- C:\FOUND.043
    2007-11-11 09:10 <REP> d--hs---- C:\FOUND.042
    2007-11-11 08:52 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-11-10 17:14 <REP> d-------- C:\Documents and Settings\yves\Application Data\Grisoft
    2007-11-10 17:08 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-11-10 13:09 71,232 --a------ C:\WINDOWS\SYSTEM32\wdmnifwt.exe
    2007-11-10 09:43 <REP> d-------- C:\Program Files\Washer
    2007-11-10 09:43 44,032 --a------ C:\WINDOWS\unwash.exe
    2007-11-10 08:46 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-11-10 07:11 <REP> d-------- C:\Program Files\Yahoo!
    2007-11-09 10:54 <REP> d--hs---- C:\FOUND.041
    2007-11-09 08:35 <REP> d--hs---- C:\FOUND.040
    2007-11-09 08:25 <REP> d--hs---- C:\FOUND.039
    2007-11-09 05:45 1,732 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2007-11-08 19:08 71,232 --a------ C:\WINDOWS\SYSTEM32\hpsimnpx.exe
    2007-11-08 18:51 <REP> d--hs---- C:\FOUND.038
    2007-11-08 16:37 <REP> d--hs---- C:\FOUND.037
    2007-11-08 05:39 <REP> d--hs---- C:\FOUND.036
    2007-11-08 05:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-07 08:07 86,080 --a------ C:\WINDOWS\SYSTEM32\trdcvkes.dll
    2007-11-07 08:03 71,232 --a------ C:\WINDOWS\SYSTEM32\austchjp.exe
    2007-11-07 08:01 <REP> d--hs---- C:\FOUND.035
    2007-11-07 00:00 71,232 --a------ C:\WINDOWS\SYSTEM32\iodsjgun.exe
    2007-11-06 23:57 <REP> d--hs---- C:\FOUND.034
    2007-11-06 20:09 145,984 --a------ C:\WINDOWS\SYSTEM32\xheunbwv.dll
    2007-11-06 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
    2007-11-05 08:53 <REP> d--hs---- C:\FOUND.033
    2007-11-05 06:56 <REP> d--hs---- C:\FOUND.032
    2007-11-04 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-04 10:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
    2007-11-04 09:59 <REP> d-------- C:\Program Files\Picasa2
    2007-11-04 09:37 35,328 --a------ C:\WINDOWS\SYSTEM32\ssqqrqp.dll
    2007-11-04 09:36 32,768 --a------ C:\Documents and Settings\yves\pdf.exe
    2007-11-04 09:36 786 --a------ C:\1823.bat
    2007-11-04 09:30 <REP> d-------- C:\Program Files\AKVIS
    2007-11-04 09:17 86,080 --a------ C:\WINDOWS\SYSTEM32\lvpyodau.dll
    2007-11-03 10:31 35,328 --a------ C:\WINDOWS\SYSTEM32\yayvwxv.dll
    2007-11-03 08:53 <REP> d--hs---- C:\FOUND.031
    2007-11-03 08:12 <REP> d--hs---- C:\FOUND.030
    2007-11-02 07:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\erreurchasseur
    2007-11-02 07:23 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
    2007-11-02 07:23 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur
    2007-11-02 07:10 <REP> d--hs---- C:\FOUND.029
    2007-11-02 06:41 <REP> d--hs---- C:\FOUND.028
    2007-11-01 04:48 <REP> d-------- C:\My Downloads
    2007-11-01 04:44 <REP> d--hs---- C:\FOUND.027
    2007-11-01 03:34 <REP> d-------- C:\WINDOWS\SYSTEM32\Mz18r
    2007-11-01 03:34 <REP> d-------- C:\Temp\mZOr
    2007-11-01 03:34 <REP> d-------- C:\Temp
    2007-10-31 07:46 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-31 07:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
    2007-10-30 21:24 28,672 --a------ C:\Documents and Settings\yves\update.exe
    2007-10-30 21:21 <REP> d--hs---- C:\FOUND.026
    2007-10-30 14:03 <REP> d-------- C:\Documents and Settings\yves\Application Data\CopyToDvd
    2007-10-30 12:49 <REP> d--hs---- C:\FOUND.025
    2007-10-30 11:45 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
    2007-10-30 11:45 <REP> d-------- C:\Documents and Settings\yves\Application Data\Adssite Advanced Toolbar
    2007-10-30 11:44 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
    2007-10-30 11:41 82 --a------ C:\n.bat
    2007-10-30 11:41 0 --a------ C:\z.dat
    2007-10-30 11:40 32,256 --a------ C:\WINDOWS\SYSTEM32\mljhede.dll.vir
    2007-10-29 13:25 <REP> d-------- C:\Program Files\vso
    2007-10-29 12:21 <REP> d--hs---- C:\FOUND.024
    2007-10-29 10:23 <REP> d-------- C:\Documents and Settings\yves\Application Data\Vso
    2007-10-29 10:23 47,360 --a------ C:\Documents and Settings\yves\Application Data\pcouffin.sys
    2007-10-29 10:23 39,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pcouffin.sys
    2007-10-29 10:15 <REP> d-------- C:\Documents and Settings\yves\Application Data\DivX
    2007-10-29 10:14 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
    2007-10-29 10:14 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
    2007-10-29 10:14 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
    2007-10-29 10:13 <REP> d-------- C:\Program Files\DivX
    2007-10-29 09:05 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
    2007-10-29 09:05 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
    2007-10-29 09:05 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
    2007-10-29 09:05 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
    2007-10-29 09:05 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
    2007-10-29 09:05 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
    2007-10-29 09:05 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
    2007-10-29 09:05 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
    2007-10-29 09:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
    2007-10-29 08:35 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-10-29 07:24 <REP> d--hs---- C:\FOUND.023
    2007-10-28 08:42 <REP> d-------- C:\Program Files\ReflexiveArcade
    2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
    2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
    2007-10-28 08:36 <REP> d-------- C:\Program Files\BFG

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-10 07:46 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-11-08 13:34 120,704 ----a-w C:\Documents and Settings\yves\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-30 10:44 278,542 ----a-w C:\WINDOWS\FONTS\Setup.exe
    2007-10-12 12:11 --------- d-----w C:\Documents and Settings\yves\Application Data\muvee Technologies
    2007-10-12 11:17 --------- d-----w C:\Program Files\muvee Technologies
    2007-10-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
    2007-10-11 21:58 --------- d-----w C:\Program Files\Ares
    2007-10-11 21:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Ares
    2007-10-11 18:51 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
    2007-10-11 05:48 --------- d-----w C:\Program Files\GT Interactive
    2007-10-11 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-10 14:18 --------- d-----w C:\Program Files\IVT Corporation
    2007-10-10 07:02 --------- d-----w C:\Documents and Settings\yves\Application Data\AdobeUM
    2007-10-10 06:56 --------- d-----w C:\Program Files\PowerQuest
    2007-10-10 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
    2007-10-10 06:51 --------- d-----w C:\Documents and Settings\yves\Application Data\TuneUp Software
    2007-10-10 06:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-10-09 20:52 --------- d-----w C:\Program Files\eMule
    2007-10-09 18:48 --------- d-----w C:\Documents and Settings\yves\Application Data\Snapfish
    2007-10-09 06:35 --------- d-----w C:\Documents and Settings\yves\Application Data\Serif
    2007-10-09 06:32 --------- d-----w C:\Program Files\Micro application
    2007-10-08 06:04 --------- d-----w C:\Program Files\eBay
    2007-10-08 06:04 --------- d-----w C:\Documents and Settings\yves\Application Data\WholeSecurity
    2007-10-07 08:44 --------- d-----w C:\Documents and Settings\yves\Application Data\Ahead
    2007-10-07 08:42 --------- d-----w C:\Program Files\Nero
    2007-10-07 08:42 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-07 08:27 --------- d-----w C:\Program Files\DVD Shrink
    2007-10-07 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-10-06 05:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-10-04 18:38 --------- d-----w C:\Program Files\ToniArts
    2007-10-04 08:16 --------- d-----w C:\Program Files\Google
    2007-10-04 08:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-10-04 06:57 --------- d-----w C:\Program Files\MSXML 4.0
    2007-10-04 06:41 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-03 19:48 112 ----a-w C:\Documents and Settings\yves\Application Data\fusioncache.dat
    2007-10-03 19:48 --------- d-----w C:\Documents and Settings\yves\Application Data\ApplicationHistory
    2007-10-03 19:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-03 19:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-03 18:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
    2007-10-03 18:53 --------- d-----w C:\Program Files\Mobile Action
    2007-10-03 18:31 --------- d-----w C:\Program Files\CyberLink
    2007-10-03 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-10-03 17:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-10-03 17:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
    2007-10-03 17:54 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
    2007-10-03 17:53 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-10-03 17:43 --------- d-----w C:\Documents and Settings\yves\Application Data\HP
    2007-10-03 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2007-10-03 17:40 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2007-10-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
    2007-10-03 17:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-10-03 17:37 --------- d-----w C:\Program Files\Fichiers communs\HP
    2007-10-03 17:33 --------- d-----w C:\Program Files\HP
    2007-10-03 15:24 --------- d-----w C:\Program Files\Microids
    2007-10-03 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-03 15:16 --------- d-----w C:\Program Files\Analog Devices
    2007-10-03 14:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-10-03 14:53 --------- d-----w C:\Program Files\ma-config.com
    2007-10-03 14:53 --------- d-----w C:\Documents and Settings\yves\Application Data\ma-config.com
    2007-10-03 12:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-03 11:44 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-10-03 11:44 --------- d-----w C:\Program Files\Inventel
    2007-10-03 11:43 81,920 ----a-w C:\WINDOWS\SYSTEM32\W32N50.dll
    2007-10-03 11:43 17,134 ----a-w C:\WINDOWS\SYSTEM32\PCANDIS5.sys
    2007-10-03 11:38 --------- d-----w C:\Program Files\Mobistar
    2007-10-03 11:13 --------- d-----w C:\Program Files\microsoft frontpage
    2007-10-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-10-03 11:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-10-03 10:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-10-03 10:49 271 --sh--w C:\Program Files\desktop.ini
    2007-10-03 10:49 23,506 ---h--w C:\Program Files\folder.htt
    2007-10-03 10:44 19,275 ----a-w C:\WINDOWS\SETVER.EXE
    2007-10-03 10:44 --------- d-----w C:\Program Files\Services en ligne
    2007-10-03 10:40 --------- d-----w C:\Program Files\PLUS!
    2007-10-03 10:40 --------- d-----r C:\Program Files\Accessoires
    2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
    2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
    2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
    2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
    2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
    2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
    2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
    2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
    2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
    2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
    2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
    2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
    2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
    2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
    2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
    2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
    2007-08-22 13:57 1,498,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
    2007-08-22 13:57 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
    2007-08-22 13:57 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-12_15.58.29.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
    + 2007-11-13 06:21:50 397,312 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\ntuser.dat
    + 2007-11-13 07:50:28 97,464 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
    - 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\SYSTEM32\swsc.exe
    + 2006-11-29 16:21:30 370,688 ----a-w C:\WINDOWS\SYSTEM32\swsc.exe
    - 2006-12-01 04:20:34 79,360 ----a-w C:\WINDOWS\SYSTEM32\swxcacls.exe
    + 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\SYSTEM32\swxcacls.exe
    + 2007-11-13 08:06:52 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_504.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{090321c0-7c8d-4d20-b4c6-36a3d827530c}]
    2007-11-12 15:44 81472 --a------ C:\WINDOWS\system32\hblqlbbh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14304D95-043D-4994-B6F7-7C145682A2BA}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323D63A5-96A7-49A3-BCE0-C1449B9E8E19}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57F4CFD-97E1-49C7-9580-C923BE27C63D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEAA0C83-2ED5-4E07-A50D-7F40B427A31D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD719CDE-AE9F-45BF-AC62-734301461166}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 15:25]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "3f1512ae"="C:\WINDOWS\system32\rbosmtxq.dll" [2007-11-12 15:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 05:31]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 20:21]
    "Washer"="C:\Program Files\Washer\washer.exe" [2003-01-13 10:08]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3f1512ae]
    rundll32.exe "C:\WINDOWS\system32\trdcvkes.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
    C:\Program Files\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
    C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
    C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
    C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
    "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
    SysTray.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "Hidserv"=Hidserv.exe run
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    R2 BT848;Bt878, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
    R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
    R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 VVZT1435;VVZT1435;\??\C:\WINDOWS\System32\Drivers\VI76X672.sys
    R2 XW4NJ5I9;XW4NJ5I9;\??\C:\WINDOWS\System32\Drivers\RK9PTCD2.sys
    R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
    R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
    R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-09 20:09:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-13 11:24:12
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-13 11:25:43 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-12 15:59
    .
    --- E O F ---
    0
  10. Utilisateur anonyme
     
    je croit que j'ai mal copier avant ! voila

    Logfile of HijackThis v1.99.1
    Scan saved at 12:24:11, on 13/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~2\wcescomm.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: {c035728d-3a63-6c4b-02d4-d8c70c123090} - {090321c0-7c8d-4d20-b4c6-36a3d827530c} - C:\WINDOWS\system32\hblqlbbh.dll
    O2 - BHO: (no name) - {14304D95-043D-4994-B6F7-7C145682A2BA} - (no file)
    O2 - BHO: (no name) - {28698DBA-44D1-4AB1-8BC6-1F0F7CE10BDD} - (no file)
    O2 - BHO: (no name) - {323D63A5-96A7-49A3-BCE0-C1449B9E8E19} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
    O2 - BHO: (no name) - {A57F4CFD-97E1-49C7-9580-C923BE27C63D} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {CEAA0C83-2ED5-4E07-A50D-7F40B427A31D} - (no file)
    O2 - BHO: (no name) - {DD719CDE-AE9F-45BF-AC62-734301461166} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [3f1512ae] rundll32.exe "C:\WINDOWS\system32\rbosmtxq.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    fais la suite de mon message 7 fix les ligne, colle otmovit...
    0
  12. Utilisateur anonyme
     
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\hblqlbbh.dll
    C:\WINDOWS\system32\hblqlbbh.dll NOT unregistered.
    C:\WINDOWS\system32\hblqlbbh.dll moved successfully.
    File/Folder C:\WINDOWS\SYSTEM32\zscprlhp.dll not found.

    Created on 11/13/2007 13:48:28
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm

    __________________

    recolle un nouveau rapport combofix et hijackthis et dis tes problemes
    0
  14. Utilisateur anonyme
     
    bonjour

    j'ai fait un scan avec secuser et j'ai suprimer 2 problemes ! mais j'ai pas eu de rapport !
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    recolle un nouveau rapport combofix et hijackthis et dis tes problemes
    0
  16. Utilisateur anonyme
     
    ComboFix 07-11-08.1 - yves 2007-11-14 21:47:01.4 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.650 [GMT 1:00]
    Running from: C:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\WDJXY4BX\ComboFix[1].exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-14 10:25 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-11-14 09:50 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-11-14 09:36 <REP> d--hs---- C:\FOUND.048
    2007-11-13 13:58 <REP> d-------- C:\WINDOWS\report
    2007-11-13 13:58 <REP> d-------- C:\WINDOWS\AU_Backup
    2007-11-13 13:58 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2007-11-13 13:58 267,845 --a------ C:\WINDOWS\tsc.exe
    2007-11-13 13:58 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2007-11-13 13:58 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2007-11-13 13:55 <REP> d-------- C:\WINDOWS\AU_Log
    2007-11-13 13:55 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-11-13 13:55 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2007-11-13 13:55 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-11-13 08:50 <REP> d-------- C:\Program Files\Common Files
    2007-11-13 08:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-11-13 07:45 <REP> d--hs---- C:\FOUND.047
    2007-11-12 15:32 <REP> d--hs---- C:\FOUND.046
    2007-11-12 15:25 145,984 --a------ C:\WINDOWS\SYSTEM32\saxnxsma.dll
    2007-11-12 15:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-12 06:34 81,472 --a------ C:\WINDOWS\SYSTEM32\rbfwokwp.dll
    2007-11-12 06:25 <REP> d-------- C:\VundoFix Backups
    2007-11-12 05:59 <REP> d--hs---- C:\FOUND.045
    2007-11-12 05:20 <REP> d--hs---- C:\FOUND.044
    2007-11-11 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-11 10:04 <REP> d--hs---- C:\FOUND.043
    2007-11-11 09:10 <REP> d--hs---- C:\FOUND.042
    2007-11-11 08:52 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-11-10 09:43 <REP> d-------- C:\Program Files\Washer
    2007-11-10 09:43 44,032 --a------ C:\WINDOWS\unwash.exe
    2007-11-10 08:46 <REP> d-------- C:\Program Files\Hijackthis Version Française
    2007-11-10 07:11 <REP> d-------- C:\Program Files\Yahoo!
    2007-11-09 10:54 <REP> d--hs---- C:\FOUND.041
    2007-11-09 08:35 <REP> d--hs---- C:\FOUND.040
    2007-11-09 08:25 <REP> d--hs---- C:\FOUND.039
    2007-11-09 05:45 1,732 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2007-11-08 18:51 <REP> d--hs---- C:\FOUND.038
    2007-11-08 16:37 <REP> d--hs---- C:\FOUND.037
    2007-11-08 05:39 <REP> d--hs---- C:\FOUND.036
    2007-11-07 08:07 86,080 --a------ C:\WINDOWS\SYSTEM32\trdcvkes.dll
    2007-11-07 08:01 <REP> d--hs---- C:\FOUND.035
    2007-11-06 23:57 <REP> d--hs---- C:\FOUND.034
    2007-11-06 20:09 145,984 --a------ C:\WINDOWS\SYSTEM32\xheunbwv.dll
    2007-11-06 11:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
    2007-11-05 08:53 <REP> d--hs---- C:\FOUND.033
    2007-11-05 06:56 <REP> d--hs---- C:\FOUND.032
    2007-11-04 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-04 10:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
    2007-11-04 09:37 35,328 --a------ C:\WINDOWS\SYSTEM32\ssqqrqp.dll
    2007-11-04 09:36 32,768 --a------ C:\Documents and Settings\yves\pdf.exe
    2007-11-04 09:36 786 --a------ C:\1823.bat
    2007-11-04 09:30 <REP> d-------- C:\Program Files\AKVIS
    2007-11-04 09:17 86,080 --a------ C:\WINDOWS\SYSTEM32\lvpyodau.dll
    2007-11-03 10:31 35,328 --a------ C:\WINDOWS\SYSTEM32\yayvwxv.dll
    2007-11-03 08:53 <REP> d--hs---- C:\FOUND.031
    2007-11-03 08:12 <REP> d--hs---- C:\FOUND.030
    2007-11-02 07:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\erreurchasseur
    2007-11-02 07:23 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
    2007-11-02 07:23 <REP> dr------- C:\Documents and Settings\All Users\Application Data\erreurchasseur
    2007-11-02 07:10 <REP> d--hs---- C:\FOUND.029
    2007-11-02 06:41 <REP> d--hs---- C:\FOUND.028
    2007-11-01 04:48 <REP> d-------- C:\My Downloads
    2007-11-01 04:44 <REP> d--hs---- C:\FOUND.027
    2007-11-01 03:34 <REP> d-------- C:\WINDOWS\SYSTEM32\Mz18r
    2007-11-01 03:34 <REP> d-------- C:\Temp\mZOr
    2007-11-01 03:34 <REP> d-------- C:\Temp
    2007-10-31 07:46 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-31 07:24 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
    2007-10-30 21:24 28,672 --a------ C:\Documents and Settings\yves\update.exe
    2007-10-30 21:21 <REP> d--hs---- C:\FOUND.026
    2007-10-30 14:03 <REP> d-------- C:\Documents and Settings\yves\Application Data\CopyToDvd
    2007-10-30 12:49 <REP> d--hs---- C:\FOUND.025
    2007-10-30 11:45 <REP> d-------- C:\Program Files\Adssite Advanced Toolbar
    2007-10-30 11:45 <REP> d-------- C:\Documents and Settings\yves\Application Data\Adssite Advanced Toolbar
    2007-10-30 11:44 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
    2007-10-30 11:41 82 --a------ C:\n.bat
    2007-10-30 11:41 0 --a------ C:\z.dat
    2007-10-29 13:25 <REP> d-------- C:\Program Files\vso
    2007-10-29 12:21 <REP> d--hs---- C:\FOUND.024
    2007-10-29 10:23 <REP> d-------- C:\Documents and Settings\yves\Application Data\Vso
    2007-10-29 10:23 47,360 --a------ C:\Documents and Settings\yves\Application Data\pcouffin.sys
    2007-10-29 10:23 39,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Pcouffin.sys
    2007-10-29 10:15 <REP> d-------- C:\Documents and Settings\yves\Application Data\DivX
    2007-10-29 10:14 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
    2007-10-29 10:14 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
    2007-10-29 10:14 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
    2007-10-29 10:13 <REP> d-------- C:\Program Files\DivX
    2007-10-29 09:05 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
    2007-10-29 09:05 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
    2007-10-29 09:05 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
    2007-10-29 09:05 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
    2007-10-29 09:05 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
    2007-10-29 09:05 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
    2007-10-29 09:05 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
    2007-10-29 09:05 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
    2007-10-29 09:04 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr
    2007-10-29 08:35 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-10-29 07:24 <REP> d--hs---- C:\FOUND.023
    2007-10-28 08:42 <REP> d-------- C:\Program Files\ReflexiveArcade
    2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
    2007-10-28 08:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-08 13:34 120,704 ----a-w C:\Documents and Settings\yves\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
    2007-10-13 17:18 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2007-10-13 17:18 --------- d-----w C:\Program Files\denouvel
    2007-10-13 05:57 --------- d-----w C:\Documents and Settings\yves\Application Data\Microsoft Help
    2007-10-13 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-12 12:11 --------- d-----w C:\Documents and Settings\yves\Application Data\muvee Technologies
    2007-10-12 11:17 --------- d-----w C:\Program Files\muvee Technologies
    2007-10-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
    2007-10-11 21:58 --------- d-----w C:\Program Files\Ares
    2007-10-11 21:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Ares
    2007-10-11 18:51 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
    2007-10-11 05:48 --------- d-----w C:\Program Files\GT Interactive
    2007-10-11 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-10 14:18 --------- d-----w C:\Program Files\IVT Corporation
    2007-10-10 07:02 --------- d-----w C:\Documents and Settings\yves\Application Data\AdobeUM
    2007-10-10 06:56 --------- d-----w C:\Program Files\PowerQuest
    2007-10-10 06:51 --------- d-----w C:\Program Files\TuneUp Utilities 2007
    2007-10-10 06:51 --------- d-----w C:\Documents and Settings\yves\Application Data\TuneUp Software
    2007-10-10 06:50 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-10 06:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-10-09 20:52 --------- d-----w C:\Program Files\eMule
    2007-10-09 18:48 --------- d-----w C:\Documents and Settings\yves\Application Data\Snapfish
    2007-10-09 06:35 --------- d-----w C:\Documents and Settings\yves\Application Data\Serif
    2007-10-09 06:32 --------- d-----w C:\Program Files\Micro application
    2007-10-08 06:04 --------- d-----w C:\Program Files\eBay
    2007-10-08 06:04 --------- d-----w C:\Documents and Settings\yves\Application Data\WholeSecurity
    2007-10-07 08:44 --------- d-----w C:\Documents and Settings\yves\Application Data\Ahead
    2007-10-07 08:42 --------- d-----w C:\Program Files\Nero
    2007-10-07 08:42 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-07 08:27 --------- d-----w C:\Program Files\DVD Shrink
    2007-10-07 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-10-06 05:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-10-04 18:38 --------- d-----w C:\Program Files\ToniArts
    2007-10-04 08:16 --------- d-----w C:\Program Files\Google
    2007-10-04 08:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-10-04 06:57 --------- d-----w C:\Program Files\MSXML 4.0
    2007-10-04 06:41 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-03 19:48 112 ----a-w C:\Documents and Settings\yves\Application Data\fusioncache.dat
    2007-10-03 19:48 --------- d-----w C:\Documents and Settings\yves\Application Data\ApplicationHistory
    2007-10-03 19:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-03 19:17 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-03 18:58 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
    2007-10-03 18:53 --------- d-----w C:\Program Files\Mobile Action
    2007-10-03 18:31 --------- d-----w C:\Program Files\CyberLink
    2007-10-03 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-10-03 17:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-10-03 17:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
    2007-10-03 17:54 --------- d-----w C:\Documents and Settings\yves\Application Data\Dossier de téléchargement Share-to-Web
    2007-10-03 17:53 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2007-10-03 17:43 --------- d-----w C:\Documents and Settings\yves\Application Data\HP
    2007-10-03 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2007-10-03 17:40 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2007-10-03 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
    2007-10-03 17:37 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-10-03 17:37 --------- d-----w C:\Program Files\Fichiers communs\HP
    2007-10-03 17:33 --------- d-----w C:\Program Files\HP
    2007-10-03 15:24 --------- d-----w C:\Program Files\Microids
    2007-10-03 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-03 15:16 --------- d-----w C:\Program Files\Analog Devices
    2007-10-03 14:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-10-03 14:53 --------- d-----w C:\Program Files\ma-config.com
    2007-10-03 14:53 --------- d-----w C:\Documents and Settings\yves\Application Data\ma-config.com
    2007-10-03 12:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-03 11:44 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-10-03 11:44 --------- d-----w C:\Program Files\Inventel
    2007-10-03 11:43 81,920 ----a-w C:\WINDOWS\SYSTEM32\W32N50.dll
    2007-10-03 11:43 17,134 ----a-w C:\WINDOWS\SYSTEM32\PCANDIS5.sys
    2007-10-03 11:38 --------- d-----w C:\Program Files\Mobistar
    2007-10-03 11:13 --------- d-----w C:\Program Files\microsoft frontpage
    2007-10-03 11:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-10-03 11:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-10-03 10:50 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-10-03 10:49 271 --sh--w C:\Program Files\desktop.ini
    2007-10-03 10:49 23,506 ---h--w C:\Program Files\folder.htt
    2007-10-03 10:44 19,275 ----a-w C:\WINDOWS\SETVER.EXE
    2007-10-03 10:44 --------- d-----w C:\Program Files\Services en ligne
    2007-10-03 10:40 --------- d-----w C:\Program Files\PLUS!
    2007-10-03 10:40 --------- d-----r C:\Program Files\Accessoires
    2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
    2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
    2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
    2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
    2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
    2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
    2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
    2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
    2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
    2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
    2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
    2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
    2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
    2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
    2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
    2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 15:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 20:21]
    "Washer"="C:\Program Files\Washer\washer.exe" [2003-01-13 10:08]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "washindex"=C:\Program Files\Washer\washidx.exe "yves"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3f1512ae]
    rundll32.exe "C:\WINDOWS\system32\trdcvkes.dll",b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
    C:\Program Files\CyberLink\PowerVCRII\Agent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
    C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]
    C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
    C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
    "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com; ad=http://erreurchasseur.com

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
    SysTray.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "Hidserv"=Hidserv.exe run
    "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R2 BT848;Bt878, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys
    R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys
    R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R2 VVZT1435;VVZT1435;\??\C:\WINDOWS\System32\Drivers\VI76X672.sys
    R2 XW4NJ5I9;XW4NJ5I9;\??\C:\WINDOWS\System32\Drivers\RK9PTCD2.sys
    R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
    R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
    R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-09 20:09:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 21:50:39
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-14 21:52:19
    C:\ComboFix3.txt ... 2007-11-12 15:59
    C:\ComboFix2.txt ... 2007-11-13 11:25
    .
    --- E O F ---
    0
  17. Utilisateur anonyme
     
    voila ! je n'ai plus de probleme concernant mon infection! mais pc plante souvant! mais je sait pas de ou sa vient!
    merci milles fois!

    Logfile of HijackThis v1.99.1
    Scan saved at 21:53:44, on 14/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~2\wcescomm.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "yves"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.be/SnapfishActivia.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Creative Technology Ltd. - (no file)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces fichiers sur virus total et dis moi lequels sont inféctés;

    https://www.virustotal.com/gui/

    C:\WINDOWS\vsapi32.dll
    C:\WINDOWS\hcextoutput.dll
    C:\WINDOWS\SYSTEM32\saxnxsma.dll
    C:\WINDOWS\SYSTEM32\rbfwokwp.dll
    C:\WINDOWS\SYSTEM32\tmp.reg
    C:\WINDOWS\SYSTEM32\trdcvkes.dll
    C:\WINDOWS\SYSTEM32\xheunbwv.dll
    C:\WINDOWS\SYSTEM32\msvcr80.dll
    C:\WINDOWS\SYSTEM32\ssqqrqp.dll
    C:\WINDOWS\SYSTEM32\lvpyodau.dll
    C:\WINDOWS\SYSTEM32\yayvwxv.dll

    _____________________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

     Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
     Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
     Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
    Manuel de clean :
    http://kerio.probb.fr/tuto-Clean-h37.html

    _______________________
    0
  19. Utilisateur anonyme
     
    Fichier rbfwokwp.dll_ reçu le 2007.11.15 22:41:57 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 8/32 (25%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 6.
    L'heure estimée de démarrage est entre 55 et 78 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.16.0 2007.11.15 -
    AntiVir 7.6.0.34 2007.11.15 TR/Dldr.ConHook.Gen
    Authentium 4.93.8 2007.11.15 -
    Avast 4.7.1074.0 2007.11.15 -
    AVG 7.5.0.503 2007.11.15 Lop
    BitDefender 7.2 2007.11.15 -
    CAT-QuickHeal 9.00 2007.11.15 -
    ClamAV 0.91.2 2007.11.15 -
    DrWeb 4.44.0.09170 2007.11.15 -
    eSafe 7.0.15.0 2007.11.14 -
    eTrust-Vet 31.2.5297 2007.11.15 -
    Ewido 4.0 2007.11.15 -
    FileAdvisor 1 2007.11.15 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.14 -
    F-Secure 6.70.13030.0 2007.11.15 Vundo.gen49
    Ikarus T3.1.1.12 2007.11.15 -
    Kaspersky 7.0.0.125 2007.11.15 -
    McAfee 5164 2007.11.15 Vundo
    Microsoft 1.3007 2007.11.12 -
    NOD32v2 2661 2007.11.15 -
    Norman 5.80.02 2007.11.15 W32/Virtumonde.IJR
    Panda 9.0.0.4 2007.11.15 Suspicious file
    Prevx1 V2 2007.11.15 Trojan.Vundo
    Rising 20.18.31.00 2007.11.15 -
    Sophos 4.23.0 2007.11.15 -
    Sunbelt 2.2.907.0 2007.11.15 -
    Symantec 10 2007.11.15 -
    TheHacker 6.2.9.129 2007.11.15 -
    VBA32 3.12.2.5 2007.11.15 -
    VirusBuster 4.3.26:9 2007.11.15 -
    Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Dldr.ConHook.Gen
    Information additionnelle
    File size: 81472 bytes
    MD5: f8bf00829c67f38d9631d8707884a78e
    SHA1: 1d14bf0604ec7714e37e0ca44e9d2c343c8ba812
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=3821B1D140B8653B3E18018CF8356100F9A09EF2
    0
  20. Utilisateur anonyme
     
    Fichier saxnxsma.dll_ reçu le 2007.11.15 22:53:36 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 11/32 (34.38%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 6.
    L'heure estimée de démarrage est entre 55 et 78 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.16.0 2007.11.15 -
    AntiVir 7.6.0.34 2007.11.15 TR/Vundo.CA
    Authentium 4.93.8 2007.11.15 -
    Avast 4.7.1074.0 2007.11.15 -
    AVG 7.5.0.503 2007.11.15 Obfustat.VTX
    BitDefender 7.2 2007.11.15 Adware.Virtumonde.GHI
    CAT-QuickHeal 9.00 2007.11.15 -
    ClamAV 0.91.2 2007.11.15 -
    DrWeb 4.44.0.09170 2007.11.15 -
    eSafe 7.0.15.0 2007.11.14 -
    eTrust-Vet 31.2.5297 2007.11.15 -
    Ewido 4.0 2007.11.15 -
    FileAdvisor 1 2007.11.15 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.14 -
    F-Secure 6.70.13030.0 2007.11.15 -
    Ikarus T3.1.1.12 2007.11.15 -
    Kaspersky 7.0.0.125 2007.11.15 not-a-virus:AdWare.Win32.SecToolBar.k
    McAfee 5164 2007.11.15 -
    Microsoft 1.3007 2007.11.12 -
    NOD32v2 2661 2007.11.15 Win32/Adware.SecToolbar
    Norman 5.80.02 2007.11.15 W32/Virtumonde.IIT
    Panda 9.0.0.4 2007.11.15 Spyware/Virtumonde
    Prevx1 V2 2007.11.15 Trojan.Zlob
    Rising 20.18.31.00 2007.11.15 -
    Sophos 4.23.0 2007.11.15 -
    Sunbelt 2.2.907.0 2007.11.15 -
    Symantec 10 2007.11.15 Trojan.Vundo
    TheHacker 6.2.9.129 2007.11.15 Trojan/BHO.ui
    VBA32 3.12.2.5 2007.11.15 -
    VirusBuster 4.3.26:9 2007.11.15 -
    Webwasher-Gateway 6.0.1 2007.11.15 Trojan.Vundo.CA
    Information additionnelle
    File size: 145984 bytes
    MD5: 0e2d51539d9bb17e116e41c1396520cd
    SHA1: 5bcb7fa90beab9ac25a3c840dea11e314d3fd6f7
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=5E3C8ADC40D98E673AB20272A7FF1C00C714E363
    0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tous les fichiers inféctés tu les mets dans la citation de otmovit et tu fais la procedure pour les supprimer (j'ai deja mis ce que tu ass dis d'inféctés avant 23h30 ) car la je vais faire dodo!

    en attente:
    C:\WINDOWS\vsapi32.dll
    C:\WINDOWS\hcextoutput.dll
    C:\WINDOWS\SYSTEM32\msvcr80.dll
    C:\WINDOWS\SYSTEM32\ssqqrqp.dll
    C:\WINDOWS\SYSTEM32\lvpyodau.dll
    C:\WINDOWS\SYSTEM32\yayvwxv.dll

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\SYSTEM32\xheunbwv.dll
    C:\WINDOWS\SYSTEM32\saxnxsma.dll
    C:\WINDOWS\SYSTEM32\rbfwokwp.dll
    C:\WINDOWS\SYSTEM32\trdcvkes.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ____________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

     Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
     Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
     Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
    Manuel de clean :
    http://kerio.probb.fr/tuto-Clean-h37.html

    _______________________

    remplace avast par antivir et colle moi un rapport:

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    ________________________
    recolle un rapport hijackthis
    et dis moi tes problemes
    0
  • 1
  • 2