GZMRT.DLL manquant

Question

Bonjour, j'ai un certain message d'erreur a chaque demarrage de mon pc et defois il demarre mal donc je doit le redemarrer manuellement 
entre 1 a 3 fois pour qu'il se charge normalement , j'ai aussi reussi a faire partir le message d'erreur du demarrage mais il se charge mal de temp a autre , je poste mon log de Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 15:06:42, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unreal3.2\wircd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-digital-media.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61004
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61004
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\SQUALL\Application Data\Mozilla\Profiles\default\7tc9yn70.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\SQUALL\Application Data\Mozilla\Profiles\default\7tc9yn70.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32
sx34.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mdczxonedd] c:\documents and settings\squall\local settings\application data\mdczxonedd.exe mdczxonedd
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: UnrealIRCd - none - C:\Program Files\Unreal3.2\wircd.exe

green day · Answer

Salut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

* Démarrer en mode sans echec 
* Double cliquer combofix.exe. 
* Appuyer sur la touche Y (Yes) pour démarrer le scan 
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp 

++

Cuthalion · Answer

voila le rapport de ce que tu ma demandé :

ComboFix 08-01-10.2 - SQUALL 2008-01-10 15:28:09.1 - [color=red][b]FAT32[/b][/color]x86 MINIMAL
Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.274 [GMT 1:00]
Running from: C:\Documents and Settings\SQUALL\Bureau\ComboFix.exe
Command switches used :: and Settings\SQUALL\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\SQUALL\Local Settings\Application Data\mdczxonedd.dat
C:\Documents and Settings\SQUALL\Local Settings\Application Data\mdczxonedd.exe
C:\Documents and Settings\SQUALL\Local Settings\Application Data\mdczxonedd_navps.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\system32
kgulv.dat
C:\WINDOWS\system32
kgulv_nav.dat
C:\WINDOWS\system32
kgulv_navps.dat
C:\WINDOWS\system32
sx34.dll
C:\WINDOWS\system32
vs2.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------
m


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-12-10 to 2008-01-10  ))))))))))))))))))))))))))))))))))))
.

2008-01-10 15:27 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-10 15:06 . 2008-01-10 15:06	10,361	--a------	C:\hijackthis_texte
2008-01-10 15:05 . 2005-02-16 11:06	218,112	--a------	C:\HijackThis.exe
2008-01-09 12:02 . 2008-01-09 12:02	1,355	--a------	C:\WINDOWS\imsins.BAK
2008-01-01 21:00 . 2008-01-01 21:00	921,654	--a------	C:\WINDOWS\system32\pff.bmp
2007-12-11 16:33 . 2007-12-11 16:33	<REP>	d--hs----	C:\Program Files\Fichiers communs\WindowsLiveInstaller

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 18:57	---------	d-----w	C:\Program Files\Panda Security
2007-12-04 14:56	93,264	----a-w	C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55	94,544	----a-w	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53	23,152	----a-w	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51	42,912	----a-w	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49	26,624	----a-w	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04	837,496	----a-w	C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr
2007-12-01 19:29	---------	d-----w	C:\Program Files\Anope
2007-12-01 16:37	79,868	----a-w	C:\WINDOWS\system32\adssite-remove.exe
2007-11-30 16:56	---------	d-----w	C:\Program Files\Unreal3.2
2007-11-28 15:37	40,737	----a-w	C:\WINDOWS\system32ightonadz-uninst.exe
2007-11-24 13:45	---------	d-----w	C:\Program Files\laughnetwork
2007-11-13 10:25	20,480	----a-w	C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28	728,576	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28	728,576	------w	C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23	3,590,656	------w	C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20	360,064	------w	C:\WINDOWS\system32\dllcache	cpip.sys
2007-10-29 22:43	1,293,824	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43	1,293,824	------w	C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:42	87,184	----a-w	C:\WINDOWS\NSUninst.exe
2007-10-25 16:43	8,516,608	----a-w	C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28	222,720	------w	C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49	824,832	------w	C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49	671,232	------w	C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49	63,488	------w	C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49	6,065,664	------w	C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49	52,224	------w	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49	478,208	------w	C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49	459,264	------w	C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49	44,544	------w	C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49	384,512	------w	C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49	383,488	------w	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49	27,648	------w	C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49	267,776	------w	C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49	232,960	------w	C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49	230,400	------w	C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49	214,528	------w	C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49	193,024	------w	C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49	153,088	------w	C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49	132,608	------w	C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49	124,928	------w	C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49	105,984	------w	C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49	102,400	------w	C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49	1,159,680	------w	C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01	625,152	------w	C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00	70,656	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll
2006-08-22 17:12	278,528	----a-w	C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 12:09 568096]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Videos"="C:\Program Files\laughnetwork\update.exe" [2007-11-24 16:10 63376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:41 393216]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-11 17:06 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"Tweak UI"="TWEAKUI.CPL" [2001-03-19 00:41 110640 C:\WINDOWS\system32\TWEAKUI.CPL]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 19:23 139264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck]
C:\WINDOWS\system32\gzmrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\program files\valve\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\WANADOO\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\WANADOO\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\WANADOO\Watch.exe

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18]
R3 ovt530;Dual Mode USB Camera OV530;C:\WINDOWS\system32\Drivers\ov530vid.sys [2006-02-08 11:28]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - INT15.SYS 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-09-03 21:33:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 16:15:02 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 15:33:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Completion time: 2008-01-10 15:35:07 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-10 14:35:04
.
2008-01-09 11:03:25	--- E O F ---

green day · Answer

ok,

Télécharge SDFix sur ton bureau 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

++

Cuthalion · Answer

voila le raport de SDfix ( mon ordinateur a mal demarrer j'ai du l'éteindre et le rallumer manuellement  ) :


SDFix: Version 1.125

Run by SQUALL on 10/01/2008 at 16:02

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\SQUALL\Bureau\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
C:\WINDOWS\antiv.exe  - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 16:07:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\SQUALL\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat  6 Aug 2005         1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat  6 Aug 2005         1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat  6 Aug 2005         1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat  6 Aug 2005         1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat  6 Aug 2005         1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 10 Oct 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 20 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT6.tmp"
Thu 20 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ae178a19c6b7c7d3db0eb0aa49460b31\BIT8.tmp"
Thu 20 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8e1092e4a07bde9d108020eaac84239\BIT7.tmp"
Tue 11 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3fd033e4d9140ea4bb2ff5810443583\BIT47.tmp"
Tue 11 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fefadc649fc57605016f03697a56e630\BIT45.tmp"
Tue 11 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6d9b5c6f7aca2a8c316c06d5e3d7582\BIT43.tmp"
Tue 11 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddb5a4bc745d6c9417878e1c725abb66\BIT42.tmp"
Tue 11 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\743d2b15f77fe959a0315b201635ca64\BIT44.tmp"

Finished! 

et le rapport de HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 16:19:43, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unreal3.2\wircd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-digital-media.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\SQUALL\Application Data\Mozilla\Profiles\default\7tc9yn70.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\SQUALL\Application Data\Mozilla\Profiles\default\7tc9yn70.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: UnrealIRCd - none - C:\Program Files\Unreal3.2\wircd.exe


Voila ^^

Cuthalion · Answer

Bon je vient de m'apercevoir que j'ai un probleme avec avast aussi il n'est plus dans la barre ( ou y'a le msn ) donc je voudrais savoir quoi faire car je n'arrive pas a le remettre en demarrage automatique , voila j'attend vos reponse ^^

green day · Answer

Salut


 est-il actif, regarde dans démarrer < tous les programme < avast : s'il est bien opérationnel !

ensuite, poste un nouveau combo stp

@+

Cuthalion · Answer

heu il est bien actif mais un combo de quoi ?

green day · Answer

un combofix !

 hop là !

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

* Démarrer en mode sans echec 
* Double cliquer combofix.exe. 
* Appuyer sur la touche Y (Yes) pour démarrer le scan 
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp 

++

:)

Cuthalion · Answer

ComboFix 08-01-10.2 - SQUALL 2008-01-13 15:19:15.2 - [color=red][b]FAT32[/b][/color]x86 MINIMAL Running from: C:\Documents and Settings\SQUALL\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))))))) . 2008-01-12 15:47 . 2008-01-12 15:47 d-------- C:\Program Files\PhotoScape 2008-01-12 15:35 . 2008-01-12 15:35 d-------- C:\Program Files\vmntoolbar 2008-01-12 15:35 . 2008-01-12 15:35 d-------- C:\Documents and Settings\SQUALL\Application Data\vmntoolbar 2008-01-10 20:57 . 2008-01-10 20:57 d-------- C:\Documents and Settings\SQUALL\Application Data\Hamachi 2008-01-10 20:53 . 2008-01-10 20:53 d-------- C:\Program Files\Hamachi 2008-01-10 20:53 . 2008-01-10 20:53 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-10 19:24 . 2008-01-10 19:24 d-------- C:\Program Files\TuneUp Utilities 2008 2008-01-10 19:24 . 2008-01-10 19:24 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-01-10 16:19 . 2008-01-10 16:19 9,909 --a------ C:\hijackthis_rapport 2008-01-10 16:01 . 2008-01-10 16:01 d-------- C:\WINDOWS\ERUNT 2008-01-10 15:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 15:06 . 2008-01-10 15:06 10,361 --a------ C:\hijackthis_texte 2008-01-10 15:05 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe 2008-01-01 21:00 . 2008-01-01 21:00 921,654 --a------ C:\WINDOWS\system32\pff.bmp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll 2007-12-11 15:33 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-05 18:57 --------- d-----w C:\Program Files\Panda Security 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-01 19:29 --------- d-----w C:\Program Files\Anope 2007-12-01 16:37 79,868 ----a-w C:\WINDOWS\system32\adssite-remove.exe 2007-11-30 16:56 --------- d-----w C:\Program Files\Unreal3.2 2007-11-28 15:37 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe 2007-11-24 13:45 --------- d-----w C:\Program Files\laughnetwork 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 17:42 87,184 ----a-w C:\WINDOWS\NSUninst.exe 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2006-08-22 17:12 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-10_15.34.44.04 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-13 16:03:08 476,160 ----a-w C:\WINDOWS\Downloaded Program Files\PPClean.exe + 2007-08-13 16:03:08 800,272 ----a-w C:\WINDOWS\Downloaded Program Files\ppctl.dll + 2007-08-13 16:03:08 30,763 ----a-w C:\WINDOWS\Downloaded Program Files\ppsrindex.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE + 2008-01-10 04:51:10 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-01-10 15:01:40 8,966,144 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2008-01-10 15:01:40 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-10 04:51:10 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-01-10 15:01:28 8,966,144 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2008-01-10 15:01:28 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19 5728112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 19:23 139264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] C:\Documents and Settings\SQUALL\Menu D‚marrer\Programmes\D‚marrage\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2007-07-18 12:41:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) "NoFind"= 0 (0x0) "NoRun"= 0 (0x0) "NoDesktop"= 0 (0x0) "NoClose"= 0 (0x0) "StartMenuLogOff"= 0 (0x0) "HideClock"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck] C:\WINDOWS\system32\gzmrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] d:\program files\valve\steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe "SoundMan"=SOUNDMAN.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "LaunchApp"=Alaunch "Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe "PCMService"="C:\Program Files\Arcade\PCMService.exe" "LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE "MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14] S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00] S3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15] S3 ovt530;Dual Mode USB Camera OV530;C:\WINDOWS\system32\Drivers\ov530vid.sys [2006-02-08 11:28] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13] S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [] S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-10 19:24] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-03 21:33:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-11 16:15:02 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 15:21:15 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 15:21:45 ComboFix-quarantined-files.txt 2008-01-13 14:21:44 ComboFix2.txt 2008-01-10 14:35:08 . 2008-01-09 11:03:25 --- E O F ---

green day · Answer

c'est parti !



Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras : 

File:: 

C:\WINDOWS\system32\adssite-remove.exe 
C:\WINDOWS\system32\rightonadz-uninst.exe 
C:\WINDOWS\NSUninst.exe 

Folder::

C:\Program Files\vmntoolbar

registry ::


[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck] 

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif 

Dans la fenêtre qui suit, choisie l'option 1 puis valide 
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal ! 
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt ) 

ensuite : 

rends toi ici : https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\pff.bmp 

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

poste le rapport stp



@+

Cuthalion · Answer

ComboFix 08-01-10.2 - SQUALL 2008-01-13 17:05:01.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.76 [GMT 1:00] Running from: C:\Documents and Settings\SQUALL\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\SQUALL\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\NSUninst.exe C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\rightonadz-uninst.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\vmntoolbar C:\Program Files\vmntoolbar\install.ico C:\Program Files\vmntoolbar\tbuninstall.exe C:\Program Files\vmntoolbar\toolbar.ini C:\Program Files\vmntoolbar\uninstall.exe C:\Program Files\vmntoolbar\vmntoolbar.dll C:\WINDOWS\NSUninst.exe C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\rightonadz-uninst.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))))))) . 2008-01-12 15:47 . 2008-01-12 15:47 d-------- C:\Program Files\PhotoScape 2008-01-12 15:35 . 2008-01-12 15:35 d-------- C:\Documents and Settings\SQUALL\Application Data\vmntoolbar 2008-01-10 20:57 . 2008-01-10 20:57 d-------- C:\Documents and Settings\SQUALL\Application Data\Hamachi 2008-01-10 20:53 . 2008-01-10 20:53 d-------- C:\Program Files\Hamachi 2008-01-10 20:53 . 2008-01-10 20:53 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-10 19:24 . 2008-01-10 19:24 d-------- C:\Program Files\TuneUp Utilities 2008 2008-01-10 19:24 . 2008-01-10 19:24 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-01-10 16:19 . 2008-01-10 16:19 9,909 --a------ C:\hijackthis_rapport 2008-01-10 16:01 . 2008-01-10 16:01 d-------- C:\WINDOWS\ERUNT 2008-01-10 15:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 15:06 . 2008-01-10 15:06 10,361 --a------ C:\hijackthis_texte 2008-01-10 15:05 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe 2008-01-01 21:00 . 2008-01-01 21:00 921,654 --a------ C:\WINDOWS\system32\pff.bmp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll 2007-12-11 15:33 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-05 18:57 --------- d-----w C:\Program Files\Panda Security 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-01 19:29 --------- d-----w C:\Program Files\Anope 2007-11-30 16:56 --------- d-----w C:\Program Files\Unreal3.2 2007-11-24 13:45 --------- d-----w C:\Program Files\laughnetwork 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2006-08-22 17:12 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-10_15.34.44.04 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-13 16:03:08 476,160 ----a-w C:\WINDOWS\Downloaded Program Files\PPClean.exe + 2007-08-13 16:03:08 800,272 ----a-w C:\WINDOWS\Downloaded Program Files\ppctl.dll + 2007-08-13 16:03:08 30,763 ----a-w C:\WINDOWS\Downloaded Program Files\ppsrindex.dat - 2008-01-10 14:27:54 1,122,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\ntuser.dat + 2008-01-13 16:04:50 1,122,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-10 14:27:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-13 16:04:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-10 14:27:58 8,966,144 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat + 2008-01-13 16:04:50 1,126,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-10 14:27:58 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-13 16:04:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-13 16:04:52 8,974,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-13 16:04:52 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE + 2008-01-10 04:51:10 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-01-10 15:01:40 8,966,144 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2008-01-10 15:01:40 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-10 04:51:10 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-01-10 15:01:28 8,966,144 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2008-01-10 15:01:28 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-13 14:23:38 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_77c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19 5728112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 19:23 139264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] C:\Documents and Settings\SQUALL\Menu D‚marrer\Programmes\D‚marrage\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2007-07-18 12:41:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) "NoFind"= 0 (0x0) "NoRun"= 0 (0x0) "NoDesktop"= 0 (0x0) "NoClose"= 0 (0x0) "StartMenuLogOff"= 0 (0x0) "HideClock"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck] C:\WINDOWS\system32\gzmrt.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] d:\program files\valve\steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe "SoundMan"=SOUNDMAN.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "LaunchApp"=Alaunch "Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe "PCMService"="C:\Program Files\Arcade\PCMService.exe" "LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE "MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 05:00] R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-15 00:18] R3 ovt530;Dual Mode USB Camera OV530;C:\WINDOWS\system32\Drivers\ov530vid.sys [2006-02-08 11:28] R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43] S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08] S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11] S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13] S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15] S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-10 19:24] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-03 21:33:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-11 16:15:02 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 17:07:19 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 17:08:05 ComboFix-quarantined-files.txt 2008-01-13 16:08:02 ComboFix3.txt 2008-01-10 14:35:08 ComboFix2.txt 2008-01-13 14:21:48 . 2008-01-09 11:03:25 --- E O F --- voila j'ai trouver le pff.bmp mais je ne sais pas quoi faire car il n'y a pas de send file ou sa veut plutot dire de le transféré sur le site?

green day · Answer

tu clic sur parcourir, jusqu'à trouvé le fichier et juste en dessous, tu as un encadré bleu : send file ! :)

++

Cuthalion · Answer

Fichier pff.bmp reçu le 2008.01.13 17:40:49 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE 


Résultat: 0/31 (0%)
en train de charger les informations du serveur... 
Votre fichier est dans la file d'attente, en position: 3.
L'heure estimée de démarrage est entre 44 et 63 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse. 
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. 
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération. 
 Formaté Impression des résultats  
Votre fichier a expiré ou n'existe pas. 
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. 
 Email:  
  

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.1.12.10 2008.01.11 - 
AntiVir 7.6.0.46 2008.01.11 - 
Authentium 4.93.8 2008.01.12 - 
Avast 4.7.1098.0 2008.01.12 - 
AVG 7.5.0.516 2008.01.13 - 
BitDefender 7.2 2008.01.13 - 
CAT-QuickHeal 9.00 2008.01.12 - 
ClamAV 0.91.2 2008.01.13 - 
DrWeb 4.44.0.09170 2008.01.13 - 
eSafe 7.0.15.0 2008.01.10 - 
eTrust-Vet 31.3.5451 2008.01.11 - 
Ewido 4.0 2008.01.13 - 
FileAdvisor 1 2008.01.13 - 
Fortinet 3.14.0.0 2008.01.13 - 
F-Prot 4.4.2.54 2008.01.13 - 
F-Secure 6.70.13030.0 2008.01.13 - 
Ikarus T3.1.1.20 2008.01.13 - 
Kaspersky 7.0.0.125 2008.01.13 - 
McAfee 5205 2008.01.11 - 
Microsoft 1.3109 2008.01.13 - 
NOD32v2 2788 2008.01.13 - 
Norman 5.80.02 2008.01.11 - 
Panda 9.0.0.4 2008.01.13 - 
Rising 20.26.62.00 2008.01.13 - 
Sophos 4.24.0 2008.01.13 - 
Sunbelt 2.2.907.0 2008.01.12 - 
Symantec 10 2008.01.13 - 
TheHacker 6.2.9.186 2008.01.11 - 
VBA32 3.12.2.5 2008.01.13 - 
VirusBuster 4.3.26:9 2008.01.12 - 
Webwasher-Gateway 6.6.2 2008.01.13 - 
Information additionnelle 
File size: 921654 bytes 
MD5: e5693e7e4efdfde849e5de89ced0f350 
SHA1: 0a0567f88c52ec5232247af41baca4a047a060b0 
PEiD: - 


Voila

green day · Answer

ok,

Télécharge ce fichier :
https://3a6249fb-a-62cb3a1a-s-sites.googlegroups.com/site/dcangeldark/Kill_Adssite.zip?attachauth=ANoY7cpRWBfHsjuUtXZm7O4gV7WXXvxoLJ-TUP99ktFmVi2pEXSTZPNyF5UFeqWMsQcqd3ryZTikvN1on7hoH1XPyXy7qmp0JdS1s633s-IOhSn4lawPBaW2N9oZF7BGPV3Iec0zg3VoGioRcpfS2G8Pzg-CFokFx5vmq6OLijndTPDrcDyQi6Q3X-jx0qwnNQ7xJeaKpqRCVGFNyqNBVBmC_eYqmp8xMQ%3D%3D&attredirects=3
Dézippe-le puis lance Kill.cmd. Poste le rapport stp

++

Cuthalion · Answer

C:\Program Files\Adssite Advanced Toolbar - [b]Trouve[/b] !
C:\Program Files\Adssite Advanced Toolbar - Supprime !
----------

Voila c'est tout ce qu'il ma dit

green day · Answer

très bien !

 fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

Cuthalion · Answer

voila le AVG : 

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	22:53:19 13/01/2008

 + Résultat de l'analyse:	



C:\QooBox\Quarantine\C\WINDOWS\system32
sx34.dll.vir -> Not-A-Virus.Adware.Agent : Aucune action entreprise.
C:\Documents and Settings\SQUALL\Cookies\squall@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\SQUALL\Cookies\squall@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport

MAintenant le bitdefender en ligne : 

BitDefender Online Scanner
	

 
	

 

Scan report generated at: Sun, Jan 13, 2008 - 23:40:24

 
	

 
	

 

Scan path: C:\;D:\;E:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

00:44:11

Files
	

244416

Folders
	

5306

Boot Sectors
	

4

Archives
	

7116

Packed Files
	

7177
	

 
	

 

Results

Identified Viruses
	

3

Infected Files
	

3

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

3
	

 
	

 

Engines Info

Virus Definitions
	

889949

Engine build
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

7

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\SQUALL\Mes documents\Mes fichiers reçus\serveur.zip=>serveur/Serveur.exe
	

Infected with: MemScan:Trojan.HideWindows.A

C:\Documents and Settings\SQUALL\Mes documents\Mes fichiers reçus\serveur.zip=>serveur/Serveur.exe
	

Disinfection failed

C:\Documents and Settings\SQUALL\Mes documents\Mes fichiers reçus\serveur.zip=>serveur/Serveur.exe
	

Deleted

C:\Documents and Settings\SQUALL\Mes documents\Mes fichiers reçus\serveur.zip
	

Updated

C:\QooBox\Quarantine\C\Documents and Settings\SQUALL\Local Settings\Application Data\mdczxonedd.exe.vir
	

Detected with: Adware.Navipromo.BZC

C:\QooBox\Quarantine\C\Documents and Settings\SQUALL\Local Settings\Application Data\mdczxonedd.exe.vir
	

Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\SQUALL\Local Settings\Application Data\mdczxonedd.exe.vir
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
	

Infected with: Backdoor.Skinymes.Agent.A

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
	

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0009
	

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
	

Update failed

Et Maintenant HijackThis : 

Logfile of HijackThis v1.99.1
Scan saved at 23:43:43, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unreal3.2\wircd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\SQUALL\Application Data\Mozilla\Profiles\default\7tc9yn70.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\SQUALL\Application Data\Mozilla\Profiles\default\7tc9yn70.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: UnrealIRCd - none - C:\Program Files\Unreal3.2\wircd.exe

green day · Answer

salut

 ok, où en sont tes soucis ??

++

Cuthalion · Answer

Salut , merci je croi effectivement que mon probleme est règlé , j'aurai un dernier petit probleme et je ne ses pas si ses a cause du virus ou autre donc :

J'avais virer ma corbeille et j'ai donc suivie les reponse d'autre forum et puis j'ai reussi a ramener ma corbeille mais je ne peu pas l'utiliser car et elle est en format dossier et je voulait savoir si vous ne connaitrai pas une solution pour la remetre en corbeille ( normale ) , voila ^^

green day · Answer

Salut

 peut être la solution ici : http://www.commentcamarche.net/faq/sujet 5675 corbeille disparue

++

Cuthalion · Answer

Bonjour , j'ai regarder la page que tu ma donner , la premiere solution c'est celle que j'avais effectuer mais elle a ramener ma corbeille en dossier et puis la deuxieme solution ne permet pas de changer la corbeille car quand je coche la corbeille elle est toujours en dossier :s

green day · Answer

Salut

 tu veux dire que tu n'as pas d'icône corbeille mais un dossier nommé corbeille ?!

++

Cuthalion · Answer

Oui mais le dossier a quelque fonctionnalité de la corbeille il manque juste la bonne icone et puis la selection "vider la corbeille" voila

green day · Answer

ok, en fouillant ici, tu trouveras ton bonheur : https://forums.commentcamarche.net/forum/s/corbeille?forum_num=themes

++

Cuthalion · Answer

bon désolé mais je relance le sujet , j'ai découver que depuis que je n'est plus le virus que je n'est plus les trait du sons  ( je suis sur PC portable ) et quand j'appuie sur  Fn et la fleche du haut ( pour monté le sons ) ben je n'est pas les trait vert ..

Vous savez quoi faire ?

green day · Answer

Salut

 j'ai rien compris ! :)

++

Cuthalion · Answer

Enfete je ne vois pas mon sons monté ( d'habitude j'avais des trait vert quand j'augmenter ou diminué mon sons )  tu as une solution pour sa ?

green day · Answer

est-ce que tu as du son ??

Cuthalion · Answer

oui j'ai du sons mais je ne vois pas la progression du sons

mapitot · Answer

voila l'analyse de combofix: que dois-je faire ?

ComboFix 08-04-18.3 - Maïté 2008-04-19 18:11:54.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.163 [GMT 2:00]
Endroit: C:\Documents and Settings\Maïté\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maïté\new.txt
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whagent.ini
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rlxf.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))))))
.

2008-04-16 19:10 . 2008-04-16 19:10 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.55-7681197L.exe
2008-04-16 19:09 . 2008-04-16 19:09 <REP> d-------- C:\TEMP\ins1.tmp
2008-04-16 19:00 . 2008-04-16 19:00 <REP> d-------- C:\Program Files\F-Secure
2008-04-16 18:35 . 2008-04-16 18:35 <REP> d-------- C:\TEMP\_ISTMP3.DIR
2008-04-16 18:35 . 2008-04-16 18:35 <REP> d-------- C:\TEMP\_ISTMP2.DIR
2008-04-16 18:34 . 2008-04-16 18:48 2,521 --a------ C:\WINDOWS\FSAV.MIF
2008-04-16 12:59 . 2008-04-16 12:59 0 --a------ C:\WINDOWS\autorun.INI
2008-04-16 12:57 . 2008-04-16 12:57 <REP> d-------- C:\TEMP
2008-04-16 12:55 . 2008-04-16 13:31 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-15 17:49 . 2003-03-10 18:52 265,216 --------- C:\WINDOWS\SkyCancel.exe
2008-04-15 17:49 . 2003-03-10 19:01 258,560 --------- C:\WINDOWS\SkyEnd.exe
2008-04-15 17:49 . 2003-03-10 18:49 245,760 --------- C:\WINDOWS\SkyGoOn.exe
2008-04-15 17:49 . 2003-03-10 19:21 182,784 --------- C:\WINDOWS\SkyEnd2.exe
2008-04-15 17:49 . 2008-04-15 17:49 35 --a------ C:\WINDOWS\SkyCD.tmp
2008-04-15 17:49 . 2008-04-15 17:49 28 --a------ C:\WINDOWS\SkyInst.tmp
2008-03-28 10:26 . 2008-03-28 10:26 <REP> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 21:00 364,544 ----a-w C:\WINDOWS\system32\rlls(2).dll
2008-03-09 16:50 712,704 ----a-w C:\WINDOWS\system32\rlph.dll
2008-03-08 08:12 --------- d-----w C:\Program Files\QuickMediaConverter
1999-04-30 14:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2003-01-13 08:55 282,624 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2007-05-22 17:24 80 --sh--r C:\WINDOWS\system32\3ADB60CDD9.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}]
C:\WINDOWS\system32\gzmrt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"Alwact.exe"="" []
"miniMIZE"="D:\Programmes\miniMIZE\miniMIZE.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 10:06 171448]
"MSN MultiConnect"="C:\Program Files\MSN Multiconnect\MSN Multiconnect.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-06-08 08:31 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]
"VTTimer"="VTTimer.exe" [2005-05-13 12:57 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 12:57 143360 C:\WINDOWS\system32\VTTrayp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40 110592]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-01 14:25 421888]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:48 57344]
"SpeedTouch USB Diagnostics"="C:\WINDOWS\Dragdiag.exe" [2004-01-26 11:38 866816]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51 217088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"FLMTRUSTMOUSE"="C:\Program Files\Trust mouse utility\1.0\mouse32a.exe" [2006-03-25 09:06 429568]
"Ulead Memory Card Detector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe" [2002-12-25 19:55 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"pdfw"="C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 23:56 32768]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-29 16:10 185896]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24 106571]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\Sitecom\Logiciel Bluetooth\BTTray.exe [2004-10-01 15:12:18 565309]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2008-04-16 19:10]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2002-04-23 13:23]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2002-12-03 08:36]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2002-04-23 13:23]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-12-05 16:24]
R2 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]

*Newly Created Service* - CATCHME
*Newly Created Service* - FSAA
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 18:14:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-19 18:17:21
ComboFix-quarantined-files.txt 2008-04-19 16:17:16

Pre-Run: 15,241,576,448 octets libres
Post-Run: 15,408,922,624 octets libres

144 --- E O F --- 2008-03-12 20:42:37

green day · Answer

Salut

Télécharge ceci : 

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm 

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum. 

++

GZMRT.DLL manquant

31 réponses

Votre réponse

Discussions similaires

Newsletters