infecté par plein de vers/virus
NUL EN INFORMATIQUE
-
Lyonnais92 -
Lyonnais92 -
Au secours je suis infecté par plein de merde sur windows system 32 c'est avast qui me detecte plein d'adwares cheval De troies et vers/virus dans ce dossier. Je suis resté pendant 2 mois sans antivirus et deuis que j'ai installé avast je suis en panique !!!! Est -ce que quelqu'un qui est fort en informatique pourrait m'expliquer comment me débarasser de toutes ces saloperies, car j'en ai mis quelques une en quarentaine mais il y en a d'aUtres où je ne peu rien faire,je voudrais savoir si la lenteur de mon ordi alor qu'il reste 10go sur le disque dur est liée à ces merDes dans system32?? ET si je reformate mon ordianateur est-ce que l'ordi sera clean mercI beaucoup pour vos reponseS .J'ai vraiment besoin d'aide au secours !!!!!!!!!!!
charlie
charlie
A voir également:
- infecté par plein de vers/virus
- Virus mcafee - Accueil - Piratage
- Windows 7 vers windows 10 - Accueil - Mise à jour
- Clavier qwerty vers azerty - Guide
- Faux message virus iphone ✓ - Forum Virus
- Vers quelle adresse web renvoie ce lien - Guide
204 réponses
bon on va sortir l'artillerie lourde !!
Télécharge Combofix.exe de sUBs sur ton Bureau,
deconecte toi et ferme tes applications!
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.
Poste lerapport dans ta prochaine réponse.
Note : Le rapport se trouve également là : C:\Combofix.txt+
Télécharge Combofix.exe de sUBs sur ton Bureau,
deconecte toi et ferme tes applications!
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.
Poste lerapport dans ta prochaine réponse.
Note : Le rapport se trouve également là : C:\Combofix.txt+
salut vous deux ,
he be que d'infections(j'ai suivi le parcours en entier) vous avez bien bossé!!
pour suivre....
he be que d'infections(j'ai suivi le parcours en entier) vous avez bien bossé!!
pour suivre....
je ne trouve pa le rapport :s le programme s'est lancé a marqué etap1 terminé jusqu'a etape30 terminé puis a redemmarer le systeme au demarrage de la session il s'est lancé puis s'est fermé. comment faire....
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
SA YEST G TROUVER COOL !!!!! tiens voila le rapport ke tu ma demandé.Etape suivante:)
ComboFix 08-01-11.3 - charlie 2008-01-12 20:44:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.39 [GMT 1:00]
Running from: C:\Documents and Settings\charlie\Local Settings\Temporary Internet Files\Content.IE5\EMBTTB8D\ComboFix[1].exe
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\#SharedObjects\QHCB7RXA\www.broadcaster.com
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\#SharedObjects\QHCB7RXA\www.broadcaster.com\bc_video_vars.sol
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\nadege\Application Data\macromedia\Flash Player\#SharedObjects\PBKP2XHR\www.broadcaster.com
C:\Documents and Settings\nadege\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\nadege\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\sylvie\Application Data\macromedia\Flash Player\#SharedObjects\S45GT65G\www.broadcaster.com
C:\Documents and Settings\sylvie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\sylvie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Fichiers communs\{305E7~1
C:\Program Files\Fichiers communs\{305E7~1\toolbardll.lzma
C:\Program Files\Fichiers communs\{305E7~1\UnInstall.exe
C:\Program Files\Fichiers communs\{305E7~1\UnInstall.lzma
C:\Program Files\Fichiers communs\{705E7~1
C:\Program Files\Fichiers communs\uninstall information
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\dmE5.tmp
C:\Program Files\screensavers.com\Installer\temp\pltbinst.exe
C:\Program Files\screensavers.com\Wallpaper\Heidi Klum.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\lnnmp.tmp2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 20:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 19:14 . 2008-01-12 19:37 <REP> d-------- C:\Program Files\Lopxp
2008-01-12 15:17 . 2008-01-12 16:15 <REP> d-------- C:\Program Files\Navilog1
2008-01-12 15:11 . 2008-01-12 15:11 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-12 15:11 . 2008-01-12 15:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-12 15:01 . 2008-01-12 15:09 68 --a------ C:\WINDOWS\nerropl.ini
2008-01-12 15:01 . 2008-01-12 15:09 18 --a------ C:\WINDOWS\pnrebp.ini
2008-01-12 14:47 . 2003-05-15 01:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-01-12 14:47 . 1998-07-13 01:00 32,768 --a------ C:\WINDOWS\system32\CmDlgFR.dll
2008-01-12 12:46 . 2008-01-12 12:46 <REP> d----c--- C:\VundoFix Backups
2008-01-12 12:33 . 2008-01-12 12:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-09 18:12 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-09 18:12 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-09 18:11 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-09 18:11 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-07 18:07 . 2008-01-07 18:07 <REP> d-------- C:\Program Files\chicadmin
2007-12-30 12:34 . 2007-12-30 12:34 <REP> d-------- C:\Documents and Settings\charlie\OngameNetwork
2007-12-19 19:09 . 2008-01-04 13:52 386 --a------ C:\WINDOWS\3DBELOTE2.INI
2007-12-19 18:40 . 2008-01-12 14:38 <REP> d-------- C:\Program Files\3DBELOTE
2007-12-13 20:33 . 2008-01-12 20:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-13 20:33 . 2007-12-13 20:33 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 19:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-01-12 19:16 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-12 16:16 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-12 14:03 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-12 13:05 --------- d-----w C:\Documents and Settings\charlie\Application Data\chicadmin
2008-01-12 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\livegrimsendtrans
2008-01-12 12:28 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-01-12 12:28 --------- d-----w C:\Program Files\QuickTime
2008-01-11 13:39 --------- d-----w C:\Program Files\Windows Live
2008-01-11 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-10 22:20 --------- d-----w C:\Program Files\eMule
2008-01-07 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2007-12-24 09:36 --------- d-----w C:\Documents and Settings\charlie\Application Data\AdobeUM
2007-12-22 11:10 --------- d-----w C:\Program Files\GV AbsoluCasino
2007-12-12 15:54 --------- d-----w C:\Program Files\DivX
2007-12-08 09:00 --------- d-----w C:\Documents and Settings\charlie\Application Data\Viewpoint
2007-12-08 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 17:33 --------- d-----w C:\Program Files\Picasa2
2007-11-26 05:48 --------- d-----w C:\Program Files\lphant
2007-11-13 17:40 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-13 17:35 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 17:28 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-06-21 23:01 5,632 --sha-w C:\Program Files\Thumbs.db
2007-01-19 11:14 3,825 ----a-w C:\Documents and Settings\nadege\texxx.exe
2007-01-18 19:58 3,113 ----a-w C:\Documents and Settings\nadege\texx.exe
2007-01-16 16:06 131,072 ----a-w C:\Documents and Settings\charlie\tset.exe
2007-01-16 14:25 131,072 ----a-w C:\Documents and Settings\sylvie\tset.exe
2006-12-12 19:41 8,759 ----a-w C:\Documents and Settings\sylvie\tel.exe
2006-12-12 19:41 77,824 ----a-w C:\Documents and Settings\sylvie\qsetup.exe
2006-12-08 10:49 77,824 ----a-w C:\Documents and Settings\nadege\ysetup.exe
2006-12-06 12:11 77,824 ----a-w C:\Documents and Settings\nadege\gspot.exe
2006-12-05 21:54 77,824 ----a-w C:\Documents and Settings\sylvie\hset.exe
2006-02-19 11:55 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]
"clock skip"="C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe" [2008-01-07 18:06 435712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 11:26 5566464]
"nwiz"="nwiz.exe" [2005-03-05 11:26 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-12 17:38 180269]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51 217088]
"Desksite CMA"="C:\Program Files\desksite\bin\cma.exe" [ ]
"j5251231"="C:\WINDOWS\system32\j5251231.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"Flag Owns Live Grim"="C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe" [2008-01-12 20:58 1916416]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 18:48 434528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{705E7409-07C5-1036-0504-050406050021}"= "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
C:\WINDOWS\system32\ngcrsttm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a--c--- 2003-05-02 10:31 24576 c:\apps\ABoard\ABoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
C:\WINDOWS\system32\hbgddnnu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
--a------ 2003-11-20 10:38 460800 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUp Destroy]
--a------ 2003-04-22 13:27 1806336 C:\Program Files\PopUp Destroy\Popup-Destroy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
C:\WINDOWS\system32\ujwgqigw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
C:\WINDOWS\system32\mylhmafk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{705E7409-07C5-1036-0504-050406050021}]
C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 PentaxUsb;PENTAX Optio 50L on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 13:34]
S3 PentaxVc;PENTAX Optio 50L Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 13:36]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{401e7a07-94d2-11db-be2a-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01870ba-18cb-11dc-bf94-00032f44e6e1}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd5769e0-8acf-11dc-8887-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-01 11:31:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-12 18:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-01-11 17:14:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2005-09-03 20:27:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-12 19:51:07 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ComboFix 08-01-11.3 - charlie 2008-01-12 20:44:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.39 [GMT 1:00]
Running from: C:\Documents and Settings\charlie\Local Settings\Temporary Internet Files\Content.IE5\EMBTTB8D\ComboFix[1].exe
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\#SharedObjects\QHCB7RXA\www.broadcaster.com
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\#SharedObjects\QHCB7RXA\www.broadcaster.com\bc_video_vars.sol
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\charlie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\nadege\Application Data\macromedia\Flash Player\#SharedObjects\PBKP2XHR\www.broadcaster.com
C:\Documents and Settings\nadege\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\nadege\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\sylvie\Application Data\macromedia\Flash Player\#SharedObjects\S45GT65G\www.broadcaster.com
C:\Documents and Settings\sylvie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\sylvie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Fichiers communs\{305E7~1
C:\Program Files\Fichiers communs\{305E7~1\toolbardll.lzma
C:\Program Files\Fichiers communs\{305E7~1\UnInstall.exe
C:\Program Files\Fichiers communs\{305E7~1\UnInstall.lzma
C:\Program Files\Fichiers communs\{705E7~1
C:\Program Files\Fichiers communs\uninstall information
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\dmE5.tmp
C:\Program Files\screensavers.com\Installer\temp\pltbinst.exe
C:\Program Files\screensavers.com\Wallpaper\Heidi Klum.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\lnnmp.tmp2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 20:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 19:14 . 2008-01-12 19:37 <REP> d-------- C:\Program Files\Lopxp
2008-01-12 15:17 . 2008-01-12 16:15 <REP> d-------- C:\Program Files\Navilog1
2008-01-12 15:11 . 2008-01-12 15:11 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-12 15:11 . 2008-01-12 15:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-12 15:01 . 2008-01-12 15:09 68 --a------ C:\WINDOWS\nerropl.ini
2008-01-12 15:01 . 2008-01-12 15:09 18 --a------ C:\WINDOWS\pnrebp.ini
2008-01-12 14:47 . 2003-05-15 01:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-01-12 14:47 . 1998-07-13 01:00 32,768 --a------ C:\WINDOWS\system32\CmDlgFR.dll
2008-01-12 12:46 . 2008-01-12 12:46 <REP> d----c--- C:\VundoFix Backups
2008-01-12 12:33 . 2008-01-12 12:33 <REP> d-------- C:\Program Files\Trend Micro
2008-01-09 18:12 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-09 18:12 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-09 18:11 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-09 18:11 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-07 18:07 . 2008-01-07 18:07 <REP> d-------- C:\Program Files\chicadmin
2007-12-30 12:34 . 2007-12-30 12:34 <REP> d-------- C:\Documents and Settings\charlie\OngameNetwork
2007-12-19 19:09 . 2008-01-04 13:52 386 --a------ C:\WINDOWS\3DBELOTE2.INI
2007-12-19 18:40 . 2008-01-12 14:38 <REP> d-------- C:\Program Files\3DBELOTE
2007-12-13 20:33 . 2008-01-12 20:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-13 20:33 . 2007-12-13 20:33 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 19:56 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-01-12 19:16 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-12 16:16 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-12 14:03 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-12 13:05 --------- d-----w C:\Documents and Settings\charlie\Application Data\chicadmin
2008-01-12 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\livegrimsendtrans
2008-01-12 12:28 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-01-12 12:28 --------- d-----w C:\Program Files\QuickTime
2008-01-11 13:39 --------- d-----w C:\Program Files\Windows Live
2008-01-11 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-10 22:20 --------- d-----w C:\Program Files\eMule
2008-01-07 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2007-12-24 09:36 --------- d-----w C:\Documents and Settings\charlie\Application Data\AdobeUM
2007-12-22 11:10 --------- d-----w C:\Program Files\GV AbsoluCasino
2007-12-12 15:54 --------- d-----w C:\Program Files\DivX
2007-12-08 09:00 --------- d-----w C:\Documents and Settings\charlie\Application Data\Viewpoint
2007-12-08 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 17:33 --------- d-----w C:\Program Files\Picasa2
2007-11-26 05:48 --------- d-----w C:\Program Files\lphant
2007-11-13 17:40 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-13 17:35 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 17:28 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-06-21 23:01 5,632 --sha-w C:\Program Files\Thumbs.db
2007-01-19 11:14 3,825 ----a-w C:\Documents and Settings\nadege\texxx.exe
2007-01-18 19:58 3,113 ----a-w C:\Documents and Settings\nadege\texx.exe
2007-01-16 16:06 131,072 ----a-w C:\Documents and Settings\charlie\tset.exe
2007-01-16 14:25 131,072 ----a-w C:\Documents and Settings\sylvie\tset.exe
2006-12-12 19:41 8,759 ----a-w C:\Documents and Settings\sylvie\tel.exe
2006-12-12 19:41 77,824 ----a-w C:\Documents and Settings\sylvie\qsetup.exe
2006-12-08 10:49 77,824 ----a-w C:\Documents and Settings\nadege\ysetup.exe
2006-12-06 12:11 77,824 ----a-w C:\Documents and Settings\nadege\gspot.exe
2006-12-05 21:54 77,824 ----a-w C:\Documents and Settings\sylvie\hset.exe
2006-02-19 11:55 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 07:18 307200]
"clock skip"="C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe" [2008-01-07 18:06 435712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 11:26 5566464]
"nwiz"="nwiz.exe" [2005-03-05 11:26 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-12 17:38 180269]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51 217088]
"Desksite CMA"="C:\Program Files\desksite\bin\cma.exe" [ ]
"j5251231"="C:\WINDOWS\system32\j5251231.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"Flag Owns Live Grim"="C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe" [2008-01-12 20:58 1916416]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 18:48 434528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{705E7409-07C5-1036-0504-050406050021}"= "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
C:\WINDOWS\system32\ngcrsttm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a--c--- 2003-05-02 10:31 24576 c:\apps\ABoard\ABoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 09:30 1106944 C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
C:\WINDOWS\system32\hbgddnnu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
--a------ 2003-11-20 10:38 460800 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUp Destroy]
--a------ 2003-04-22 13:27 1806336 C:\Program Files\PopUp Destroy\Popup-Destroy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
C:\WINDOWS\system32\ujwgqigw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
C:\WINDOWS\system32\mylhmafk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{705E7409-07C5-1036-0504-050406050021}]
C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 PentaxUsb;PENTAX Optio 50L on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 13:34]
S3 PentaxVc;PENTAX Optio 50L Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 13:36]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 10:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{401e7a07-94d2-11db-be2a-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a01870ba-18cb-11dc-bf94-00032f44e6e1}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd5769e0-8acf-11dc-8887-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-01 11:31:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-12 18:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-01-11 17:14:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2005-09-03 20:27:51 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-12 19:51:07 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
lol merci pour ton soutien !! tu as vu nous avons bien bosser je commence d'ailleurs a en avoir ras le bol on y est depuis midi kan meme !! heureusement ke j'ai ressu son aide parce ke j'aurai meme pa pu faire le centieme de toute ces procedures...^^
je suis la ! combo ne c'est pas execute correctement recommence le ! deconnect toi , pendant le fix ne touche pas ta souris ni rien ! suis ce que combo t'inque ! copie moi le nouveau rapport combofix !
sa marche pa :( sa me met un message d'erreur:some intallations files are corrupt.Please download a fresh copy and retry the installation. Comment on va faire ??
et lorsque combofix se lance il affiche please wait et ne fait rien j'attends depuis 20 minutes et toujours rien ...
ok ! je me documente en attendant relance hijathis do a scan systeme only coche la case devant ces lignes puis clic sur fix chequed ( hors connection ! )
O4 - HKLM\..\Run: [j5251231] rundll32 C:\WINDOWS\system32\j5251231.dll sook
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe
O4 - HKCU\..\Run: [clock skip] C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe
O4 - HKCU\..\Policies\Explorer\Run: [{705E7409-07C5-1036-0504-050406050021}] "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
O4 - HKLM\..\Run: [j5251231] rundll32 C:\WINDOWS\system32\j5251231.dll sook
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe
O4 - HKCU\..\Run: [clock skip] C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe
O4 - HKCU\..\Policies\Explorer\Run: [{705E7409-07C5-1036-0504-050406050021}] "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
est ce kon a biento?? fini dsl pour c kestions mais je commence a me lasser je n'ai pas l'habitude de passer autant de temps devant l'ordinateur.
je ne peu pas te repondre tout de suite ! essaie ceci !
Suppression d'un service malveillant
« Démarrer » / « Exécuter» / puis tape
sc stop MSControlService valide par ok.
« Démarrer » / « Exécuter» / puis tape
sc delete MSControlService valide par ok.
Suppression d'un service malveillant
« Démarrer » / « Exécuter» / puis tape
sc stop MSControlService valide par ok.
« Démarrer » / « Exécuter» / puis tape
sc delete MSControlService valide par ok.
--
Je suis entrée dans CCM, La cigarette dans une main,
Les Tongs dans l’autre main, Les ***** nus sous la chemise
Je suis entrée dans CCM, La cigarette dans une main,
Les Tongs dans l’autre main, Les ***** nus sous la chemise
c bon je lai fait ya une fenetre noire ki c ouvert et refermé dun coup a chake foi .Bon a demain si t toujour la demain ^^a+ et merci bocou !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
voila marie pk en a tu besoin ??????
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28, on 2008-01-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [j5251231] rundll32 C:\WINDOWS\system32\j5251231.dll sook
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [clock skip] C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe
O4 - HKCU\..\Policies\Explorer\Run: [{705E7409-07C5-1036-0504-050406050021}] "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28, on 2008-01-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [j5251231] rundll32 C:\WINDOWS\system32\j5251231.dll sook
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [clock skip] C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe
O4 - HKCU\..\Policies\Explorer\Run: [{705E7409-07C5-1036-0504-050406050021}] "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Re
3/ Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [j5251231] rundll32 C:\WINDOWS\system32\j5251231.dll sook
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe
O4 - HKCU\..\Run: [clock skip] C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe
O4 - HKCU\..\Policies\Explorer\Run: [{705E7409-07C5-1036-0504-050406050021}] "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
Installe un pare-feu
télécharger la version gratuite de Kerio (avec Avast => moins de conflits)
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
Expose tes soucis si tu en as ....
3/ Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [j5251231] rundll32 C:\WINDOWS\system32\j5251231.dll sook
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\poke wipe.exe
O4 - HKCU\..\Run: [clock skip] C:\DOCUME~1\charlie\APPLIC~1\CHICAD~1\setup two.exe
O4 - HKCU\..\Policies\Explorer\Run: [{705E7409-07C5-1036-0504-050406050021}] "C:\Program Files\Fichiers communs\{705E7409-07C5-1036-0504-050406050021}\Update.exe" mc-110-12-0001411
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab
Installe un pare-feu
télécharger la version gratuite de Kerio (avec Avast => moins de conflits)
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
Expose tes soucis si tu en as ....
