Win32:bho-kd [TRJ]

seifer -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Mon ordinateur est infecté depuis 2 semaines par Win32:BHO-KD [trj] Avast le détecte mais ne réussit ni à le supprimer, ni à le mettre en quarantaine Est ce que quelqu'un a une solution ? Merci beaucoup pour vos réponses
Configuration: Windows XP

16 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge sur le bureau
    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    => Double-clic dessus
    => installe
    => Clic Do a system scan and save the log
    => coller le rapport
    si problème voir l'aide
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    @+
    0
  2. seifer
     
    Merci pour ta réponse

    Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:02:24, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Apps\Powercinema\PCMService.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1243E8C7-1468-4CB5-990A-1369B3D70894} - C:\WINDOWS\system32\ssqpn.dll (file missing)
    O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {98F02F40-3C00-4C5A-984D-5485184BDF0F} - C:\WINDOWS\system32\apcup.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {e67b9660-8930-440f-a084-7977bfdcf458} - C:\WINDOWS\system32\osojcntr.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SYSTRAV] newbreed.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [newbreed] dialer423.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [dmdud.exe] C:\WINDOWS\system32\dmdud.exe
    O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A37407C0-03D9-460C-9CC5-52907F4DE565}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    @+
    0
  4. seifer
     
    bonsoir voila le rapport : ComboFix 08-01-16.4 - cyril.h 2008-01-16 20:13:56.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.184 [GMT 1:00]
    Running from: C:\Documents and Settings\cyril.h\Local Settings\Temporary Internet Files\Content.IE5\EWRWEQEM\ComboFix[1].exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-14 19:54 . 2008-01-15 13:37 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Microsoft Games
    2008-01-14 19:35 . 2008-01-14 19:35 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Skype
    2008-01-10 19:54 . 2008-01-10 19:54 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Apple Computer
    2008-01-10 17:31 . 2008-01-10 17:31 <REP> d-------- C:\VundoFix Backups
    2008-01-10 16:42 . 2008-01-10 16:53 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 23:53 . 2008-01-09 23:53 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-09 21:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-09 14:34 . 2008-01-09 14:34 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\OD2
    2008-01-09 03:41 . 2008-01-09 03:41 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\InterTrust
    2008-01-09 03:35 . 2008-01-09 03:35 <REP> d----c--- C:\Documents and Settings\cyril~h\LOCALS~1
    2008-01-09 00:55 . 2008-01-09 00:55 268 --ah----- C:\sqmdata17.sqm
    2008-01-09 00:55 . 2008-01-09 00:55 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-09 00:49 . 2008-01-09 01:48 <REP> d----c--- C:\Documents and Settings\cyril.h\Contacts
    2008-01-09 00:48 . 2008-01-09 00:48 268 --ah----- C:\sqmdata16.sqm
    2008-01-09 00:48 . 2008-01-09 00:48 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-08 20:09 . 2008-01-16 11:44 <REP> d----c--- C:\Documents and Settings\cyril.h\Shared
    2008-01-08 20:09 . 2008-01-16 13:25 <REP> d----c--- C:\Documents and Settings\cyril.h\Incomplete
    2008-01-08 20:09 . 2008-01-16 05:38 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\LimeWire
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage réseau
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage d'impression
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Modèles
    2008-01-08 18:21 . 2008-01-11 05:27 <REP> dr---c--- C:\Documents and Settings\cyril.h\Mes documents
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> dr---c--- C:\Documents and Settings\cyril.h\Menu Démarrer
    2008-01-08 18:21 . 2008-01-16 02:16 <REP> dr---c--- C:\Documents and Settings\cyril.h\Favoris
    2008-01-08 18:21 . 2008-01-16 05:54 <REP> dr---c--- C:\Documents and Settings\cyril.h\Bureau
    2008-01-08 18:21 . 2005-08-09 16:14 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\You've Got Pictures Screensaver
    2008-01-08 18:21 . 2005-08-09 16:07 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Symantec
    2008-01-05 03:57 . 2008-01-07 13:00 474 ---hs---- C:\WINDOWS\system32\pljreune.ini
    2008-01-05 02:56 . 2008-01-05 02:56 <REP> d----c--- C:\Program Files\Glory of the Roman Empire - DEMO
    2008-01-03 03:26 . 2008-01-03 03:26 268 --ah----- C:\sqmdata15.sqm
    2008-01-03 03:26 . 2008-01-03 03:26 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 15:34 . 2008-01-01 15:34 268 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:34 . 2008-01-01 15:34 244 --ah----- C:\sqmnoopt14.sqm
    2008-01-01 15:33 . 2008-01-05 02:06 714 ---hs---- C:\WINDOWS\system32\uolfpfwt.ini
    2007-12-30 21:42 . 2007-12-30 21:42 268 --ah----- C:\sqmdata13.sqm
    2007-12-30 21:42 . 2007-12-30 21:42 244 --ah----- C:\sqmnoopt13.sqm
    2007-12-29 21:04 . 2007-12-29 21:04 268 --ah----- C:\sqmdata12.sqm
    2007-12-29 21:04 . 2007-12-29 21:04 244 --ah----- C:\sqmnoopt12.sqm
    2007-12-29 14:33 . 2007-12-29 14:33 268 --ah----- C:\sqmdata11.sqm
    2007-12-29 14:33 . 2007-12-29 14:33 244 --ah----- C:\sqmnoopt11.sqm
    2007-12-29 02:58 . 2007-12-29 02:58 90,176 -----c--- C:\WINDOWS\system32\nvdbnmya.dll
    2007-12-29 02:58 . 2007-12-29 14:22 1,126 ---hs---- C:\WINDOWS\system32\aymnbdvn.ini
    2007-12-29 02:55 . 2007-12-29 02:55 77,888 --a--c--- C:\WINDOWS\system32\bxwiuxjx.dll
    2007-12-28 23:16 . 2007-12-28 23:16 268 --ah----- C:\sqmdata10.sqm
    2007-12-28 23:16 . 2007-12-28 23:16 244 --ah----- C:\sqmnoopt10.sqm
    2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\system32\118290.54
    2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\118294.78
    2007-12-28 02:53 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2007-12-28 02:53 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2007-12-28 02:53 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2007-12-28 01:40 . 2007-12-28 01:40 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\vlc
    2007-12-28 01:31 . 2007-12-28 01:31 268 --ah----- C:\sqmdata09.sqm
    2007-12-28 01:31 . 2007-12-28 01:31 244 --ah----- C:\sqmnoopt09.sqm
    2007-12-28 01:15 . 19,456 C:\WINDOWS\system32\drivers\rgqgrrfd.dat
    2007-12-28 01:14 . 2004-08-05 13:00 84,992 --a--c--- C:\WINDOWS\system32\apcup.dll
    2007-12-28 01:14 . 2007-12-28 01:14 268 --ah----- C:\sqmdata08.sqm
    2007-12-28 01:14 . 2007-12-28 01:14 244 --ah----- C:\sqmnoopt08.sqm
    2007-12-27 18:06 . 2007-12-27 18:06 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\Motive
    2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm
    2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm
    2007-12-26 13:56 . 2007-12-26 13:56 77,376 --a--c--- C:\WINDOWS\system32\osojcntr.dll
    2007-12-26 13:53 . 2007-12-29 02:53 1,006 ---hs---- C:\WINDOWS\system32\hshsqrus.ini
    2007-12-25 13:57 . 2007-12-26 01:31 714 ---hs---- C:\WINDOWS\system32\gxjysujb.ini
    2007-12-25 07:42 . 2007-12-25 07:42 474 ---hs---- C:\WINDOWS\system32\ikoofnnl.ini
    2007-12-23 22:56 . 2007-12-25 07:37 414 ---hs---- C:\WINDOWS\system32\xyfwyugf.ini
    2007-12-22 22:06 . 2007-12-29 21:06 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-22 20:28 . 2007-12-22 20:28 268 --ah----- C:\sqmdata06.sqm
    2007-12-22 20:28 . 2007-12-22 20:28 244 --ah----- C:\sqmnoopt06.sqm
    2007-12-17 18:14 . 2007-12-17 18:14 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
    2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
    2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
    2007-12-17 14:11 . 2007-12-17 14:11 268 --ah----- C:\sqmdata05.sqm
    2007-12-17 14:11 . 2007-12-17 14:11 244 --ah----- C:\sqmnoopt05.sqm
    2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI2=No
    2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI1=No

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 00:56 --------- dc----w C:\Program Files\Messenger Plus! Live
    2008-01-15 03:49 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
    2008-01-14 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-14 18:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
    2008-01-14 18:50 --------- d-----w C:\Program Files\Microsoft Games
    2008-01-10 16:29 --------- dc----w C:\Program Files\Trend Micro
    2008-01-09 02:50 --------- dc----w C:\Program Files\AOL 8.0
    2008-01-08 00:35 --------- dc----w C:\Program Files\AOL Toolbar
    2008-01-08 00:35 --------- dc----w C:\Program Files\AOL 9.0
    2008-01-08 00:33 --------- d-----w C:\Program Files\DivX
    2008-01-08 00:33 --------- d-----w C:\Program Files\AIM
    2008-01-03 04:30 --------- dc----w C:\Program Files\AOL 9.0a
    2008-01-03 04:29 --------- dc----w C:\Program Files\GameSpy Arcade
    2008-01-03 04:29 --------- d-----w C:\Program Files\SLD Codec Pack
    2008-01-03 04:29 --------- d-----w C:\Program Files\JVTorrent
    2007-12-31 02:46 --------- d-----w C:\Program Files\Capturino V1.3
    2007-12-31 02:43 --------- d-----w C:\Program Files\Every Toolbar 1.1
    2007-12-27 16:20 --------- d-----w C:\Program Files\Google
    2007-12-23 14:45 --------- dc----w C:\Program Files\Dial-Messenger
    2007-12-18 08:53 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-17 16:47 --------- dc----w C:\Program Files\PlayMP3z
    2007-12-15 22:16 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-15 22:16 --------- dc----w C:\Program Files\Dcads Games Collection
    2007-12-15 18:47 134 ----a-w C:\n.bat
    2007-12-15 18:46 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
    2007-12-12 10:31 --------- dc----w C:\Program Files\iTunes
    2007-12-12 10:31 --------- dc----w C:\Program Files\iPod
    2007-12-12 10:28 --------- dc----w C:\Program Files\QuickTime
    2007-12-10 18:47 303,104 ----a-w C:\WINDOWS\system32\dcads_sidebar.dll
    2007-12-05 19:06 --------- dc----w C:\Program Files\Samsung
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 -c--a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-29 19:52 --------- dc----w C:\Program Files\American Conquest
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    2006-03-07 17:44 560 -c--a-w C:\Program Files\Global.sw
    2006-10-18 00:11 88 --sh--r C:\WINDOWS\system32\1B8B9650E2.sys
    2006-10-18 00:27 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-10_21.38.27.67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-09 20:21:55 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-16 19:13:18 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-16 19:13:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-09 20:21:55 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-16 19:13:18 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-16 19:13:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-09 20:21:55 1,536,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    + 2008-01-16 19:13:18 1,822,720 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    - 2008-01-09 20:21:55 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-16 19:13:18 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-14 22:18:05 57,344 ----a-r C:\WINDOWS\Installer\{15292416-A464-4FBA-BB96-7298EAACFC07}\ARPPRODUCTICON.exe
    - 2007-12-12 10:32:05 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
    + 2008-01-10 18:54:35 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
    - 2008-01-09 17:01:22 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-10 19:33:26 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-09 17:01:22 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-10 19:33:27 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-09 17:01:22 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-10 19:33:27 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-09 17:01:22 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-10 19:33:27 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-15 12:30:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1243E8C7-1468-4CB5-990A-1369B3D70894}]
    C:\WINDOWS\system32\ssqpn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-10 19:47 303104 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98F02F40-3C00-4C5A-984D-5485184BDF0F}]
    2004-08-05 13:00 84992 --a--c--- C:\WINDOWS\system32\apcup.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e67b9660-8930-440f-a084-7977bfdcf458}]
    2007-12-26 13:56 77376 --a--c--- C:\WINDOWS\system32\osojcntr.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 14:13 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-09 16:05 180269]
    "SYSTRAV"="newbreed.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "SiSPower"="SiSPower.dll" [2005-01-04 15:54 49152 C:\WINDOWS\system32\SiSPower.dll]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 04:52 36864]
    "PopUp Destroy"="C:\Program Files\PopUp Destroy\Popup-Destroy.exe" [ ]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
    "newbreed"="dialer423.exe" []
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
    "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 14:43 98304]
    "Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 15:50 40960]
    "Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:39 53248]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "dmdud.exe"="C:\WINDOWS\system32\dmdud.exe" [ ]
    "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="lsass.exe"

    R0 qqioyxbp;qqioyxbp;C:\WINDOWS\system32\drivers\rgqgrrfd.dat []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-10-20 20:57]
    S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 13:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-16 07:50:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-10-03 11:04:45 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-16 20:18:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-16 20:20:00
    ComboFix-quarantined-files.txt 2008-01-16 19:19:36
    ComboFix2.txt 2008-01-10 19:22:19
    ComboFix3.txt 2008-01-10 17:26:08
    ComboFix4.txt 2008-01-10 17:18:02
    ComboFix5.txt 2008-01-10 20:53:30
    .
    2008-01-09 05:03:20 --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    driver::

    rgqgrrfd.dat

    registry::

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1243E8C7-1468-4CB5-990A-1369B3D70894}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98F02F40-3C00-4C5A-984D-5485184BDF0F}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e67b9660-8930-440f-a084-7977bfdcf458}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dmdud.exe"=-
    "newbreed"=-
    "SYSTRAV"=-

    File::

    C:\WINDOWS\system32\pljreune.ini
    C:\WINDOWS\system32\uolfpfwt.ini
    C:\WINDOWS\system32\nvdbnmya.dll
    C:\WINDOWS\system32\aymnbdvn.ini
    C:\WINDOWS\system32\bxwiuxjx.dll
    C:\WINDOWS\system32\osojcntr.dll
    C:\WINDOWS\system32\hshsqrus.ini
    C:\WINDOWS\system32\gxjysujb.ini
    C:\WINDOWS\system32\ikoofnnl.ini
    C:\WINDOWS\system32\xyfwyugf.ini
    C:\WINDOWS\system32\drivers\rgqgrrfd.dat


    => Copie le texte sélectionné (CTRL+C).
    => Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    => Colle le texte copié dans ce bloc-notes (CTRL+V).
    => Sauvegarde ce fichier sous le nom de CFScript.txt
    => Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    => Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    => Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    => Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    => Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @+
    0
  7. seifer
     
    ComboFix 08-01-17.3 - cyril.h 2008-01-17 2:36:37.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.295 [GMT 1:00]
    Running from: C:\Documents and Settings\cyril.h\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\cyril.h\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\aymnbdvn.ini
    C:\WINDOWS\system32\bxwiuxjx.dll
    C:\WINDOWS\system32\drivers\rgqgrrfd.dat
    C:\WINDOWS\system32\gxjysujb.ini
    C:\WINDOWS\system32\hshsqrus.ini
    C:\WINDOWS\system32\ikoofnnl.ini
    C:\WINDOWS\system32\nvdbnmya.dll
    C:\WINDOWS\system32\osojcntr.dll
    C:\WINDOWS\system32\pljreune.ini
    C:\WINDOWS\system32\uolfpfwt.ini
    C:\WINDOWS\system32\xyfwyugf.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\aymnbdvn.ini
    C:\WINDOWS\system32\bxwiuxjx.dll
    C:\WINDOWS\system32\drivers\rgqgrrfd.dat
    C:\WINDOWS\system32\gxjysujb.ini
    C:\WINDOWS\system32\hshsqrus.ini
    C:\WINDOWS\system32\ikoofnnl.ini
    C:\WINDOWS\system32\nvdbnmya.dll
    C:\WINDOWS\system32\osojcntr.dll
    C:\WINDOWS\system32\pljreune.ini
    C:\WINDOWS\system32\uolfpfwt.ini
    C:\WINDOWS\system32\xyfwyugf.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-14 19:54 . 2008-01-15 13:37 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Microsoft Games
    2008-01-14 19:35 . 2008-01-14 19:35 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Skype
    2008-01-10 19:54 . 2008-01-10 19:54 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Apple Computer
    2008-01-10 17:31 . 2008-01-10 17:31 <REP> d-------- C:\VundoFix Backups
    2008-01-10 16:42 . 2008-01-10 16:53 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 23:53 . 2008-01-09 23:53 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-09 21:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-09 14:34 . 2008-01-09 14:34 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\OD2
    2008-01-09 03:41 . 2008-01-09 03:41 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\InterTrust
    2008-01-09 03:35 . 2008-01-09 03:35 <REP> d----c--- C:\Documents and Settings\cyril~h\LOCALS~1
    2008-01-09 00:55 . 2008-01-09 00:55 268 --ah----- C:\sqmdata17.sqm
    2008-01-09 00:55 . 2008-01-09 00:55 244 --ah----- C:\sqmnoopt17.sqm
    2008-01-09 00:49 . 2008-01-09 01:48 <REP> d----c--- C:\Documents and Settings\cyril.h\Contacts
    2008-01-09 00:48 . 2008-01-09 00:48 268 --ah----- C:\sqmdata16.sqm
    2008-01-09 00:48 . 2008-01-09 00:48 244 --ah----- C:\sqmnoopt16.sqm
    2008-01-08 20:09 . 2008-01-16 11:44 <REP> d----c--- C:\Documents and Settings\cyril.h\Shared
    2008-01-08 20:09 . 2008-01-16 13:25 <REP> d----c--- C:\Documents and Settings\cyril.h\Incomplete
    2008-01-08 20:09 . 2008-01-16 05:38 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\LimeWire
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage r‚seau
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage d'impression
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\ModŠles
    2008-01-08 18:21 . 2008-01-11 05:27 <REP> dr---c--- C:\Documents and Settings\cyril.h\Mes documents
    2008-01-08 18:21 . 2004-08-16 16:55 <REP> dr---c--- C:\Documents and Settings\cyril.h\Menu D‚marrer
    2008-01-08 18:21 . 2008-01-16 02:16 <REP> dr---c--- C:\Documents and Settings\cyril.h\Favoris
    2008-01-08 18:21 . 2008-01-17 02:44 <REP> dr---c--- C:\Documents and Settings\cyril.h\Bureau
    2008-01-08 18:21 . 2005-08-09 16:14 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\You've Got Pictures Screensaver
    2008-01-08 18:21 . 2005-08-09 16:07 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Symantec
    2008-01-05 02:56 . 2008-01-05 02:56 <REP> d----c--- C:\Program Files\Glory of the Roman Empire - DEMO
    2008-01-03 03:26 . 2008-01-03 03:26 268 --ah----- C:\sqmdata15.sqm
    2008-01-03 03:26 . 2008-01-03 03:26 244 --ah----- C:\sqmnoopt15.sqm
    2008-01-01 15:34 . 2008-01-01 15:34 268 --ah----- C:\sqmdata14.sqm
    2008-01-01 15:34 . 2008-01-01 15:34 244 --ah----- C:\sqmnoopt14.sqm
    2007-12-30 21:42 . 2007-12-30 21:42 268 --ah----- C:\sqmdata13.sqm
    2007-12-30 21:42 . 2007-12-30 21:42 244 --ah----- C:\sqmnoopt13.sqm
    2007-12-29 21:04 . 2007-12-29 21:04 268 --ah----- C:\sqmdata12.sqm
    2007-12-29 21:04 . 2007-12-29 21:04 244 --ah----- C:\sqmnoopt12.sqm
    2007-12-29 14:33 . 2007-12-29 14:33 268 --ah----- C:\sqmdata11.sqm
    2007-12-29 14:33 . 2007-12-29 14:33 244 --ah----- C:\sqmnoopt11.sqm
    2007-12-28 23:16 . 2007-12-28 23:16 268 --ah----- C:\sqmdata10.sqm
    2007-12-28 23:16 . 2007-12-28 23:16 244 --ah----- C:\sqmnoopt10.sqm
    2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\system32\118290.54
    2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\118294.78
    2007-12-28 02:53 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2007-12-28 02:53 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2007-12-28 02:53 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2007-12-28 01:40 . 2007-12-28 01:40 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\vlc
    2007-12-28 01:31 . 2007-12-28 01:31 268 --ah----- C:\sqmdata09.sqm
    2007-12-28 01:31 . 2007-12-28 01:31 244 --ah----- C:\sqmnoopt09.sqm
    2007-12-28 01:14 . 2004-08-05 13:00 84,992 --a--c--- C:\WINDOWS\system32\apcup.dll
    2007-12-28 01:14 . 2007-12-28 01:14 268 --ah----- C:\sqmdata08.sqm
    2007-12-28 01:14 . 2007-12-28 01:14 244 --ah----- C:\sqmnoopt08.sqm
    2007-12-27 18:06 . 2007-12-27 18:06 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\Motive
    2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm
    2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm
    2007-12-22 22:06 . 2007-12-29 21:06 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-22 20:28 . 2007-12-22 20:28 268 --ah----- C:\sqmdata06.sqm
    2007-12-22 20:28 . 2007-12-22 20:28 244 --ah----- C:\sqmnoopt06.sqm
    2007-12-17 18:14 . 2007-12-17 18:14 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
    2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
    2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
    2007-12-17 14:11 . 2007-12-17 14:11 268 --ah----- C:\sqmdata05.sqm
    2007-12-17 14:11 . 2007-12-17 14:11 244 --ah----- C:\sqmnoopt05.sqm
    2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI2=No
    2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI1=No

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-16 00:56 --------- dc----w C:\Program Files\Messenger Plus! Live
    2008-01-14 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-14 18:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
    2008-01-14 18:50 --------- d-----w C:\Program Files\Microsoft Games
    2008-01-10 16:29 --------- dc----w C:\Program Files\Trend Micro
    2008-01-09 02:50 --------- dc----w C:\Program Files\AOL 8.0
    2008-01-08 00:35 --------- dc----w C:\Program Files\AOL Toolbar
    2008-01-08 00:35 --------- dc----w C:\Program Files\AOL 9.0
    2008-01-08 00:33 --------- d-----w C:\Program Files\DivX
    2008-01-08 00:33 --------- d-----w C:\Program Files\AIM
    2008-01-03 04:30 --------- dc----w C:\Program Files\AOL 9.0a
    2008-01-03 04:29 --------- dc----w C:\Program Files\GameSpy Arcade
    2008-01-03 04:29 --------- d-----w C:\Program Files\SLD Codec Pack
    2008-01-03 04:29 --------- d-----w C:\Program Files\JVTorrent
    2007-12-31 02:46 --------- d-----w C:\Program Files\Capturino V1.3
    2007-12-31 02:43 --------- d-----w C:\Program Files\Every Toolbar 1.1
    2007-12-27 16:20 --------- d-----w C:\Program Files\Google
    2007-12-23 14:45 --------- dc----w C:\Program Files\Dial-Messenger
    2007-12-17 16:47 --------- dc----w C:\Program Files\PlayMP3z
    2007-12-15 22:16 --------- dc----w C:\Program Files\Dcads Games Collection
    2007-12-15 18:47 134 ----a-w C:\n.bat
    2007-12-12 10:31 --------- dc----w C:\Program Files\iTunes
    2007-12-12 10:31 --------- dc----w C:\Program Files\iPod
    2007-12-12 10:28 --------- dc----w C:\Program Files\QuickTime
    2007-12-05 19:06 --------- dc----w C:\Program Files\Samsung
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-29 19:52 --------- dc----w C:\Program Files\American Conquest
    2006-03-07 17:44 560 -c--a-w C:\Program Files\Global.sw
    2006-10-18 00:11 88 --sh--r C:\WINDOWS\system32\1B8B9650E2.sys
    2006-10-18 00:27 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-10_21.38.27.67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-09 20:21:55 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-01-17 01:35:58 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
    - 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-01-17 01:35:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
    - 2008-01-09 20:21:55 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    + 2008-01-17 01:35:58 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
    - 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    + 2008-01-17 01:35:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
    - 2008-01-09 20:21:55 1,536,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    + 2008-01-17 01:35:58 1,822,720 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
    - 2008-01-09 20:21:55 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-17 01:35:58 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
    + 2008-01-14 22:18:05 57,344 ----a-r C:\WINDOWS\Installer\{15292416-A464-4FBA-BB96-7298EAACFC07}\ARPPRODUCTICON.exe
    - 2007-12-12 10:32:05 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
    + 2008-01-10 18:54:35 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
    - 2008-01-09 16:28:01 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
    + 2008-01-15 03:49:10 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
    - 2008-01-09 17:01:22 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-10 19:33:26 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-09 17:01:22 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-10 19:33:27 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-09 17:01:22 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-10 19:33:27 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-09 17:01:22 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-10 19:33:27 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-17 01:43:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4d0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 14:13 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-09 16:05 180269]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "SiSPower"="SiSPower.dll" [2005-01-04 15:54 49152 C:\WINDOWS\system32\SiSPower.dll]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 04:52 36864]
    "PopUp Destroy"="C:\Program Files\PopUp Destroy\Popup-Destroy.exe" [ ]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
    "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 14:43 98304]
    "Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 15:50 40960]
    "Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:39 53248]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"="lsass.exe"

    S0 qqioyxbp;qqioyxbp;C:\WINDOWS\system32\drivers\rgqgrrfd.dat []
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-10-20 20:57]
    S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 13:00]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-16 07:50:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-10-03 11:04:45 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 02:44:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 2:48:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-17 01:48:21
    ComboFix2.txt 2008-01-16 19:20:01
    ComboFix3.txt 2008-01-10 19:22:19
    ComboFix4.txt 2008-01-10 17:26:08
    ComboFix5.txt 2008-01-10 17:18:02
    .
    2008-01-09 05:03:20 --- E O F ---
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

    => Installer
    => Le lancer
    => Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    => Dans ANALYSE ( en forme de loupe )
    => Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    => Clic : Analyse complète du système
    -------
    => à la fin du scan ( qui est assez long)
    => Clic Appliquer toutes les actions <== ceci Très important
    => Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport

    @+
    0
  9. seifer
     
    re ep44
    Mission accomplie : le fichier win32:bho-kd [TRJ] avast ne le detecte +
    Dois je refaire une autre manipulation ? Merci encore ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 02:42:53 18/01/2008

    + Résultat de l'analyse:

    C:\Program Files\Messenger\rtesej.html -> Hijacker.IFrame.dn : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@adengage[1].txt -> TrackingCookie.Adengage : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@ads.adengage[2].txt -> TrackingCookie.Adengage : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\cyril.h\Cookies\cyril.h@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
    C:\WINDOWS\system32\apcup.dll -> Trojan.BHO.agz : Nettoyé.

    Fin du rapport
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    oui maintenant fais un scan antivirus en ligne avec Internet Explorer
    https://www.bitdefender.fr/

    => En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    => Dans la nouvelle fenêtre, clique sur I agree
    => La fenêtre change encore, clique sur Click here to scan
    => Les signatures se chargent, etc.
    => copie colle le résultat ici

    tuto en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    et
    reposte un nouveau rapport hijackthis

    @+
    0
  11. SOFI
     
    bonsoir,

    désoler de m'inserrer dans votre fenetre mais je n'arrive plus a retrouver mon ancienne, je voulais remercier ep44 pour sont aide j'ai reformater mon pc et tout va mieu encore merci! et dsl
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir SOFI,

    Désolé mais je ne te retrouve pas dans mes sujets traités

     j'ai reformater mon pc et tout va mieu encore merci! et ds


    je ne pense pas avoir conseillé de formater un pc

    mais bon si ton soucis est résolu

    content pour toi

    bon courage pour la suite
    @+ ;-)
    0
  13. seifer02
     
    bonsoir ep44 dsl du retare de ma reponse voila le rapport : Temps
    01:01:31

    Fichiers
    347892

    Directoires
    7349

    Secteurs de boot
    3

    Archives
    7488

    Paquets programmes
    13137

    Résultats

    Virus identifiés
    4

    Fichiers infectés
    11

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    11

    Info sur les moteurs

    Définition virus
    894459

    Version des moteurs
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\QooBox\Quarantine\C\WINDOWS\system32\dsdsefwd.dll.vir
    Infecté par: Trojan.Vundo.DUP

    C:\QooBox\Quarantine\C\WINDOWS\system32\dsdsefwd.dll.vir
    Echec de la désinfection

    C:\QooBox\Quarantine\C\WINDOWS\system32\dsdsefwd.dll.vir
    Supprimé

    C:\QooBox\Quarantine\C\WINDOWS\system32\fdinecir.dll.vir
    Infecté par: Trojan.Vundo.DUP

    C:\QooBox\Quarantine\C\WINDOWS\system32\fdinecir.dll.vir
    Echec de la désinfection

    C:\QooBox\Quarantine\C\WINDOWS\system32\fdinecir.dll.vir
    Supprimé

    C:\QooBox\Quarantine\C\WINDOWS\system32\pcotxctg.dll.vir
    Infecté par: Trojan.Vundo.DVC

    C:\QooBox\Quarantine\C\WINDOWS\system32\pcotxctg.dll.vir
    Echec de la désinfection

    C:\QooBox\Quarantine\C\WINDOWS\system32\pcotxctg.dll.vir
    Supprimé

    C:\QooBox\Quarantine\C\WINDOWS\system32\rjhilrxu.dll.vir
    Infecté par: Trojan.Vundo.DVC

    C:\QooBox\Quarantine\C\WINDOWS\system32\rjhilrxu.dll.vir
    Echec de la désinfection

    C:\QooBox\Quarantine\C\WINDOWS\system32\rjhilrxu.dll.vir
    Supprimé

    C:\QooBox\Quarantine\C\WINDOWS\system32\wtbikyhx.dll.vir
    Infecté par: Trojan.Vundo.DVC

    C:\QooBox\Quarantine\C\WINDOWS\system32\wtbikyhx.dll.vir
    Echec de la désinfection

    C:\QooBox\Quarantine\C\WINDOWS\system32\wtbikyhx.dll.vir
    Supprimé

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>bxwiuxjx.dll
    Infecté par: Trojan.Vundo.DVA

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>bxwiuxjx.dll
    Echec de la désinfection

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>bxwiuxjx.dll
    Supprimé

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip
    Mis à jour

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>nvdbnmya.dll
    Infecté par: Trojan.Vundo.DUP

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>nvdbnmya.dll
    Echec de la désinfection

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>nvdbnmya.dll
    Supprimé

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip
    Mis à jour

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>osojcntr.dll
    Infecté par: Trojan.Vundo.DVC

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>osojcntr.dll
    Echec de la désinfection

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>osojcntr.dll
    Supprimé

    C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip
    Mis à jour

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000239.dll
    Infecté par: Trojan.Vundo.DVC

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000239.dll
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000239.dll
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000241.dll
    Infecté par: Trojan.Vundo.DVC

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000241.dll
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000241.dll
    Supprimé

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0002323.dll
    Infecté par: Trojan.Spy.Bzub.NGP

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0002323.dll
    Echec de la désinfection

    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0002323.dll
    Supprimé
    0
  14. seifer02
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:16:39, on 30/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Apps\Powercinema\PCMService.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A37407C0-03D9-460C-9CC5-52907F4DE565}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    relance hijack et coche ceci
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    ensuite clic sur fix checked

    ensuite va ici et supprime
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    redémarre ton pc et dit moi si tu as encore des soucis
    @+
    0
  16. seifer02
     
    bonsoir non ya plus de probleme tous et nikel merci beaucoup pour ton aide ep44
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir très bien donc Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite
    @+
    0