Sujet Précédent Sujet Suivant

Demande analyse Hijack

karine -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,

bonjour,

Mon antivirus "Avast" a détecté aujourd'hui un tas de chevaux de troie sur mon ordinateur. J'ai déjà rencontré le problème et j'ai donc scanné mon micro avec Avast. J'ai mis en quarantaine tous ces chevaux de troie et ensuite Avast les a "déplacé avec succès" (environ une quinzaine...) mais à l'exception de deux ou il m'indique "erreur". J'ai fais un scan hijack this et voici le résultat :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:16, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\FreeBot\freebot.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A} - (no file)
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\MSN Messenger\htc.8.1.0178.00.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\jfnuafbp.dll",realset
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-823518204-2000478354-839522115-1004 Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe (User '?')
O4 - Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://karyndu93karine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: hggeffd - C:\WINDOWS\
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
A voir également:

55 réponses

Réponse 1 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir Karine,

en effet ton rapport montre plusieurs choses
relance hijack et coche ceci
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/fr/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: (no name) - {7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A} - (no file)
O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\MSN Messenger\htc.8.1.0178.00.dll (file missing)
O2 - BHO: (no name) - {9A853E36-4A35-4DBF-9C03-AD9423798E35} - (no file)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://karyndu93karine.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: hggeffd - C:\WINDOWS\
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
ensuite clic sur fix checked

ensuite Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
@+

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Réponse 2 / 55
karine
 
Bonsoir,

Merci pour ta réponse

"ensuite Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4 "

Je suis désolée le lien ne fonctionne pas.
0
Réponse 3 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
oui en effet je ne sais pas trop pourquoi pour le moment
fait ce qui suit avec combofix
@+
0
Réponse 4 / 55
karine
 
ca y est j'ai réussi a lancer vundo il scan il scan il scan... je te tiens au courant
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
ok j'attends
@+
0
Réponse 6 / 55
karine
 
voici le rapport vundo

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 23:01:22 06/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\fegjjoiw.dll
C:\WINDOWS\system32\fwolnrch.dll
C:\WINDOWS\system32\hggeffd.dll
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\kiyuwknp.dll
C:\WINDOWS\system32\ndihwfap.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pnkwuyik.ini
C:\WINDOWS\system32\qvxrlodd.dll
C:\WINDOWS\system32\rqrpmlm.dll
C:\WINDOWS\system32\vvvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\awvvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fegjjoiw.dll
C:\WINDOWS\system32\fegjjoiw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwolnrch.dll
C:\WINDOWS\system32\fwolnrch.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggeffd.dll
C:\WINDOWS\system32\hggeffd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kiyuwknp.dll
C:\WINDOWS\system32\kiyuwknp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ndihwfap.dll
C:\WINDOWS\system32\ndihwfap.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pnkwuyik.ini
C:\WINDOWS\system32\pnkwuyik.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qvxrlodd.dll
C:\WINDOWS\system32\qvxrlodd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrpmlm.dll
C:\WINDOWS\system32\rqrpmlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 23:53:30 06/06/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.4.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 19:10:50 07/06/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 21:47:53 23/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\jfnuafbp.dll
C:\WINDOWS\system32\pbfaunfj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pbfaunfj.ini
C:\WINDOWS\system32\pbfaunfj.ini Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 7 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
très bien maintenant passe à combofix
@+
0
Réponse 8 / 55
karine
 
Voici le rapport combo fix (merci !!!)

ComboFix 08-01-23.2 - UTILISATEUR 2008-01-23 22:54:32.2 - NTFSx86

Endroit: C:\Documents and Settings\UTILISATEUR\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\UTILISATEUR\Application Data\DriveCleaner Free
C:\Documents and Settings\UTILISATEUR\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\UTILISATEUR\err.log
C:\Documents and Settings\UTILISATEUR\ResErrors.log
C:\WINDOWS\system32\kbvvddq_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 22:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:16 . 2008-01-23 21:16 11,354 --a------ C:\hijack
2008-01-23 20:04 . 2008-01-23 20:04 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 16:34 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-19 16:33 . 2008-01-19 16:34 <REP> d-------- C:\Program Files\Shareaza Applications
2007-12-28 20:01 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\ZyDAS Technology Corporation
2007-12-26 19:34 . 2005-08-17 14:43 330,240 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2007-12-26 19:34 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2007-12-26 19:34 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2007-12-26 19:34 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2007-12-26 19:34 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2007-12-26 19:34 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2007-12-26 19:34 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-12-26 19:34 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-12-26 19:34 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2007-12-26 19:34 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2007-12-26 19:30 . 2007-12-26 19:30 <REP> d-------- C:\Program Files\Datel

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 22:20 --------- d-----w C:\Program Files\adslTV
2008-01-13 20:31 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-01-09 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 11:40 --------- d-----w C:\Program Files\Pinnacle
2007-12-28 19:01 --------- d-----w C:\Program Files\Windows Live
2007-12-19 20:03 --------- d-----w C:\Program Files\eMule
2007-12-16 16:10 --------- d-----w C:\Program Files\Freeplayer
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 17:04 --------- d-----w C:\Program Files\Samsung
2007-11-25 11:06 --------- d-----w C:\Program Files\Disney Interactive
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-06-10 09:04 210 -c--a-w C:\Program Files\2KS3PKHR.bat
2007-05-16 19:14 12,339,245 -c--a-w C:\Program Files\PW171.SIT
2007-02-08 20:28 38,414 -c--a-w C:\Program Files\NeoOffice-2.0_Aqua_Beta_3-PowerPC.dmg.torrent
2007-01-29 13:31 1,418,349 ----a-w C:\Program Files\20040614142407625_5.1Driver.zip
2007-01-29 08:15 6,196,681 -c--a-w C:\Program Files\BitTorrent-5.0.5.exe
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_22.47.12,84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 21:51:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 11:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{196C3A46-4758-433D-A600-802C804AF39C}

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [2007-12-23 11:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04 1415824]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 18:19 57344]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25 257088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 15:59 77824]
"Spyware-Secure"="C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe" [ ]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 17:28 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

C:\Documents and Settings\UTILISATEUR\Menu D‚marrer\Programmes\D‚marrage\
FreeBot.lnk - C:\Program Files\FreeBot\freebot.exe [2006-04-04 12:17:08 2480440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-04-27 10:25 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
C:\WINDOWS\system32\jfnuafbp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhwztui]
c:\windows\system32\xhwztui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec1a0fa-2c27-11db-b960-000b6ae85475}]
\Shell\AutoRun\command - RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-01 15:02:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 21:14:12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
0
Réponse 9 / 55
karine
 
bonne nuit je suis fatiguée... à demain j'espère pour ton aide précieuse.
0
Réponse 10 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
ok pour moi pas avant demain soir 19ou20h

je te donne la suite plus tard
@+
0
Réponse 11 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

[-HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffd]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhwztui]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhwztui]

File::

c:\windows\system32\xhwztui.exe
C:\WINDOWS\system32\jfnuafbp.dll

=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 12 / 55
karine
 
Bonjour

Merci une fois encore de ton aide. j'execute ce que tu me demandes et je reviens vers toi rapidement.
0
Réponse 13 / 55
karine
 
Voici le resultat

ComboFix 08-01-23.2 - UTILISATEUR 2008-01-24 17:37:14.3 - NTFSx86

Endroit: C:\Documents and Settings\UTILISATEUR\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\UTILISATEUR\Bureau\CFScript.txt

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\WINDOWS\system32\jfnuafbp.dll
c:\windows\system32\xhwztui.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\UTILISATEUR\Application Data\DriveCleaner Free
C:\Documents and Settings\UTILISATEUR\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\UTILISATEUR\err.log
C:\Documents and Settings\UTILISATEUR\ResErrors.log
C:\WINDOWS\system32\kbvvddq_navps.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))))))))
.

2008-01-24 16:07 . 2008-01-24 16:07 <REP> d-------- C:\WINDOWS\LastGood
2008-01-23 23:01 . 2008-01-23 23:01 145 --a------ C:\Raccourci vers Lecteur CD.lnk
2008-01-23 22:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 21:16 . 2008-01-23 21:16 11,354 --a------ C:\hijack
2008-01-23 20:04 . 2008-01-23 20:04 <REP> d-------- C:\Program Files\Trend Micro
2008-01-19 16:34 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-19 16:33 . 2008-01-19 16:34 <REP> d-------- C:\Program Files\Shareaza Applications
2007-12-28 20:01 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\ZyDAS Technology Corporation
2007-12-26 19:34 . 2005-08-17 14:43 330,240 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys
2007-12-26 19:34 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2007-12-26 19:34 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2007-12-26 19:34 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2007-12-26 19:34 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2007-12-26 19:34 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2007-12-26 19:34 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2007-12-26 19:34 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2007-12-26 19:34 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2007-12-26 19:34 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL
2007-12-26 19:30 . 2007-12-26 19:30 <REP> d-------- C:\Program Files\Datel

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 09:02 --------- d-----w C:\Program Files\adslTV
2008-01-13 20:31 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-01-09 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 11:40 --------- d-----w C:\Program Files\Pinnacle
2007-12-28 19:01 --------- d-----w C:\Program Files\Windows Live
2007-12-19 20:03 --------- d-----w C:\Program Files\eMule
2007-12-16 16:10 --------- d-----w C:\Program Files\Freeplayer
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 17:04 --------- d-----w C:\Program Files\Samsung
2007-11-25 11:06 --------- d-----w C:\Program Files\Disney Interactive
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-06-10 09:04 210 -c--a-w C:\Program Files\2KS3PKHR.bat
2007-05-16 19:14 12,339,245 -c--a-w C:\Program Files\PW171.SIT
2007-02-08 20:28 38,414 -c--a-w C:\Program Files\NeoOffice-2.0_Aqua_Beta_3-PowerPC.dmg.torrent
2007-01-29 13:31 1,418,349 ----a-w C:\Program Files\20040614142407625_5.1Driver.zip
2007-01-29 08:15 6,196,681 -c--a-w C:\Program Files\BitTorrent-5.0.5.exe
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_22.47.12,84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 21:44:05 528,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-24 16:36:49 528,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 21:44:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-24 16:36:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 21:44:05 528,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-24 16:36:49 528,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 21:44:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-24 16:36:49 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 21:44:06 6,873,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-24 16:36:49 6,873,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-23 21:44:06 192,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 16:36:49 192,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-23 17:36:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_698.dat
+ 2008-01-24 15:02:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]
2007-12-23 11:26 394688 --a------ C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{196C3A46-4758-433D-A600-802C804AF39C}

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{196C3A46-4758-433D-A600-802C804AF39C}"= C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll [2007-12-23 11:26 480704]

[HKEY_CLASSES_ROOT\clsid\{196c3a46-4758-433d-a600-802c804af39c}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{89807A16-AC31-4449-AB91-06A753813543}]
[HKEY_CLASSES_ROOT\ShareazaMediaBar.StockBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04 1415824]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 18:19 57344]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25 257088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 15:59 77824]
"Spyware-Secure"="C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe" [ ]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 17:28 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

C:\Documents and Settings\UTILISATEUR\Menu D‚marrer\Programmes\D‚marrage\
FreeBot.lnk - C:\Program Files\FreeBot\freebot.exe [2006-04-04 12:17:08 2480440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnli]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-04-27 10:25 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
C:\WINDOWS\system32\jfnuafbp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhwztui]
c:\windows\system32\xhwztui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec1a0fa-2c27-11db-b960-000b6ae85475}]
\Shell\AutoRun\command - RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-01 15:02:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-24 16:14:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
0
Réponse 14 / 55
karine
 
" [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] "

qu'est ce que cela signifie dans le rapport ?
0
Réponse 15 / 55
karine
 
Bonsoir
Es tu de retour ?
0
Réponse 16 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir Karine

je ne finit malheuresement pas de bonheur le travail ;-)

pour ce message regarde ici https://www.zebulon.fr/dossiers/windows/61-console-de-recuperation.html

refais hijack stp
@+
0
Réponse 17 / 55
karine
 
Pas de souci

Je n'ai pas de fichier cmdcons dans mon ordi... et quand je tape l'accès sans cd je ne trouve pas le dossier... c'est grave docteur ???
0
Réponse 18 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
non ne t'inquiéte pas pour ça

refais hijack stp
0
Réponse 19 / 55
karine
 
scan hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\adslTV\adsltv.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-21-823518204-2000478354-839522115-1004\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-823518204-2000478354-839522115-1004 Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe (User '?')
O4 - Startup: FreeBot.lnk = C:\Program Files\FreeBot\freebot.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: hggeffd - C:\WINDOWS\
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
0
Réponse 20 / 55
ep44 Messages postés 7432 Statut Contributeur 3
 
relance hijack et coche ceci
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/fr/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7CA7DB6D-266C-4CF5-90B7-1FB15B86EC3A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: hggeffd - C:\WINDOWS\
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
ensuite clic sur fix checked
un tuto pour l'aide regarde sur fixer les lignes
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

ensuite Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

=> Installer
=> Le lancer
=> Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport
@+
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Page qui s’ouvre toute seule
Dolphie -
Manon -

5 réponses