Spyware Résolu/Fermé

Question

Bonjour,
    hier soir je me suis chopé un Spyware, je pense à cause d'un controle ActiveX mal intentionné.

Il a tout de suite fermé toutes les applications, redémarrer mon PC et ensuite bloqué mon antivirus (Kaspersky) et Spybot. Ils sont dont inutilisable pour essayer de supprimer cette saleté! :(
J'ai suivit les conseils trouvé dans les astuces et donc fait un Scan avec BidDefender Online. Mais je ne sais absolument pas ce que ça veut dire, mes compétences s'arrêtent là.

Pouvez-vous m'aider s'il vous plait?

Voici le rapport (j'ai enlevé les Clean) :

Results
 
Identified Viruses 
 20
 
Infected Files 
 37
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 37
 
  
  
 
Engines Info
 
Virus Definitions
 978929
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 16
 
Archive plugins
 41
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 5
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asm.exe
 Detected with: Adware.Altnet.U
 
C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asm.exe
 Deleted
 
C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab
 Update failed
 
C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asmps.dll
 Detected with: Application.Altnetbde.D
 
C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asmps.dll
 Deleted
 
C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab
 Update failed
 
C:\Documents and Settings\Yannick\Local Settings\Temp\GLB1B.tmp
 Detected with: Adware.Ucmore.E
 
C:\Documents and Settings\Yannick\Local Settings\Temp\GLB1B.tmp
 Deleted
 
C:\Documents and Settings\Yannick\Local Settings\Temp\mySetp.exe
 Detected with: Adware.Toolbar.Mywebsearch.O
 
C:\Documents and Settings\Yannick\Local Settings\Temp\mySetp.exe
 Deleted
 
C:\Documents and Settings\Yannick\Local Settings\Temp\p2psetup.exe
 Detected with: Application.P2p.Networking.D
 
C:\Documents and Settings\Yannick\Local Settings\Temp\p2psetup.exe
 Deleted
 
C:\Documents and Settings\Yannick\Local Settings\Temp\us0105.exe
 Infected with: Trojan.Dropper.Small.NCO
 
C:\Documents and Settings\Yannick\Local Settings\Temp\us0105.exe
 Disinfection failed
 
C:\Documents and Settings\Yannick\Local Settings\Temp\us0105.exe
 Deleted
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
 Detected with: Adware.Newdotnet.I
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
 Disinfection failed
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
 Deleted
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_
 Update failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0655736.cpl
 Detected with: Adware.P2pnet.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0655736.cpl
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0655736.cpl
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0657328.cpl
 Detected with: Adware.P2pnet.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0657328.cpl
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0657328.cpl
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP589\A0659017.cpl
 Detected with: Adware.P2pnet.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP589\A0659017.cpl
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP589\A0659017.cpl
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP595\A0666152.cpl
 Detected with: Adware.P2pnet.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP595\A0666152.cpl
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP595\A0666152.cpl
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668342.cpl
 Detected with: Adware.P2pnet.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668342.cpl
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668342.cpl
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668979.exe
 Infected with: Generic.Malware.Yd!dld!sp.11C598DB
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668979.exe
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668979.exe
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668980.sys
 Infected with: Generic.Malware.P!.67AF4A2F
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668980.sys
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668980.sys
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668986.exe
 Infected with: Generic.Malware.Yd!dld!sp.11C598DB
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668986.exe
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668986.exe
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668987.exe
 Infected with: Generic.Malware.Yd!dld!sp.11C598DB
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668987.exe
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668987.exe
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP598\snapshot\MFEX-4.DAT
 Infected with: Trojan.Dropper.Small.NCO
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP598\snapshot\MFEX-4.DAT
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP598\snapshot\MFEX-4.DAT
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP599\snapshot\MFEX-4.DAT
 Infected with: Trojan.Dropper.Small.NCO
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP599\snapshot\MFEX-4.DAT
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP599\snapshot\MFEX-4.DAT
 Deleted
 
C:\WINDOWS\braviax.exe
 Infected with: Generic.Malware.Yd!dld!sp.11C598DB
 
C:\WINDOWS\braviax.exe
 Disinfection failed
 
C:\WINDOWS\braviax.exe
 Deleted
 
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
 Detected with: Adware.P2pnet.B
 
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
 Disinfection failed
 
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
 Deleted
 
C:\WINDOWS\system32\braviax.exe
 Infected with: Generic.Malware.Yd!dld!sp.11C598DB
 
C:\WINDOWS\system32\braviax.exe
 Disinfection failed
 
C:\WINDOWS\system32\braviax.exe
 Deleted
 
C:\WINDOWS\system32\braviax.ex_
 Infected with: Trojan.Dropper.Small.NCO
 
C:\WINDOWS\system32\braviax.ex_
 Disinfection failed
 
C:\WINDOWS\system32\braviax.ex_
 Deleted
 
C:\WINDOWS\system32\dllcache\beep.sys
 Infected with: Generic.Malware.P!.67AF4A2F
 
C:\WINDOWS\system32\dllcache\beep.sys
 Disinfection failed
 
C:\WINDOWS\system32\dllcache\beep.sys
 Deleted
 
C:\WINDOWS\system32\drivers\beep.sys
 Infected with: Generic.Malware.P!.67AF4A2F
 
C:\WINDOWS\system32\drivers\beep.sys
 Disinfection failed
 
C:\WINDOWS\system32\drivers\beep.sys
 Deleted
 
C:\WINDOWS\system32\P2P Networking v126.cpl
 Detected with: Adware.P2pnet.A
 
C:\WINDOWS\system32\P2P Networking v126.cpl
 Disinfection failed
 
C:\WINDOWS\system32\P2P Networking v126.cpl
 Deleted
 
C:\WINDOWS\Temp\Altnet\adm.exe
 Detected with: Application.Altnetbde.E
 
C:\WINDOWS\Temp\Altnet\adm.exe
 Deleted
 
C:\WINDOWS\Temp\Altnet\adm25.dll
 Detected with: Adware.Altnet.A
 
C:\WINDOWS\Temp\Altnet\adm25.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\adm4.dll
 Detected with: Adware.Altnet.A
 
C:\WINDOWS\Temp\Altnet\adm4.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\admdata.dll
 Detected with: Application.Adware.Altnet.B
 
C:\WINDOWS\Temp\Altnet\admdata.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\admdloader.dll
 Detected with: Adware.Brilliantdigital.3039.C
 
C:\WINDOWS\Temp\Altnet\admdloader.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\admfdi.dll
 Detected with: Adware.Altnet.J
 
C:\WINDOWS\Temp\Altnet\admfdi.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\admprog.dll
 Detected with: Adware.Altnet.A
 
C:\WINDOWS\Temp\Altnet\admprog.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\dmfiles.cab=>AltnetUninstall.exe
 Detected with: Application.Altnetbde.C
 
C:\WINDOWS\Temp\Altnet\dmfiles.cab=>AltnetUninstall.exe
 Deleted
 
C:\WINDOWS\Temp\Altnet\dmfiles.cab
 Update failed
 
C:\WINDOWS\Temp\Altnet\dmfiles.cab=>asmend.exe
 Detected with: Application.Altnetbde.A
 
C:\WINDOWS\Temp\Altnet\dmfiles.cab=>asmend.exe
 Deleted
 
C:\WINDOWS\Temp\Altnet\dmfiles.cab
 Update failed
 
C:\WINDOWS\Temp\Altnet\mysearch.cab
 Detected with: Adware.Toolbar.Mywebsearch.O
 
C:\WINDOWS\Temp\Altnet\mysearch.cab
 Deleted
 
C:\WINDOWS\Temp\Altnet\pmexe.cab=>Points Manager.exe
 Detected with: Adware.Altnet.D
 
C:\WINDOWS\Temp\Altnet\pmexe.cab=>Points Manager.exe
 Deleted
 
C:\WINDOWS\Temp\Altnet\pmexe.cab
 Update failed
 
C:\WINDOWS\Temp\Altnet\pmfiles.cab=>sysdetect.dll
 Detected with: Application.Altnetbde.R
 
C:\WINDOWS\Temp\Altnet\pmfiles.cab=>sysdetect.dll
 Deleted
 
C:\WINDOWS\Temp\Altnet\pmfiles.cab
 Update failed
----------------------------------------------------------------------------------

J'ai trouvé un autre rapport:

Scan Info
  
  
 
Scanned Files
 331385
 
Infected Files
 37
 
 

Virus Detected
  
Generic.Malware.P!.67AF4A2F
 3
 
Adware.Ucmore.E
 1
 
Adware.Altnet.A
 3
 
Application.Altnetbde.R
 1
 
Adware.Altnet.D
 1
 
Application.Altnetbde.A
 1
 
Adware.Brilliantdigital.3039.C
 1
 
Adware.Altnet.U
 1
 
Application.Adware.Altnet.B
 1
 
Adware.P2pnet.A
 6
 
Application.Altnetbde.C
 1
 
Adware.P2pnet.B
 1
 
Application.Altnetbde.D
 1
 
Application.Altnetbde.E
 1
 
Generic.Malware.Yd!dld!sp.11C598DB
 5
 
Adware.Toolbar.Mywebsearch.O
 2
 
Adware.Altnet.J
 1
 
Adware.Newdotnet.I
 1
 
Trojan.Dropper.Small.NCO
 4
 
Application.P2p.Networking.D
 1

jlpjlp · Answer

vire le fichier altnet en allant dans poste de travail puis C puis windows si present,

C:\WINDOWS\Temp\Altnet

________________

 colle un rapport hijakchtis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

5tardust · Answer

Merci.

Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:21, on 5/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Yannick\Bureau\Autres programmes\Eden.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.proximus.be/pickx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - 
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

desinstalle bitcomet via ton panneau de configuration si present

________

  relance hijakchtis, fais do a system scan only et fix ces lignes (fix cheked)

O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)


_______________


télécharge OTMoveIt
 http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe    (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\WINDOWS\system32\pbbefrv2.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
C:\Program Files\Helper\1201110269.dll 

_______________________



combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

_________________________



desactiver la restauration systeme
( : demarrer, tous les programmes, outils systeme puis resauration systeme puis desactiver la restauration apres avoir cliquer sur parametre dans la partie gauche)
puis redemarrer l'ordi puis la réactiver 

________________________

recolle un rapport bitdefender  et dis tes soucis

5tardust · Answer

Merci,

Mais avant d'agir je voudrais te poser une question:

Est-ce que si je supprime BitComet, tout les documents téléchargés seront effacés par la même occasion?

jlpjlp · Answer

je sias pas
si tu as beaucoups de fichier garde le pour l'instant et ne supprime pas encore ces lignes mais fais le reste


O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

5tardust · Answer

Youhou! :D

En fait, j'ai d'hébord supprimé le fichier (C:\WINDOWS\Temp\Altnet) comme tu l'avais demandé en tout premier lieu.

Puis j'ai désinstaller BitComet (je n'ai pas perdu les fichier téléchargés) et on m'a ensuite demandé de redémarrer mon PC, c'est ce que j'ai fait. Au démarrage mon Antivirus (Kaspersky) s'est allumé et a tout de suite détecter le spyware et je l'ai supprimé. :)

Spybot s'est débloqué, j'ai pu le lancer sans problème, il a tout vérifié.

Tout semble rentré dans l'ordre mais je vais quand même exécuter les étapes suivantes pour être sûr qu'il n'y ait plus de danger.

Merci beaucoup pour ton aide. :)

5tardust · Answer

OTMoveIt : File/Folder C:\WINDOWS\system32\pbbefrv2.dll not found. OTMoveIt2 v1.0.17 log created on 02052008_171854 Je pense qu'il a été supprimé grâce à hijakchtis, quand je l'ai fixé. ----------------------------------------------------------- Combofix : ComboFix 08-02.05.3 - Yannick 2008-02-05 16:59:08.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.718 [GMT 1:00] Endroit: C:\Documents and Settings\Yannick\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))))))) . 2008-02-05 16:46 . 2008-02-05 16:46 d-------- C:\_OTMoveIt 2008-02-05 14:38 . 2008-02-05 14:44 d-------- C:\Program Files\Trend Micro 2008-02-05 14:25 . 2008-02-05 14:56 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-05 04:05 . 2008-02-05 13:31 d-------- C:\WINDOWS\BDOSCAN8 2008-02-05 03:57 . 2008-02-05 03:57 d-------- C:\Program Files\CCleaner 2008-02-05 03:03 . 2008-02-05 03:03 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-05 02:49 . 2008-02-05 02:49 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-05 02:38 . 2008-02-05 02:38 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-05 02:26 . 2008-02-05 02:32 51,419 --a------ C:\WINDOWS\system32\winivstr.exe 2008-02-05 02:22 . 2008-02-05 02:40 6,144 --a------ C:\WINDOWS\system32\cru629.dat 2008-02-05 02:22 . 2008-02-05 02:40 6,144 --a------ C:\WINDOWS\cru629.dat 2008-01-19 18:38 . 2008-01-19 18:38 d-------- C:\Documents and Settings\Yannick\render 2008-01-14 16:27 . 2008-01-14 16:27 d-------- C:\Program Files\ING 2008-01-10 22:45 . 2008-01-10 22:45 d-------- C:\Program Files\Sony Ericsson 2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe 2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini 2008-01-05 22:46 . 2006-11-30 15:11 4,128 -ra------ C:\WINDOWS\system32\drivers\se46cr.sys 2008-01-05 22:45 . 2006-11-30 15:11 90,800 -ra------ C:\WINDOWS\system32\drivers\se46unic.sys 2008-01-05 22:45 . 2006-11-30 15:11 88,624 -ra------ C:\WINDOWS\system32\drivers\se46mgmt.sys 2008-01-05 22:45 . 2006-11-30 15:11 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cmnt.sys 2008-01-05 22:45 . 2006-11-30 15:11 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cm.sys 2008-01-05 20:48 . 2006-11-30 15:11 61,536 -ra------ C:\WINDOWS\system32\drivers\se46bus.sys 2008-01-05 20:48 . 2006-11-30 15:11 5,872 -ra------ C:\WINDOWS\system32\drivers\se46whnt.sys 2008-01-05 20:48 . 2006-11-30 15:11 5,872 -ra------ C:\WINDOWS\system32\drivers\se46wh.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 16:03 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd2557.sys 2008-02-05 15:58 --------- d-----w C:\Documents and Settings\Yannick\Application Data\Skype 2008-02-05 15:46 --------- d-----w C:\Program Files\Dynamic Toolbar 2008-02-05 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-05 14:25 --------- d-----w C:\Program Files\BitComet 2008-02-05 01:46 24,576 ----a-w C:\WINDOWS\system32\drivers\rmc.exe 2008-01-24 21:14 --------- d-----w C:\Program Files\Dialang 2007-12-28 22:53 --------- d-----w C:\Documents and Settings\Yannick\Application Data\AdobeUM 2007-12-25 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-25 17:33 --------- d-----w C:\Documents and Settings\Yannick\Application Data\dvdcss 2007-12-25 15:34 --------- d-----w C:\Program Files\DVD Shrink 2007-12-25 15:12 --------- d-----w C:\Program Files\Free Easy Burner 2007-12-23 17:28 --------- d-----w C:\Program Files\TVUPlayer 2007-12-23 17:27 --------- d-----w C:\Documents and Settings\Yannick\Application Data\TVU Networks 2007-12-22 16:22 --------- d-----w C:\Program Files\MSN Messenger 2007-12-22 16:22 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-21 22:15 --------- d-----w C:\Documents and Settings\Yannick\Application Data\OpenOffice.org2 2007-12-11 17:48 --------- d-----w C:\Program Files\MSECache 2006-01-27 12:38 1,567 ----a-w C:\Program Files\uninstal.log . [color=red]Files Infected - Win32.Agent.zb/color C:\WINDOWS\system32\drivers\RMC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\apps\skype\Phone\Skype.exe" [2007-07-02 16:10 23237416] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-05 02:46 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2008-02-05 15:26 94311] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168] "RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2008-02-05 02:46 24576] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-02-05 02:46 102490] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-05 02:46 708698] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-05 02:46 180269] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-04-12 00:10 65536 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2005-05-11 12:48 127118 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] --a------ 2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC] --a------ 2008-02-05 02:46 24576 C:\WINDOWS\system32\drivers\RMC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-04-12 22:21 14156800 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2008-02-05 02:46 708698 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2008-02-05 02:46 102490 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-05 02:46 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "brmfrmps"=2 (0x2) "xmlprov"=3 (0x3) "WmiApSrv"=3 (0x3) "WmdmPmSN"=3 (0x3) "VSS"=3 (0x3) "UPS"=3 (0x3) "upnphost"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "SCardSvr"=3 (0x3) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasAuto"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "Netlogon"=3 (0x3) "MSIServer"=3 (0x3) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "ImapiService"=3 (0x3) "HTTPFilter"=3 (0x3) "dmserver"=3 (0x3) "COMSysApp"=3 (0x3) "CiSvc"=3 (0x3) "BITS"=3 (0x3) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "dmadmin"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "CyberLink Media Library Service"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-02-28 13:28] R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 14:24] R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys [2005-11-28 20:55] R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 01:48] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28] S3 Gonzales;Gonzales;C:\WINDOWS\system32\DRIVERS\Gonzales.sys [2005-12-13 14:10] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11] S3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 14:24] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-31 12:48:03 C:\WINDOWS\Tasks\HDReg.job" - c:\Apps\HDReg\HDRegRem.exe "2008-02-05 15:16:08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FBDAA898-DE20-4CAF-A66C-00166603A974}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-05 17:05:56 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 2549 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\slserv.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\apps\skype\Plugin Manager\skypePM.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-05 17:12:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-05 16:11:44 . 2008-02-05 15:34:49 --- E O F --- --------------------------------------------------------------- Je ne sais pas comment désactiver la restauration du systeme. :(

jlpjlp · Answer

pour la restuaration tu vas dans demarrer (comme pour eteindre l'ordi), puis tous les programmes, outils systeme puis resauration systeme puis desactiver la restauration apres avoir cliquer sur parametre dans la partie gauche)
puis redemarrer l'ordi puis la réactiver

________________________

recolle un rapport bitdefender et dis tes soucis

5tardust · Answer

J'ai coché la désactivation de la restauration du systeme.

Mais ils me demandent:

- restaurer mon ordinateur à une heure antérieure

ou

- créer un point de restauration

Je choisi quoi?

jlpjlp · Answer

aucun surtout!!!


il te faut clqiuer sur "parametre de la restauration du systeme " ecrit en bleu dans la partie gauche en bas du texte

5tardust · Answer

Voilà, j'ai redémarrer mon PC, et réactivé la restauration du systeme.
Il est en état de "surveillance".

Il ne reste plus qu'à refaire une analyse BitDefender.

Est-ce que je peux supprimer tout les programmes que j'ai téléchargés?
(ex: OTMoveIt, ComboFix etc.)

jlpjlp · Answer

tu peux les virer maintenant ou apres la procedure

a plus

5tardust · Answer

Voilà le résultat du dernier scan :

Scanned File
  Status
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
 Detected with: Adware.Newdotnet.AT
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
 Disinfection failed
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
 Deleted
 
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_
 Update failed

Ce n'est pas la première fois que je remarque ce NewDotNet sur mon PC. Comment faire pour le supprimer une bonne fois pour toute et pour éviter de le rechoper si possible?

En tout cas je te fais un tout grand MERCI car je n'aurais probablement pas su faire ça moi même.
Si jamais moi ou un de mes potes a un problème je recommanderai ce site sans aucun doute. :)

jlpjlp · Answer

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :



C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

___________________

scan avec:

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

________________

recolle un rapport hiajkchtis et un nouveau bitdefender et dis tes soucis actuels

5tardust · Answer

Rapport de OTMoveIt :

C:\Program Files\support.com\backup
e
ewdotnet7_22.dll\614400_50b7ee307_ moved successfully.
C:\Program Files\support.com\backup
e
ewdotnet7_22.dll moved successfully.
 
OTMoveIt2 v1.0.18 log created on 02072008_031146

    Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:51, on 7/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\apps\skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\apps\skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32	askmgr.exe
C:\Documents and Settings\Yannick\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.proximus.be/pickx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [HDReg] c:\Apps\HDReg\HDRegApp.exe -r
O4 - HKCU\..\Run: [Skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - 
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

vire ce qui est dans moved files en allant dans poste de travail puis c...
 
C:\_OTMoveIt\MovedFiles.

__________

recolle un rapport hiajkchtis et un nouveau bitdefender et dis tes soucis actuels


_______________

pour virer des processus au demarrage:
tu va dans DEMARRER puis EXECUTER et   tape     msconfig   ensuite dans l'onglet DEMARRER tu decoche ce que tu ne veux pas , au demarrage suivant de l'ordi accepte ce qui est demandé

______

5tardust · Answer

Désolé pour le retard.

Le scan Bitdefender n'a rien trouvé.

Voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:26, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\slserv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\RMC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\apps\skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Yannick\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.1.1:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - 
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

ok c'est bon



mets juste a jour java: DEMARRER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR

_______________




en plus de kaspersky tu peux mettre spybot et ccleaner (pour effacer une fois par semaine tes traces de surf)



spybot : 

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html 




CCLEANER: sans installer la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html











bonne continuation

5tardust · Answer

Je ne suis pas un pro, mais d'après moi le problème s'est résolu grâce à la suppression du fichier "Altnet" (C:\WINDOWS\Temp\Altnet).
Et aussi, je crois, grâce à la désinstallation de Bitcomet.

Encore un tout grand merci à jlpjlp pour son aide précieuse.

jlpjlp · Answer

ok

bonne suite!

rolie2000 · Answer

voilà mon problème mon antivirus Bitdefender vient de me signaler que j'avais chopé plusieurs spyware
Application.Altnetbde.D, Adware.Altnet.U mais il n'arrive pas à les supprimer comment faire?

Spyware

21 réponses

Discussions similaires