Spyware

Résolu
5tardust Messages postés 45 Statut Membre -  
 rolie2000 -
Bonjour,
hier soir je me suis chopé un Spyware, je pense à cause d'un controle ActiveX mal intentionné.

Il a tout de suite fermé toutes les applications, redémarrer mon PC et ensuite bloqué mon antivirus (Kaspersky) et Spybot. Ils sont dont inutilisable pour essayer de supprimer cette saleté! :(
J'ai suivit les conseils trouvé dans les astuces et donc fait un Scan avec BidDefender Online. Mais je ne sais absolument pas ce que ça veut dire, mes compétences s'arrêtent là.

Pouvez-vous m'aider s'il vous plait?

Voici le rapport (j'ai enlevé les Clean) :

Results

Identified Viruses
20

Infected Files
37

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
37

Engines Info

Virus Definitions
978929

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asm.exe
Detected with: Adware.Altnet.U

C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asm.exe
Deleted

C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab
Update failed

C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asmps.dll
Detected with: Application.Altnetbde.D

C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab=>asmps.dll
Deleted

C:\Documents and Settings\Yannick\Local Settings\Temp\asmfiles.cab
Update failed

C:\Documents and Settings\Yannick\Local Settings\Temp\GLB1B.tmp
Detected with: Adware.Ucmore.E

C:\Documents and Settings\Yannick\Local Settings\Temp\GLB1B.tmp
Deleted

C:\Documents and Settings\Yannick\Local Settings\Temp\mySetp.exe
Detected with: Adware.Toolbar.Mywebsearch.O

C:\Documents and Settings\Yannick\Local Settings\Temp\mySetp.exe
Deleted

C:\Documents and Settings\Yannick\Local Settings\Temp\p2psetup.exe
Detected with: Application.P2p.Networking.D

C:\Documents and Settings\Yannick\Local Settings\Temp\p2psetup.exe
Deleted

C:\Documents and Settings\Yannick\Local Settings\Temp\us0105.exe
Infected with: Trojan.Dropper.Small.NCO

C:\Documents and Settings\Yannick\Local Settings\Temp\us0105.exe
Disinfection failed

C:\Documents and Settings\Yannick\Local Settings\Temp\us0105.exe
Deleted

C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
Detected with: Adware.Newdotnet.I

C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
Disinfection failed

C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
Deleted

C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_
Update failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0655736.cpl
Detected with: Adware.P2pnet.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0655736.cpl
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0655736.cpl
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0657328.cpl
Detected with: Adware.P2pnet.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0657328.cpl
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP588\A0657328.cpl
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP589\A0659017.cpl
Detected with: Adware.P2pnet.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP589\A0659017.cpl
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP589\A0659017.cpl
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP595\A0666152.cpl
Detected with: Adware.P2pnet.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP595\A0666152.cpl
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP595\A0666152.cpl
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668342.cpl
Detected with: Adware.P2pnet.A

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668342.cpl
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668342.cpl
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668979.exe
Infected with: Generic.Malware.Yd!dld!sp.11C598DB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668979.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668979.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668980.sys
Infected with: Generic.Malware.P!.67AF4A2F

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668980.sys
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668980.sys
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668986.exe
Infected with: Generic.Malware.Yd!dld!sp.11C598DB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668986.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668986.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668987.exe
Infected with: Generic.Malware.Yd!dld!sp.11C598DB

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668987.exe
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP597\A0668987.exe
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP598\snapshot\MFEX-4.DAT
Infected with: Trojan.Dropper.Small.NCO

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP598\snapshot\MFEX-4.DAT
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP598\snapshot\MFEX-4.DAT
Deleted

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP599\snapshot\MFEX-4.DAT
Infected with: Trojan.Dropper.Small.NCO

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP599\snapshot\MFEX-4.DAT
Disinfection failed

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP599\snapshot\MFEX-4.DAT
Deleted

C:\WINDOWS\braviax.exe
Infected with: Generic.Malware.Yd!dld!sp.11C598DB

C:\WINDOWS\braviax.exe
Disinfection failed

C:\WINDOWS\braviax.exe
Deleted

C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Detected with: Adware.P2pnet.B

C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Disinfection failed

C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Deleted

C:\WINDOWS\system32\braviax.exe
Infected with: Generic.Malware.Yd!dld!sp.11C598DB

C:\WINDOWS\system32\braviax.exe
Disinfection failed

C:\WINDOWS\system32\braviax.exe
Deleted

C:\WINDOWS\system32\braviax.ex_
Infected with: Trojan.Dropper.Small.NCO

C:\WINDOWS\system32\braviax.ex_
Disinfection failed

C:\WINDOWS\system32\braviax.ex_
Deleted

C:\WINDOWS\system32\dllcache\beep.sys
Infected with: Generic.Malware.P!.67AF4A2F

C:\WINDOWS\system32\dllcache\beep.sys
Disinfection failed

C:\WINDOWS\system32\dllcache\beep.sys
Deleted

C:\WINDOWS\system32\drivers\beep.sys
Infected with: Generic.Malware.P!.67AF4A2F

C:\WINDOWS\system32\drivers\beep.sys
Disinfection failed

C:\WINDOWS\system32\drivers\beep.sys
Deleted

C:\WINDOWS\system32\P2P Networking v126.cpl
Detected with: Adware.P2pnet.A

C:\WINDOWS\system32\P2P Networking v126.cpl
Disinfection failed

C:\WINDOWS\system32\P2P Networking v126.cpl
Deleted

C:\WINDOWS\Temp\Altnet\adm.exe
Detected with: Application.Altnetbde.E

C:\WINDOWS\Temp\Altnet\adm.exe
Deleted

C:\WINDOWS\Temp\Altnet\adm25.dll
Detected with: Adware.Altnet.A

C:\WINDOWS\Temp\Altnet\adm25.dll
Deleted

C:\WINDOWS\Temp\Altnet\adm4.dll
Detected with: Adware.Altnet.A

C:\WINDOWS\Temp\Altnet\adm4.dll
Deleted

C:\WINDOWS\Temp\Altnet\admdata.dll
Detected with: Application.Adware.Altnet.B

C:\WINDOWS\Temp\Altnet\admdata.dll
Deleted

C:\WINDOWS\Temp\Altnet\admdloader.dll
Detected with: Adware.Brilliantdigital.3039.C

C:\WINDOWS\Temp\Altnet\admdloader.dll
Deleted

C:\WINDOWS\Temp\Altnet\admfdi.dll
Detected with: Adware.Altnet.J

C:\WINDOWS\Temp\Altnet\admfdi.dll
Deleted

C:\WINDOWS\Temp\Altnet\admprog.dll
Detected with: Adware.Altnet.A

C:\WINDOWS\Temp\Altnet\admprog.dll
Deleted

C:\WINDOWS\Temp\Altnet\dmfiles.cab=>AltnetUninstall.exe
Detected with: Application.Altnetbde.C

C:\WINDOWS\Temp\Altnet\dmfiles.cab=>AltnetUninstall.exe
Deleted

C:\WINDOWS\Temp\Altnet\dmfiles.cab
Update failed

C:\WINDOWS\Temp\Altnet\dmfiles.cab=>asmend.exe
Detected with: Application.Altnetbde.A

C:\WINDOWS\Temp\Altnet\dmfiles.cab=>asmend.exe
Deleted

C:\WINDOWS\Temp\Altnet\dmfiles.cab
Update failed

C:\WINDOWS\Temp\Altnet\mysearch.cab
Detected with: Adware.Toolbar.Mywebsearch.O

C:\WINDOWS\Temp\Altnet\mysearch.cab
Deleted

C:\WINDOWS\Temp\Altnet\pmexe.cab=>Points Manager.exe
Detected with: Adware.Altnet.D

C:\WINDOWS\Temp\Altnet\pmexe.cab=>Points Manager.exe
Deleted

C:\WINDOWS\Temp\Altnet\pmexe.cab
Update failed

C:\WINDOWS\Temp\Altnet\pmfiles.cab=>sysdetect.dll
Detected with: Application.Altnetbde.R

C:\WINDOWS\Temp\Altnet\pmfiles.cab=>sysdetect.dll
Deleted

C:\WINDOWS\Temp\Altnet\pmfiles.cab
Update failed
Configuration: Windows XP
Internet Explorer 7.0

----------------------------------------------------------------------------------

J'ai trouvé un autre rapport:

Scan Info

Scanned Files
331385

Infected Files
37

Virus Detected

Generic.Malware.P!.67AF4A2F
3

Adware.Ucmore.E
1

Adware.Altnet.A
3

Application.Altnetbde.R
1

Adware.Altnet.D
1

Application.Altnetbde.A
1

Adware.Brilliantdigital.3039.C
1

Adware.Altnet.U
1

Application.Adware.Altnet.B
1

Adware.P2pnet.A
6

Application.Altnetbde.C
1

Adware.P2pnet.B
1

Application.Altnetbde.D
1

Application.Altnetbde.E
1

Generic.Malware.Yd!dld!sp.11C598DB
5

Adware.Toolbar.Mywebsearch.O
2

Adware.Altnet.J
1

Adware.Newdotnet.I
1

Trojan.Dropper.Small.NCO
4

Application.P2p.Networking.D
1

21 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire le fichier altnet en allant dans poste de travail puis C puis windows si present,

    C:\WINDOWS\Temp\Altnet

    ________________

    colle un rapport hijakchtis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  2. 5tardust
     
    Merci.

    Voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:45:21, on 5/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\drivers\RMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Yannick\Bureau\Autres programmes\Eden.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.proximus.be/pickx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.1.1:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll
    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/zpagames/zpa_pool.cab36107.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - AppInit_DLLs: cru629.dat
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desinstalle bitcomet via ton panneau de configuration si present

    ________

    relance hijakchtis, fais do a system scan only et fix ces lignes (fix cheked)

    O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll
    O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

    _______________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\pbbefrv2.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    C:\Program Files\Helper\1201110269.dll

    _______________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _________________________

    desactiver la restauration systeme
    ( : demarrer, tous les programmes, outils systeme puis resauration systeme puis desactiver la restauration apres avoir cliquer sur parametre dans la partie gauche)
    puis redemarrer l'ordi puis la réactiver

    ________________________

    recolle un rapport bitdefender et dis tes soucis
    0
  4. 5tardust Messages postés 45 Statut Membre 1
     
    Merci,

    Mais avant d'agir je voudrais te poser une question:

    Est-ce que si je supprime BitComet, tout les documents téléchargés seront effacés par la même occasion?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    je sias pas
    si tu as beaucoups de fichier garde le pour l'instant et ne supprime pas encore ces lignes mais fais le reste

    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    0
  7. 5tardust Messages postés 45 Statut Membre 1
     
    Youhou! :D

    En fait, j'ai d'hébord supprimé le fichier (C:\WINDOWS\Temp\Altnet) comme tu l'avais demandé en tout premier lieu.

    Puis j'ai désinstaller BitComet (je n'ai pas perdu les fichier téléchargés) et on m'a ensuite demandé de redémarrer mon PC, c'est ce que j'ai fait. Au démarrage mon Antivirus (Kaspersky) s'est allumé et a tout de suite détecter le spyware et je l'ai supprimé. :)

    Spybot s'est débloqué, j'ai pu le lancer sans problème, il a tout vérifié.

    Tout semble rentré dans l'ordre mais je vais quand même exécuter les étapes suivantes pour être sûr qu'il n'y ait plus de danger.

    Merci beaucoup pour ton aide. :)
    0
  8. 5tardust Messages postés 45 Statut Membre 1
     
    OTMoveIt :

    File/Folder C:\WINDOWS\system32\pbbefrv2.dll not found.

    OTMoveIt2 v1.0.17 log created on 02052008_171854


    Je pense qu'il a été supprimé grâce à hijakchtis, quand je l'ai fixé.

    -----------------------------------------------------------

    Combofix :

    ComboFix 08-02.05.3 - Yannick 2008-02-05 16:59:08.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.718 [GMT 1:00]
    Endroit: C:\Documents and Settings\Yannick\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Fonts\acrsecB.fon
    C:\WINDOWS\Fonts\acrsecI.fon

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-05 16:46 . 2008-02-05 16:46 <REP> d-------- C:\_OTMoveIt
    2008-02-05 14:38 . 2008-02-05 14:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-05 14:25 . 2008-02-05 14:56 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-05 04:05 . 2008-02-05 13:31 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-05 03:57 . 2008-02-05 03:57 <REP> d-------- C:\Program Files\CCleaner
    2008-02-05 03:03 . 2008-02-05 03:03 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-05 02:49 . 2008-02-05 02:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-05 02:38 . 2008-02-05 02:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-05 02:26 . 2008-02-05 02:32 51,419 --a------ C:\WINDOWS\system32\winivstr.exe
    2008-02-05 02:22 . 2008-02-05 02:40 6,144 --a------ C:\WINDOWS\system32\cru629.dat
    2008-02-05 02:22 . 2008-02-05 02:40 6,144 --a------ C:\WINDOWS\cru629.dat
    2008-01-19 18:38 . 2008-01-19 18:38 <REP> d-------- C:\Documents and Settings\Yannick\render
    2008-01-14 16:27 . 2008-01-14 16:27 <REP> d-------- C:\Program Files\ING
    2008-01-10 22:45 . 2008-01-10 22:45 <REP> d-------- C:\Program Files\Sony Ericsson
    2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
    2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
    2008-01-05 22:46 . 2006-11-30 15:11 4,128 -ra------ C:\WINDOWS\system32\drivers\se46cr.sys
    2008-01-05 22:45 . 2006-11-30 15:11 90,800 -ra------ C:\WINDOWS\system32\drivers\se46unic.sys
    2008-01-05 22:45 . 2006-11-30 15:11 88,624 -ra------ C:\WINDOWS\system32\drivers\se46mgmt.sys
    2008-01-05 22:45 . 2006-11-30 15:11 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cmnt.sys
    2008-01-05 22:45 . 2006-11-30 15:11 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cm.sys
    2008-01-05 20:48 . 2006-11-30 15:11 61,536 -ra------ C:\WINDOWS\system32\drivers\se46bus.sys
    2008-01-05 20:48 . 2006-11-30 15:11 5,872 -ra------ C:\WINDOWS\system32\drivers\se46whnt.sys
    2008-01-05 20:48 . 2006-11-30 15:11 5,872 -ra------ C:\WINDOWS\system32\drivers\se46wh.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-05 16:03 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd2557.sys
    2008-02-05 15:58 --------- d-----w C:\Documents and Settings\Yannick\Application Data\Skype
    2008-02-05 15:46 --------- d-----w C:\Program Files\Dynamic Toolbar
    2008-02-05 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-05 14:25 --------- d-----w C:\Program Files\BitComet
    2008-02-05 01:46 24,576 ----a-w C:\WINDOWS\system32\drivers\rmc.exe
    2008-01-24 21:14 --------- d-----w C:\Program Files\Dialang
    2007-12-28 22:53 --------- d-----w C:\Documents and Settings\Yannick\Application Data\AdobeUM
    2007-12-25 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-12-25 17:33 --------- d-----w C:\Documents and Settings\Yannick\Application Data\dvdcss
    2007-12-25 15:34 --------- d-----w C:\Program Files\DVD Shrink
    2007-12-25 15:12 --------- d-----w C:\Program Files\Free Easy Burner
    2007-12-23 17:28 --------- d-----w C:\Program Files\TVUPlayer
    2007-12-23 17:27 --------- d-----w C:\Documents and Settings\Yannick\Application Data\TVU Networks
    2007-12-22 16:22 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-22 16:22 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-21 22:15 --------- d-----w C:\Documents and Settings\Yannick\Application Data\OpenOffice.org2
    2007-12-11 17:48 --------- d-----w C:\Program Files\MSECache
    2006-01-27 12:38 1,567 ----a-w C:\Program Files\uninstal.log
    .
    [color=red]Files Infected - Win32.Agent.zb/color
    C:\WINDOWS\system32\drivers\RMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\apps\skype\Phone\Skype.exe" [2007-07-02 16:10 23237416]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-05 02:46 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2008-02-05 15:26 94311]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "RMC"="C:\WINDOWS\system32\drivers\RMC.exe" [2008-02-05 02:46 24576]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-02-05 02:46 102490]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-05 02:46 708698]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-05 02:46 180269]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
    backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Status Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Status Monitor.lnk
    backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-04-12 00:10 65536 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2005-03-22 20:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2005-05-11 12:48 127118 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]
    --a------ 2008-02-05 02:46 24576 C:\WINDOWS\system32\drivers\RMC.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2005-04-12 22:21 14156800 C:\WINDOWS\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    --a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2008-02-05 02:46 708698 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2008-02-05 02:46 102490 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-02-05 02:46 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "brmfrmps"=2 (0x2)
    "xmlprov"=3 (0x3)
    "WmiApSrv"=3 (0x3)
    "WmdmPmSN"=3 (0x3)
    "VSS"=3 (0x3)
    "UPS"=3 (0x3)
    "upnphost"=3 (0x3)
    "SysmonLog"=3 (0x3)
    "SwPrv"=3 (0x3)
    "SCardSvr"=3 (0x3)
    "RSVP"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasAuto"=3 (0x3)
    "NtmsSvc"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "Netlogon"=3 (0x3)
    "MSIServer"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "ImapiService"=3 (0x3)
    "HTTPFilter"=3 (0x3)
    "dmserver"=3 (0x3)
    "COMSysApp"=3 (0x3)
    "CiSvc"=3 (0x3)
    "BITS"=3 (0x3)
    "aspnet_state"=3 (0x3)
    "AppMgmt"=3 (0x3)
    "dmadmin"=3 (0x3)
    "ose"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=3 (0x3)
    "CyberLink Media Library Service"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)

    R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-02-28 13:28]
    R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys [2005-04-22 14:24]
    R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys [2005-11-28 20:55]
    R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 01:48]
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
    S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
    S3 Gonzales;Gonzales;C:\WINDOWS\system32\DRIVERS\Gonzales.sys [2005-12-13 14:10]
    S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]
    S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]
    S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]
    S3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 14:24]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-31 12:48:03 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    "2008-02-05 15:16:08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FBDAA898-DE20-4CAF-A66C-00166603A974}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-05 17:05:56
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 2549

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\apps\skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-05 17:12:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-05 16:11:44
    .
    2008-02-05 15:34:49 --- E O F ---

    ---------------------------------------------------------------

    Je ne sais pas comment désactiver la restauration du systeme. :(
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour la restuaration tu vas dans demarrer (comme pour eteindre l'ordi), puis tous les programmes, outils systeme puis resauration systeme puis desactiver la restauration apres avoir cliquer sur parametre dans la partie gauche)
    puis redemarrer l'ordi puis la réactiver

    ________________________

    recolle un rapport bitdefender et dis tes soucis
    0
  10. 5tardust Messages postés 45 Statut Membre 1
     
    J'ai coché la désactivation de la restauration du systeme.

    Mais ils me demandent:

    - restaurer mon ordinateur à une heure antérieure

    ou

    - créer un point de restauration

    Je choisi quoi?
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    aucun surtout!!!

    il te faut clqiuer sur "parametre de la restauration du systeme " ecrit en bleu dans la partie gauche en bas du texte
    0
  12. 5tardust Messages postés 45 Statut Membre 1
     
    Voilà, j'ai redémarrer mon PC, et réactivé la restauration du systeme.
    Il est en état de "surveillance".

    Il ne reste plus qu'à refaire une analyse BitDefender.

    Est-ce que je peux supprimer tout les programmes que j'ai téléchargés?
    (ex: OTMoveIt, ComboFix etc.)
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu peux les virer maintenant ou apres la procedure

    a plus
    0
  14. 5tardust Messages postés 45 Statut Membre 1
     
    Voilà le résultat du dernier scan :

    Scanned File
    Status

    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
    Detected with: Adware.Newdotnet.AT

    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
    Disinfection failed

    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_=>newdotnet7_22.dll
    Deleted

    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_
    Update failed


    Ce n'est pas la première fois que je remarque ce NewDotNet sur mon PC. Comment faire pour le supprimer une bonne fois pour toute et pour éviter de le rechoper si possible?

    En tout cas je te fais un tout grand MERCI car je n'aurais probablement pas su faire ça moi même.
    Si jamais moi ou un de mes potes a un problème je recommanderai ce site sans aucun doute. :)
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_
    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________

    scan avec:

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    ________________

    recolle un rapport hiajkchtis et un nouveau bitdefender et dis tes soucis actuels
    0
  16. 5tardust Messages postés 45 Statut Membre 1
     
    Rapport de OTMoveIt :

    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll\614400_50b7ee307_ moved successfully.
    C:\Program Files\support.com\backup\ne\newdotnet7_22.dll moved successfully.

    OTMoveIt2 v1.0.18 log created on 02072008_031146


    Rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:59:51, on 7/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\drivers\RMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\apps\skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\apps\skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Yannick\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.proximus.be/pickx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.1.1:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [HDReg] c:\Apps\HDReg\HDRegApp.exe -r
    O4 - HKCU\..\Run: [Skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/zpagames/zpa_pool.cab36107.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est dans moved files en allant dans poste de travail puis c...

    C:\_OTMoveIt\MovedFiles.

    __________

    recolle un rapport hiajkchtis et un nouveau bitdefender et dis tes soucis actuels

    _______________

    pour virer des processus au demarrage:
    tu va dans DEMARRER puis EXECUTER et tape msconfig ensuite dans l'onglet DEMARRER tu decoche ce que tu ne veux pas , au demarrage suivant de l'ordi accepte ce qui est demandé

    ______
    0
  18. 5tardust Messages postés 45 Statut Membre 1
     
    Désolé pour le retard.

    Le scan Bitdefender n'a rien trouvé.

    Voici le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:53:26, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\slserv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\drivers\RMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\apps\skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\apps\skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Yannick\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.belgacom.net
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.100.1.1:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [RMC] C:\WINDOWS\system32\drivers\RMC.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.belgacom.net
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/bingame/zpagames/zpa_pool.cab36107.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon

    mets juste a jour java: DEMARRER puis PANNEAU DE CONFIGURATION puis JAVA puis MISE A JOUR

    _______________

    en plus de kaspersky tu peux mettre spybot et ccleaner (pour effacer une fois par semaine tes traces de surf)

    spybot :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    CCLEANER: sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    bonne continuation
    0
  20. 5tardust Messages postés 45 Statut Membre 1
     
    Je ne suis pas un pro, mais d'après moi le problème s'est résolu grâce à la suppression du fichier "Altnet" (C:\WINDOWS\Temp\Altnet).
    Et aussi, je crois, grâce à la désinstallation de Bitcomet.

    Encore un tout grand merci à jlpjlp pour son aide précieuse.
    0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    bonne suite!
    0
  • 1
  • 2