Rapport Hijackthis

Résolu
Hollow -  
 Hollow -
Bonjour, j' ai chopé un virus sur msn et ai eu d'autre soucis dernierement, je me suis inspiré d'autres sujet pour suprimer les eventuel virus que j'avais.

Seulement afin d'etre sur que mon pc sois un peu plus clean ou de remedier a d'eventuel futurs autres problemes je vous donne le rapport Hijackthis comme il etait conseillé dans plusieurs sujet:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:29, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 10436 bytes
Configuration: Windows XP
Firefox 2.0.0.12

19 réponses

  1. Utilisateur anonyme
     
    bonjour pour commencer il faudrait te separer de avast qui est maintenant un passoir , son heure de gloire est termine

    je te conseille d'installer antivir a la place de avast , pourquoi :http://forum.malekal.com/ftopic3528.php

    téléchargement antivir:https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId71944

    désinstaller avast:https://www.avast.com/fr-fr/uninstall-utility

    une fois antivir configure et mis a jours effectue un scan en mode sans echecs redemarre ton pc ouvre antivir puis cherche le rapport du scan copie et colle le dans ta prochaine reponse

    demarrage en mode sans echecs :

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    0
  2. Hollow
     
    Merci M.L king pour ta reponse, j'ai suivi ce que tu m'as dit.

    Seulement n'etant pas le seul utilisateur, je n'ai pas pus faire un scan complet Hier. apres un premier scan localisé en mode sans echec hier, voici le rapport:

    AntiVir PersonalEdition Classic
    Report file date: samedi 9 février 2008 19:40

    Scanning for 1096761 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Julien
    Computer name: MAISON

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:11:39
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:11:41
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:11:41
    ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 18:11:41
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 18:11:43
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 18:11:44
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Windows System Directory
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 9 février 2008 19:40

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\vtuutqq.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\vtuutqq.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen

    The registry was scanned ( '34' files ).

    Starting the file scan:

    Begin scan in 'C:\WINDOWS\system32'
    C:\WINDOWS\system32\aauiswdt.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DXU
    [INFO] The file was moved to '4822f400.qua'!
    C:\WINDOWS\system32\byxuvvs.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4825f421.qua'!
    C:\WINDOWS\system32\byxwxur.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4985b9ba.qua'!
    C:\WINDOWS\system32\cbxwwxy.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4825f40c.qua'!
    C:\WINDOWS\system32\gebcc.dll
    [DETECTION] Is the Trojan horse TR/Virtumod.PB
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\hggdeee.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4814f432.qua'!
    C:\WINDOWS\system32\hggdefg.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4814f433.qua'!
    C:\WINDOWS\system32\iifddcb.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4813f43e.qua'!
    C:\WINDOWS\system32\iifebxw.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '49b3bf47.qua'!
    C:\WINDOWS\system32\khfgdbx.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4813f447.qua'!
    C:\WINDOWS\system32\ljjjiij.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4817f44e.qua'!
    C:\WINDOWS\system32\mljghff.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4817f457.qua'!
    C:\WINDOWS\system32\mljiggh.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '49b7bf20.qua'!
    C:\WINDOWS\system32\mljiigg.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4817f458.qua'!
    C:\WINDOWS\system32\nnnnnnk.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481bf46d.qua'!
    C:\WINDOWS\system32\pmnkjig.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481bf476.qua'!
    C:\WINDOWS\system32\pmnlihg.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '49bbbf0f.qua'!
    C:\WINDOWS\system32\pmnlmjh.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481bf468.qua'!
    C:\WINDOWS\system32\qommjji.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481af47d.qua'!
    C:\WINDOWS\system32\rqrsppo.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481ff484.qua'!
    C:\WINDOWS\system32\tuvvuts.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4823f497.qua'!
    C:\WINDOWS\system32\urqpopn.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '481ef497.qua'!
    C:\WINDOWS\system32\vtuutqq.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\wvuvuvs.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4822f4af.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: samedi 9 février 2008 19:47
    Used time: 07:49 min

    The scan has been done completely.

    264 Scanning directories
    7737 Files were scanned
    25 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    22 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    7712 Files not concerned
    13 Archives were scanned
    4 Warnings
    0 Notes

    cependant j'ai fait un scan complet ce matin, toujours en mode sans echec, voici le rapport:

    AntiVir PersonalEdition Classic
    Report file date: dimanche 10 février 2008 08:20

    Scanning for 1096761 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Julien
    Computer name: MAISON

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:11:39
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:11:41
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:11:41
    ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 18:11:41
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 18:11:43
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 18:11:44
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 10 février 2008 08:20

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'G:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '33' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Panda Security\TotalScan\pskavs.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [INFO] The file was moved to '4819b5e9.qua'!
    C:\WINDOWS\system32\gebcc.VIR000
    [DETECTION] Is the Trojan horse TR/Virtumod.PB
    [INFO] The file was moved to '4810beff.qua'!
    C:\WINDOWS\system32\vtuutqq.VIR
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4823bf68.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'G:\' <Dd sauvegar>

    End of the scan: dimanche 10 février 2008 11:03
    Used time: 2:43:33 min

    The scan has been done completely.

    12785 Scanning directories
    547813 Files were scanned
    3 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    547810 Files not concerned
    4308 Archives were scanned
    3 Warnings
    1 Notes

    je te remerci grandement pour ton intervention.
    0
  3. Utilisateur anonyme
     
    bonjour , ne te justifie pas , on fait comme on peu , pas comme on veu ! (lol)
    je me doutais que ton pc avait une infection plus lourde .
    voici pour commencer

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    pour effectuer les fix deconnect toi et ferme toutes tes applications !!

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau
    0
  4. Hollow
     
    j'ai suivi tes recommandation, voici les rapport:

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 13:25:16 10/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\awtrrsp.dll
    C:\WINDOWS\system32\awttqrs.dll
    C:\WINDOWS\system32\awtuuvu.dll
    C:\WINDOWS\system32\cbxyxya.dll
    C:\WINDOWS\system32\ddccyay.dll
    C:\WINDOWS\system32\ddcyvsq.dll
    C:\WINDOWS\system32\fccayvu.dll
    C:\WINDOWS\system32\gebaxxw.dll
    C:\WINDOWS\system32\mljgfff.dll
    C:\WINDOWS\system32\mljghfd.dll
    C:\WINDOWS\system32\mljhiii.dll
    C:\WINDOWS\system32\mljifgd.dll
    C:\WINDOWS\system32\mljkiji.dll
    C:\WINDOWS\system32\nnnolkj.dll
    C:\WINDOWS\system32\nnnopnn.dll
    C:\WINDOWS\system32\opnklkl.dll
    C:\WINDOWS\system32\tuvstus.dll
    C:\WINDOWS\system32\tuvvuvv.dll
    C:\WINDOWS\system32\urqpnki.dll
    C:\WINDOWS\system32\urqrrrr.dll
    C:\WINDOWS\system32\wvuturp.dll
    C:\WINDOWS\system32\xxyyyvs.dll
    C:\WINDOWS\system32\yayvtsq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtrrsp.dll
    C:\WINDOWS\system32\awtrrsp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awttqrs.dll
    C:\WINDOWS\system32\awttqrs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awtuuvu.dll
    C:\WINDOWS\system32\awtuuvu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxyxya.dll
    C:\WINDOWS\system32\cbxyxya.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddccyay.dll
    C:\WINDOWS\system32\ddccyay.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcyvsq.dll
    C:\WINDOWS\system32\ddcyvsq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccayvu.dll
    C:\WINDOWS\system32\fccayvu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebaxxw.dll
    C:\WINDOWS\system32\gebaxxw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljgfff.dll
    C:\WINDOWS\system32\mljgfff.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljghfd.dll
    C:\WINDOWS\system32\mljghfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljhiii.dll
    C:\WINDOWS\system32\mljhiii.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljifgd.dll
    C:\WINDOWS\system32\mljifgd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljkiji.dll
    C:\WINDOWS\system32\mljkiji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnolkj.dll
    C:\WINDOWS\system32\nnnolkj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnopnn.dll
    C:\WINDOWS\system32\nnnopnn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnklkl.dll
    C:\WINDOWS\system32\opnklkl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvstus.dll
    C:\WINDOWS\system32\tuvstus.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvvuvv.dll
    C:\WINDOWS\system32\tuvvuvv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqpnki.dll
    C:\WINDOWS\system32\urqpnki.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqrrrr.dll
    C:\WINDOWS\system32\urqrrrr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvuturp.dll
    C:\WINDOWS\system32\wvuturp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyyyvs.dll
    C:\WINDOWS\system32\xxyyyvs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yayvtsq.dll
    C:\WINDOWS\system32\yayvtsq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    [02/10/2008, 13:56:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Bureau\VirtumundoBeGone.exe" )
    [02/10/2008, 13:56:45] - Detected System Information:
    [02/10/2008, 13:56:46] - Windows Version: 5.1.2600, Service Pack 2
    [02/10/2008, 13:56:46] - Current Username: Julien (Admin)
    [02/10/2008, 13:56:46] - Windows is in NORMAL mode.
    [02/10/2008, 13:56:46] - Searching for Browser Helper Objects:
    [02/10/2008, 13:56:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [02/10/2008, 13:56:46] - BHO 2: {0EEDB912-C5FA-486F-8334-57288578C627} (Shareaza Web Download Hook)
    [02/10/2008, 13:56:46] - BHO 3: {35468C33-B904-4260-9B8C-FFB953B2A270} ()
    [02/10/2008, 13:56:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/10/2008, 13:56:46] - Checking for HKLM\...\Winlogon\Notify\vtuutqq
    [02/10/2008, 13:56:46] - Found: HKLM\...\Winlogon\Notify\vtuutqq - This is probably Virtumundo.
    [02/10/2008, 13:56:46] - Assigning {35468C33-B904-4260-9B8C-FFB953B2A270} MSEvents Object
    [02/10/2008, 13:56:46] - BHO list has been changed! Starting over...
    [02/10/2008, 13:56:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [02/10/2008, 13:56:46] - BHO 2: {0EEDB912-C5FA-486F-8334-57288578C627} (Shareaza Web Download Hook)
    [02/10/2008, 13:56:46] - BHO 3: {35468C33-B904-4260-9B8C-FFB953B2A270} (MSEvents Object)
    [02/10/2008, 13:56:46] - ALERT: Found MSEvents Object!
    [02/10/2008, 13:56:46] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [02/10/2008, 13:56:46] - BHO 5: {5C298311-0F1F-C802-7D27-A2D46C968E29} ()
    [02/10/2008, 13:56:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/10/2008, 13:56:46] - Checking for HKLM\...\Winlogon\Notify\axis hole
    [02/10/2008, 13:56:46] - Key not found: HKLM\...\Winlogon\Notify\axis hole, continuing.
    [02/10/2008, 13:56:46] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/10/2008, 13:56:46] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/10/2008, 13:56:46] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [02/10/2008, 13:56:46] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [02/10/2008, 13:56:46] - BHO 10: {BC2E88C7-36C3-4118-B310-B058AF5965C8} ()
    [02/10/2008, 13:56:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/10/2008, 13:56:46] - Checking for HKLM\...\Winlogon\Notify\gebcc
    [02/10/2008, 13:56:46] - Key not found: HKLM\...\Winlogon\Notify\gebcc, continuing.
    [02/10/2008, 13:56:46] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [02/10/2008, 13:56:46] - Finished Searching Browser Helper Objects
    [02/10/2008, 13:56:46] - *** Detected MSEvents Object
    [02/10/2008, 13:56:46] - Trying to remove MSEvents Object...
    [02/10/2008, 13:56:47] - Terminating Process: IEXPLORE.EXE
    [02/10/2008, 13:56:47] - Terminating Process: RUNDLL32.EXE
    [02/10/2008, 13:56:48] - Disabling Automatic Shell Restart
    [02/10/2008, 13:56:48] - Terminating Process: EXPLORER.EXE
    [02/10/2008, 13:56:48] - Suspending the NT Session Manager System Service
    [02/10/2008, 13:56:48] - Terminating Windows NT Logon/Logoff Manager
    [02/10/2008, 13:56:48] - Re-enabling Automatic Shell Restart
    [02/10/2008, 13:56:48] - File to disable: C:\WINDOWS\system32\vtuutqq.dll
    [02/10/2008, 13:56:48] - Removing HKLM\...\Browser Helper Objects\{35468C33-B904-4260-9B8C-FFB953B2A270}
    [02/10/2008, 13:56:48] - Removing HKCR\CLSID\{35468C33-B904-4260-9B8C-FFB953B2A270}
    [02/10/2008, 13:56:48] - Adding Kill Bit for ActiveX for GUID: {35468C33-B904-4260-9B8C-FFB953B2A270}
    [02/10/2008, 13:56:48] - Deleting ATLEvents/MSEvents Registry entries
    [02/10/2008, 13:56:48] - Removing HKLM\...\Winlogon\Notify\vtuutqq
    [02/10/2008, 13:56:48] - Searching for Browser Helper Objects:
    [02/10/2008, 13:56:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [02/10/2008, 13:56:48] - BHO 2: {0EEDB912-C5FA-486F-8334-57288578C627} (Shareaza Web Download Hook)
    [02/10/2008, 13:56:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [02/10/2008, 13:56:48] - BHO 4: {5C298311-0F1F-C802-7D27-A2D46C968E29} ()
    [02/10/2008, 13:56:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/10/2008, 13:56:48] - Checking for HKLM\...\Winlogon\Notify\axis hole
    [02/10/2008, 13:56:48] - Key not found: HKLM\...\Winlogon\Notify\axis hole, continuing.
    [02/10/2008, 13:56:49] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/10/2008, 13:56:49] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [02/10/2008, 13:56:49] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [02/10/2008, 13:56:49] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [02/10/2008, 13:56:49] - BHO 9: {BC2E88C7-36C3-4118-B310-B058AF5965C8} ()
    [02/10/2008, 13:56:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/10/2008, 13:56:49] - Checking for HKLM\...\Winlogon\Notify\gebcc
    [02/10/2008, 13:56:49] - Key not found: HKLM\...\Winlogon\Notify\gebcc, continuing.
    [02/10/2008, 13:56:49] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [02/10/2008, 13:56:49] - Finished Searching Browser Helper Objects
    [02/10/2008, 13:56:49] - Finishing up...
    [02/10/2008, 13:56:49] - A restart is needed.
    [02/10/2008, 13:56:55] - Attempting to Restart via STOP error (Blue Screen!)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    poste un nouveau rapport hijackthis stp
    0
  7. Hollow
     
    voici:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:19:10, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
    C:\FRAPS\FRAPS.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C298311-0F1F-C802-7D27-A2D46C968E29} - C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BC2E88C7-36C3-4118-B310-B058AF5965C8} - C:\WINDOWS\system32\gebcc.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
    O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ddnupdate.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    0
  8. Utilisateur anonyme
     
    Télécharge le FixWareout d'un de ces deux sites, sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    https://www.bleepingcomputer.com/download/linux/
    Ferme toutes les fenêtres de tous les programmes ouverts.

    Lance le Fixwareout.exe: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.

    Le fix va commencer, suis les messages à l'écran.
    Il te sera demandé de redémarrer ton ordinateur, fais-le.
    Ton système mettra un peu plus de temps au démarrage, c'est normal.
    Une fois le scan terminé, un rapport va s'afficher. ==> tu peux en faire un copier/coller et le poster sur ce forum.

    Note : [Le bureau sans icône va apparaître ainsi qu'une petite fenêtre ayant pour titre BFU. Clique sur OK et patiente jusqu'à la fin du scan. (Ca peut prendre plusieurs minutes pendant lesquelles tu as l'impression que rien ne se passe. Patiente!)
    Quand ton système aura redémarré, suis les invites des messages.]

    Poste le rapport de FixWareout. ==> (Il est enregistré dans "Poste de travail" > C:\FixWareout\report.txt).

    Poste enfin un nouveau log HijackThis.
    0
  9. Hollow
     
    j'ai suivi tes indication:

    Username "Julien" - 10/02/2008 15:30:31 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Cache de résolution DNS vidé.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TITLECDROM"="C:\\DOCUME~1\\Julien\\APPLIC~1\\CREATI~1\\Balmstoplogo.exe"
    "Configuration de la neuf Box"="C:\\Program Files\\neuf telecom\\neuf Box\\Wizard\\QuickAccess.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "TVAgent WiFi"="C:\\Program Files\\neuf telecom\\neuf Box\\Wizard\\Agent_WiFi.exe"
    "Fraps"="C:\\FRAPS\\FRAPS.EXE"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:37:52, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
    C:\FRAPS\FRAPS.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C298311-0F1F-C802-7D27-A2D46C968E29} - C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BC2E88C7-36C3-4118-B310-B058AF5965C8} - C:\WINDOWS\system32\gebcc.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
    O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ddnupdate.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    0
  10. Utilisateur anonyme
     
    1-Télécharge BTFix de Bibi26
    http://cluster1.easy-hebergement.net/

    *Dézippe l'archive sur ton Bureau.
    *Ouvre le dossier BTFix.
    *Double clique sur BTFix.exe.
    *Clique sur Rechercher.
    *Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

    0
  11. Hollow
     
    voici le rapport BTfix:

    BTFix 1.075 (par bibi26) - 10/02/2008 15:57:13 - Analyse
    Lancé depuis C:\Documents and Settings\Julien\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Program Files\daemontools_whenusave_installer\

    ---> Analyse terminée
    0
  12. Utilisateur anonyme
     
    * Démarre l'ordinateuren mode sans echecs.
    * Une fois le chargement du BIOS terminé, il y a un écran noir.
    * Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows.
    * En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuie sur Entrée.
    * Choisis ton compte usuel et non Administrateur.

    * Ouvre BTFix
    * Clique sur "Nettoyer"
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
    0
  13. Hollow
     
    Oups, apres avoir nettoyé, j'ai relancé une recherche alors que j'aurai pas du

    pendant le nettoyage il m'as bien dit que le dossier C:\Program Files\daemontools_whenusave_installer\ a été nettoyé

    et voici le rapport de la derniere recherche:

    BTFix 1.075 (par bibi26) - 10/02/2008 16:13:14 - Analyse
    Lancé depuis C:\Documents and Settings\Julien\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    ---> Analyse terminée
    0
  14. Utilisateur anonyme
     
    ok poste un nouveau rapport hijackthis ce dois etre bon cette fois ci .
    0
  15. Hollow
     
    voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:17:44, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C298311-0F1F-C802-7D27-A2D46C968E29} - C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BC2E88C7-36C3-4118-B310-B058AF5965C8} - C:\WINDOWS\system32\gebcc.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
    O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
    O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
    O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ddnupdate.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    0
  16. Utilisateur anonyme
     
    bon fait ceci

    Télécharges ComboFix à partir d'un de ces liens :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    ► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  17. Hollow
     
    voici le rapport combofix:

    ComboFix 08-02.05.3 - Julien 2008-02-10 18:01:34.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\Julien\ravmonlog
    C:\Documents and Settings\Mylene\Application Data\HbTools
    C:\Documents and Settings\Mylene\ravmonlog
    C:\WINDOWS\system32\ccbeg.ini
    C:\WINDOWS\system32\ccbeg.ini2
    G:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip
    -------\nm

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 15:30 . 2008-02-10 15:34 <REP> d-------- C:\fixwareout
    2008-02-10 13:52 . 2008-02-10 13:52 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-02-10 13:25 . 2008-02-10 13:52 <REP> d-------- C:\VundoFix Backups
    2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- C:\Program Files\Avira
    2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-09 17:19 . 2008-02-09 17:19 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Live-Prod
    2008-02-09 17:18 . 2008-02-09 17:21 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
    2008-02-09 16:54 . 2008-02-09 16:54 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-09 16:15 . 2008-02-09 16:08 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-09 16:15 . 2008-02-09 16:15 3,449 --a------ C:\WINDOWS\unins000.dat
    2008-02-06 13:59 . 2007-08-21 15:21 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
    2008-02-06 13:51 . 2008-02-06 14:02 <REP> d-------- C:\Program Files\Architecte 3D Platinium Demo
    2008-02-06 13:09 . 2008-02-06 13:13 <REP> d-------- C:\Program Files\Panda Security
    2008-02-02 11:52 . 2008-02-10 18:05 4,436,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-02 11:52 . 2008-02-10 17:45 54,884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-02 11:43 . 2008-02-02 11:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-02-02 11:42 . 2008-02-02 11:48 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-02-02 11:41 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2008-02-02 11:41 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-02-02 11:41 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-02-02 11:41 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-02-02 11:41 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-02-02 11:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-02-02 11:39 . 2008-02-02 11:42 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2008-02-02 11:39 . 2008-02-02 11:39 <REP> d-------- C:\Program Files\Zone Labs
    2008-02-02 11:39 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
    2008-02-02 11:39 . 2008-02-10 17:47 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
    2008-02-02 11:38 . 2008-02-10 17:59 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-02-02 11:35 . 2008-02-02 11:35 <REP> d-------- C:\Program Files\CCleaner
    2008-02-01 21:19 . 2008-02-02 10:44 17,273 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2008-01-29 17:15 . 2008-02-09 09:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-29 17:15 . 2008-01-29 17:15 37,888 --a------ C:\WINDOWS\system32\rar.exe
    2008-01-26 14:50 . 2008-01-26 14:50 <REP> d-------- C:\Documents and Settings\Julien\Presets
    2008-01-25 09:23 . 2008-01-25 09:23 <REP> d-------- C:\Program Files\Common Files
    2008-01-21 16:36 . 2008-01-21 16:36 <REP> d-------- C:\Program Files\Blender Foundation
    2008-01-21 14:26 . 2008-01-21 14:26 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-18 10:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-01-18 10:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-01-18 10:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-01-17 21:35 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-17 21:33 . 2008-01-17 21:33 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-17 21:32 . 2008-01-17 21:32 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-01-17 21:18 . 2008-01-17 21:25 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-17 21:17 . 2008-01-17 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-17 20:51 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
    2008-01-17 20:47 . 2008-01-17 20:47 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2008-01-17 20:47 . 2008-01-17 20:52 <REP> d-------- C:\Program Files\AlienGUIse
    2008-01-17 20:47 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
    2008-01-17 20:47 . 2008-01-17 20:47 56 --a------ C:\WINDOWS\wb.ini
    2008-01-17 15:29 . 2008-01-17 15:29 <REP> d-------- C:\WoW-2.0.0-frFR-Installer
    2008-01-17 15:29 . 2008-01-17 15:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-01-17 15:29 . 2008-01-17 15:29 1,072,255 --a------ C:\WoW-2.0.0-frFR-Installer-downloader.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 15:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-08 22:26 --------- d-----w C:\Documents and Settings\Julien\Application Data\OpenOffice.org2
    2008-02-02 09:45 --------- d-----w C:\Program Files\eMule
    2008-02-01 19:56 --------- d-----w C:\Program Files\Sunbelt Software
    2008-01-28 14:08 --------- d-----w C:\Program Files\Htmledit
    2008-01-21 13:50 --------- d-----w C:\Program Files\OGSConverter
    2008-01-18 09:12 --------- d-----w C:\Program Files\Windows Live
    2008-01-17 20:30 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-01-14 20:03 --------- d-----w C:\Program Files\Fichiers communs\ErrorSafe
    2008-01-14 15:26 --------- d-----w C:\Documents and Settings\Julien\Application Data\teamspeak2
    2008-01-08 18:34 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-06 16:12 --------- d-----w C:\Documents and Settings\Julien\Application Data\Skype
    2008-01-06 16:09 304,160 ----a-w C:\StiImg.dat
    2008-01-02 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-26 09:02 --------- d-----w C:\Program Files\Java
    2007-12-23 12:14 --------- d-----w C:\Documents and Settings\Julien\Application Data\Samsung
    2007-12-23 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-23 11:42 --------- d-----w C:\Program Files\Samsung
    2007-07-07 14:49 0 ----a-w C:\Program Files\Uninstal.$$A
    2006-01-25 10:18 37 ----a-w C:\Documents and Settings\Julien\getfile.dat
    2006-01-23 19:00 37 ----a-w C:\Documents and Settings\Mylene\getfile.dat
    2005-05-08 17:26 56 --sha-r C:\WINDOWS\system32\6B00F46D92.sys
    2006-03-09 17:21 8 --sh--r C:\WINDOWS\system32\947128E19A.sys
    2006-03-09 17:21 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C298311-0F1F-C802-7D27-A2D46C968E29}]
    C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC2E88C7-36C3-4118-B310-B058AF5965C8}]
    C:\WINDOWS\system32\gebcc.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TITLECDROM"="C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe" [ ]
    "Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 14:19 389120]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:24 68856]
    "TVAgent WiFi"="C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe" [2005-12-13 12:48 976896]
    "Fraps"="C:\FRAPS\FRAPS.EXE" [2005-12-03 11:01 2826240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-04 01:29 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-22 17:23 98304]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [ ]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-09 19:11 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "NTSpool"= NTSpool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LightSurf.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LightSurf.lnk
    backup=C:\WINDOWS\pss\LightSurf.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^WkCalRem.LNK]
    path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\WkCalRem.LNK
    backup=C:\WINDOWS\pss\WkCalRem.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\824Edb]
    C:\WINDOWS\gsarold.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-08-12 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
    C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration de la neuf Box]
    --------- 2005-12-13 14:19 389120 C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a------ 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
    --a------ 1998-07-30 15:58 35328 C:\WINDOWS\hpfsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
    C:\Program Files\Internet Optimizer\optimize.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    C:\Program Files\ISTsvc\istsvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mess burn hold global]
    C:\Documents and Settings\All Users\Application Data\CornProxyMessBurn\Startseek.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    --a------ 2006-04-26 17:39 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
    --a------ 2004-09-13 18:06 137216 C:\Program Files\MSI\System Control Manager\MGSysCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-01-22 17:23 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-08-30 12:48 69632 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-03-31 20:57 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]
    C:\Program Files\SuperCopier\SuperCopier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TITLECDROM]
    C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-12-04 01:29 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent WiFi]
    --------- 2005-12-13 12:48 976896 C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-05-14 23:22 35328 C:\Program Files\Winamp\winampa.exe

    R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-07-30 22:40]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
    R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
    S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys [2000-08-30 16:15]
    S3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\System32\Drivers\MGHwCtrl.sys [2005-10-20 11:04]
    S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 11:56]
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 23:17]
    S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 12:14]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \Shell\AutoRun\command - setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d431fb40-a38a-11d9-b5b0-806d6172696f}]
    \Shell\AutoRun\command - G:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-10 17:00:00 C:\WINDOWS\Tasks\AAA4211091C7DC78.job"
    - c:\docume~1\julien\applic~1\creati~1\Gpl Exit Army.exe
    "2008-02-10 16:59:05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 18:06:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-10 18:07:29
    ComboFix-quarantined-files.txt 2008-02-10 17:07:06
    .
    2008-01-23 16:09:33 --- E O F ---
    0
  18. Utilisateur anonyme
     
    combofix as bien travaille par contre n'utilise pas tes support amovible combo as as supprime un jolis vers donc attend avant d'utiliser une cles usb ou ou disque dure externe , je m'informe sur un desinfectant
    0
  19. Utilisateur anonyme
     
    -> Flash_Disinfector de sUBs:
    http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
    utilisation:
    Télécharge et enregistre Flash_Disinfector.exe sur votre bureau.
    Double clique sur Flash_Disinfector.exe pour le lancer.
    Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
    Connecte tes clé USB et/ou périphériques USB externes susceptibles d'avoir été infectés.
    Puis clique sur Ok
    Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"
    Appuyes ensuite sur "Ok", pour faire réapparaitre le bureau.

    Avant de passer un de ces outils, assures-toi d'avoir fermé tous les programmes en cours d'exécution et connecté au pc tous les périphériques externes qui auraient pu être contaminés.(Disques dur, clé USB, Ipod...).
    0
  20. Hollow
     
    D'accord, je te remercie pour l'aide que tu m'as fourni.
    0