Ecran bleu warning! spyware detected on your

jon dal Messages postés 9 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Bonjour,
j'ai un probleme mon ecran est bleu avec inscrit warning! spyware detected on your computer. que dois je faire? J'ai procéde à un nettoyage avec cccleaner, spyware doctor, panda antivirus 2008, mais quand j'analyse avec Ad adware et a squared free, l'analyse s'interrompt et le pc s'eteint et redemarre. Merci d'avance

j'ai aussi le rapport hijack

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:35, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
O4 - S-1-5-18 Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed055YYFR_ZN
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Wanadoo - http://chat5.x-echo.com/version2/Applet/wchatsign.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 7646 bytes
Configuration: Windows XP
Internet Explorer 7.0

25 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    passe ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    repost aussi un nouveau hijack this stp

    @+
    1
    1. jon dal Messages postés 9 Statut Membre
       
      Salut,

      Voici le contenu de rapport Combofix

      ComboFix 08-03-25.4 - Propriétaire 2008-03-27 9:58:06.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.199 [GMT 1:00]
      Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\drivers\down

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-27 01:51 . 2008-03-27 01:51 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
      2008-03-27 01:50 . 2008-03-27 01:50 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-27 01:50 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-03-27 01:45 . 2008-03-27 01:45 <REP> d-------- C:\Program Files\Avira
      2008-03-27 01:45 . 2008-03-27 01:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-27 01:34 . 2008-03-27 01:34 <REP> d-------- C:\Program Files\Trend Micro
      2008-03-27 00:34 . 2008-03-27 00:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp
      2008-03-27 00:30 . 2008-03-27 00:30 <REP> d-------- C:\Program Files\Lavasoft
      2008-03-27 00:30 . 2008-03-27 00:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-03-27 00:12 . 2008-03-27 00:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp
      2008-03-26 23:39 . 2008-03-26 23:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp
      2008-03-26 15:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-26 15:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-26 15:48 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-26 15:48 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-26 15:48 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-03-26 15:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-26 15:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-26 15:48 . 2008-03-26 23:55 2,212 --a------ C:\WINDOWS\system32\tmp.reg
      2008-03-26 15:34 . 2008-03-26 15:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp
      2008-03-26 14:48 . 2008-03-26 14:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp
      2008-03-26 13:31 . 2008-03-26 13:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp
      2008-03-26 12:54 . 2008-03-26 12:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp
      2008-03-26 11:48 . 2008-03-26 11:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp
      2008-03-26 11:48 . 2008-03-26 11:44 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
      2008-03-26 11:48 . 2008-03-26 11:44 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
      2008-03-26 11:44 . 2008-03-26 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
      2008-03-26 11:31 . 2008-03-26 11:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\sentinel
      2008-03-26 11:29 . 2008-03-26 11:33 <REP> d-------- C:\WINDOWS\system32\PAV
      2008-03-26 11:29 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
      2008-03-26 11:29 . 2008-03-26 11:29 248 --a------ C:\WINDOWS\system32\PavCPL.dat
      2008-03-26 11:28 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
      2008-03-26 11:28 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
      2008-03-26 11:27 . 2008-03-26 11:27 <REP> d-------- C:\Program Files\Panda Security
      2008-03-26 10:37 . 2008-03-26 10:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp
      2008-03-25 23:40 . 2008-03-25 23:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp
      2008-03-25 23:11 . 2008-03-25 23:11 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-03-25 22:57 . 2008-03-25 22:57 269,334 --a------ C:\WINDOWS\system32\nipsnmdgr.bmp
      2008-03-25 22:50 . 2008-03-25 22:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp
      2008-03-25 22:49 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-03-25 22:49 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-03-25 22:49 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-03-25 22:49 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-03-25 22:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-03-25 22:46 . 2008-03-25 22:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp
      2008-03-25 22:34 . 2008-03-25 22:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp
      2008-03-25 22:30 . 2008-03-26 13:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-25 21:57 . 2008-03-25 21:57 <REP> d----c--- C:\kav
      2008-03-25 21:55 . 2008-03-25 21:55 269,334 --a------ C:\WINDOWS\system32\relkr.bmp
      2008-03-25 21:47 . 2008-03-25 21:58 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
      2008-03-25 21:44 . 2008-03-25 21:44 269,334 --a------ C:\WINDOWS\system32\netcn.bmp
      2008-03-25 21:31 . 2004-08-20 00:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll
      2008-03-25 21:29 . 2008-03-25 21:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp
      2008-03-25 21:02 . 2008-03-25 21:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp
      2008-03-25 21:01 . 2008-03-25 21:02 2 --a--c--- C:\953211791
      2008-03-25 17:52 . 2008-03-25 17:52 <REP> d----c--- C:\SAV32CLI
      2008-03-25 01:19 . 2008-03-25 23:37 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-03-25 01:19 . 2008-03-25 01:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
      2008-03-24 18:20 . 2008-03-24 18:20 <REP> d-------- C:\Program Files\ma-config.com
      2008-03-24 18:20 . 2008-03-24 18:23 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
      2008-03-20 16:36 . 2008-03-24 15:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
      2008-03-20 16:34 . 2008-03-24 15:23 <REP> d-------- C:\Program Files\BitTorrent
      2008-03-14 11:27 . 2008-03-14 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-27 08:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-26 10:48 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
      2008-03-26 10:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free
      2008-03-25 22:36 --------- d-----w C:\Program Files\Google
      2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-03-22 21:19 --------- d-----w C:\Program Files\eMule
      2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live
      2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
      2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek
      2008-02-09 17:50 --------- d-----w C:\Program Files\eBay
      2008-02-07 09:27 --------- d-----w C:\Program Files\TuneUp Utilities 2004
      2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
      C:\WINDOWS\system32\jfiehayd.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
      "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-30 21:49 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 19:54 155648]
      "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-25 23:40 1816208]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 01:47 249896]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Suite"="regedit -s c:\windows\temp\adj_hp.reg" [ ]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
      "{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
      avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]
      opnkhfd.dll

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess
      "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "hpsysdrv"=c:\windows\system\hpsysdrv.exe
      "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
      "New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
      "nwiz"=nwiz.exe /install
      "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
      "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
      "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
      "DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
      "My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
      "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
      "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
      "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Soulseek\\slsk.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
      "C:\\Program Files\\eMule\\eMule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\system32\\rundll32.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

      R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-26 11:44]
      R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-26 11:44]
      S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS\twain_32\jwlbqzpi.dll []
      S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 17:17]
      S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 17:16]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-27 10:05:02
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-27 10:07:07
      ComboFix-quarantined-files.txt 2008-03-27 09:07:03
      .
      2008-03-12 13:45:30 --- E O F ---




      et le nouveau hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:18:29, on 27/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
      O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed055YYFR_ZN
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: Interface Chat Wanadoo - http://chat5.x-echo.com/version2/Applet/wchatsign.cab
      O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
      O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
      0
    2. gago223
       
      salut g!rly,
      merci merci merci je ne sais pas comment je vai vous remercier
      pour la premiere fois je trouve un vrais bon sujet merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii pour la deuxieme fois et pour la troisieme fois meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeerrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrccccccccccccccccccccccccccccccccciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
      0
      1. g!rly Messages postés 18462 Statut Contributeur 407 > gago223
         
        Salut gago223 ;)
        Merci, mais pour quoi ?
        0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    tu as été infecté par bagle dans le passé ?

    la suite :

    A l´aide de hijack this coche et fix les lignes ci dessous :

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed055YYFR_ZN
    O16 - DPF: Interface Chat Wanadoo - http://chat5.x-echo.com/version2/Applet/wchatsign.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/
    O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    tu as deux anti virus ?!

    supprime soit panda soit antivir !

    passe ccleaner :

    Ccleaner:

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

    -> L´installer.

    -> Une fois installé et lancé :

    Dans la colonne de gauche, click sur :

    ->"erreurs" :

    Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

    ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

    ->"nettoyeur"

    quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

    -> Tutoriel en image :

    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    -> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

    tu n´as pas de par feu instale celui ci :

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    puis

    Copie le texte ci-dessous :

    File::
    c:\windows\temp\adj_hp.reg
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\jfiehayd.dll
    C:\WINDOWS\twain_32\jwlbqzpi.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Suite"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­]
    "{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]

    Driver::
    jwlbqzpi

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. jon dal Messages postés 9 Statut Membre
       
      bonsoir
      Voici les rapports

      omboFix 08-03-25.4 - Propriétaire 2008-03-27 20:07:24.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.168 [GMT 1:00]
      Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt..txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .
      -- Script messages for sUBs --
      C:\WINDOWS\system32\CF9048.exe /S /D /c" ( GSAR -F -s:x1A -r 2>nul | SED -r "s/\x00//g; s/http:/\nhxxp:/g;s/.:\\/\n&/g;" | ( SED -r "/^hxxp:\/\/.*\//!d; s/(.{7}[[:alnum:].]*).*/\1/; $s/.*/&\n/" | GREP -Fivf BitsStr ) )"
      C:\WINDOWS\system32\CF9048.exe /S /D /c" type "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr?.dat" 2>nul"

      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-27 20:23 . 2008-03-27 20:23 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
      2008-03-27 19:38 . 2008-03-27 19:38 <REP> d-------- C:\Program Files\Tall Emu
      2008-03-27 19:38 . 2008-03-27 19:52 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\OnlineArmor
      2008-03-27 19:38 . 2008-03-27 19:38 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\OnlineArmor
      2008-03-27 19:38 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
      2008-03-27 19:38 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
      2008-03-27 19:38 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
      2008-03-27 18:08 . 2008-03-27 18:01 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
      2008-03-27 18:08 . 2008-03-27 18:01 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
      2008-03-27 17:48 . 2008-03-27 18:22 <REP> d-------- C:\WINDOWS\system32\PAV
      2008-03-27 17:48 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
      2008-03-27 17:48 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
      2008-03-27 17:48 . 2008-03-27 17:48 248 --a------ C:\WINDOWS\system32\PavCPL.dat
      2008-03-27 17:47 . 2008-03-27 17:47 <REP> d-------- C:\Program Files\Panda Security
      2008-03-27 17:47 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
      2008-03-27 01:50 . 2008-03-27 01:50 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-27 01:45 . 2008-03-27 01:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-27 01:34 . 2008-03-27 01:34 <REP> d-------- C:\Program Files\Trend Micro
      2008-03-27 00:34 . 2008-03-27 00:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp
      2008-03-27 00:30 . 2008-03-27 00:30 <REP> d-------- C:\Program Files\Lavasoft
      2008-03-27 00:30 . 2008-03-27 00:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-03-27 00:12 . 2008-03-27 00:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp
      2008-03-26 23:39 . 2008-03-26 23:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp
      2008-03-26 15:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-26 15:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-26 15:48 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-26 15:48 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-26 15:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-26 15:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-26 15:48 . 2008-03-26 23:55 2,212 --a------ C:\WINDOWS\system32\tmp.reg
      2008-03-26 15:34 . 2008-03-26 15:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp
      2008-03-26 14:48 . 2008-03-26 14:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp
      2008-03-26 13:31 . 2008-03-26 13:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp
      2008-03-26 12:54 . 2008-03-26 12:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp
      2008-03-26 11:48 . 2008-03-26 11:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp
      2008-03-26 11:44 . 2008-03-26 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
      2008-03-26 11:31 . 2008-03-26 11:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\sentinel
      2008-03-26 10:37 . 2008-03-26 10:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp
      2008-03-25 23:40 . 2008-03-25 23:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp
      2008-03-25 23:11 . 2008-03-25 23:11 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-03-25 22:57 . 2008-03-25 22:57 269,334 --a------ C:\WINDOWS\system32\nipsnmdgr.bmp
      2008-03-25 22:50 . 2008-03-25 22:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp
      2008-03-25 22:49 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-03-25 22:49 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-03-25 22:49 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-03-25 22:49 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-03-25 22:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-03-25 22:46 . 2008-03-25 22:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp
      2008-03-25 22:34 . 2008-03-25 22:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp
      2008-03-25 22:30 . 2008-03-26 13:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-25 21:57 . 2008-03-25 21:57 <REP> d----c--- C:\kav
      2008-03-25 21:55 . 2008-03-25 21:55 269,334 --a------ C:\WINDOWS\system32\relkr.bmp
      2008-03-25 21:47 . 2008-03-25 21:58 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
      2008-03-25 21:44 . 2008-03-25 21:44 269,334 --a------ C:\WINDOWS\system32\netcn.bmp
      2008-03-25 21:31 . 2004-08-20 00:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll
      2008-03-25 21:29 . 2008-03-25 21:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp
      2008-03-25 21:02 . 2008-03-25 21:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp
      2008-03-25 21:01 . 2008-03-25 21:02 2 --a--c--- C:\953211791
      2008-03-25 17:52 . 2008-03-25 17:52 <REP> d----c--- C:\SAV32CLI
      2008-03-25 01:19 . 2008-03-25 23:37 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-03-25 01:19 . 2008-03-25 01:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
      2008-03-24 18:20 . 2008-03-24 18:20 <REP> d-------- C:\Program Files\ma-config.com
      2008-03-24 18:20 . 2008-03-24 18:23 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
      2008-03-20 16:36 . 2008-03-24 15:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
      2008-03-20 16:34 . 2008-03-24 15:23 <REP> d-------- C:\Program Files\BitTorrent
      2008-03-14 11:27 . 2008-03-14 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-27 18:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-27 17:08 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
      2008-03-27 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free
      2008-03-25 22:36 --------- d-----w C:\Program Files\Google
      2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-03-22 21:19 --------- d-----w C:\Program Files\eMule
      2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live
      2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
      2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek
      2008-02-09 17:50 --------- d-----w C:\Program Files\eBay
      2008-02-07 09:27 --------- d-----w C:\Program Files\TuneUp Utilities 2004
      2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe
      .
      [color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
      578,048 2005-03-02 18:20:32 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
      579,072 2007-03-08 15:50:30 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
      561,152 2003-09-25 16:57:50 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
      561,152 2002-08-29 18:45:06 C:\WINDOWS\$NtServicePackUninstall$\user32.dll.000
      561,152 2002-08-29 18:45:06 C:\WINDOWS\$NtUninstallQ328310$\user32.dll
      562,176 2001-08-28 12:00:00 C:\WINDOWS\$NtUninstallQ328310_RTM$\user32.dll
      561,152 2003-09-25 16:57:50 C:\WINDOWS\$xpsp1hfm$\KB824141\user32.dll
      529,920 2002-11-22 10:29:40 C:\WINDOWS\$xpsp1hfm$\Q328310\user32.dll
      266,993 2001-08-28 19:00:00 C:\WINDOWS\I386\USER32.DL_
      578,048 2004-08-19 23:09:46 C:\WINDOWS\ServicePackFiles\i386\user32.dll
      578,560 2007-03-08 15:37:50 C:\WINDOWS\system32\user32.dll
      578,560 2007-03-08 15:37:50 C:\WINDOWS\system32\dllcache\user32.dll


      ((((((((((((((((((((((((((((( snapshot@2008-03-27_10.05.53,67 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-03-26 14:38:48 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-03-27 17:10:37 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-03-26 14:38:48 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-03-27 17:10:37 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-03-26 14:38:48 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-03-27 17:10:37 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-03-26 14:38:48 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-03-27 17:10:37 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
      "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-30 21:49 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 19:54 155648]
      "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-25 23:40 1816208]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
      "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]
      "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Suite"="regedit -s c:\windows\temp\adj_hp.reg" [ ]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
      avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]
      opnkhfd.dll

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess
      "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "hpsysdrv"=c:\windows\system\hpsysdrv.exe
      "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
      "New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
      "nwiz"=nwiz.exe /install
      "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
      "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
      "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
      "DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
      "My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
      "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
      "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
      "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Soulseek\\slsk.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
      "C:\\Program Files\\eMule\\eMule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\system32\\rundll32.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

      R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
      R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
      R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
      R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-27 18:01]
      R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-27 18:01]
      R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
      S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS\twain_32\jwlbqzpi.dll []
      S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 17:17]
      S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 17:16]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      *Newly Created Service* - CATCHME
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-27 20:24:16
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
      "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
      .
      Temps d'accomplissement: 2008-03-27 20:30:20
      ComboFix-quarantined-files.txt 2008-03-27 19:30:07
      .
      2008-03-12 13:45:30 --- E O F ---



      ogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:34:26, on 27/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Tall Emu\Online Armor\oaui.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
      C:\WINDOWS\system32\CF9048.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
      O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    recommence car ca n´a pas marché,

    fais bien comme indiqué :

    Copie le texte ci-dessous :

    File::
    c:\windows\temp\adj_hp.reg
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\jfiehayd.dll
    C:\WINDOWS\twain_32\jwlbqzpi.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Suite"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­­]
    "{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]

    Driver::
    jwlbqzpi

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. jon dal Messages postés 9 Statut Membre
       
      bonjour,

      voici les rapports

      ComboFix 08-03-25.4 - Propriétaire 2008-03-28 10:57:38.3 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.158 [GMT 1:00]
      Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript..txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-27 19:38 . 2008-03-27 19:38 <REP> d-------- C:\Program Files\Tall Emu
      2008-03-27 19:38 . 2008-03-28 10:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\OnlineArmor
      2008-03-27 19:38 . 2008-03-27 19:38 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\OnlineArmor
      2008-03-27 19:38 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
      2008-03-27 19:38 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
      2008-03-27 19:38 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
      2008-03-27 18:08 . 2008-03-27 18:01 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
      2008-03-27 18:08 . 2008-03-27 18:01 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
      2008-03-27 17:48 . 2008-03-27 18:22 <REP> d-------- C:\WINDOWS\system32\PAV
      2008-03-27 17:48 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
      2008-03-27 17:48 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
      2008-03-27 17:48 . 2008-03-27 17:48 248 --a------ C:\WINDOWS\system32\PavCPL.dat
      2008-03-27 17:47 . 2008-03-27 17:47 <REP> d-------- C:\Program Files\Panda Security
      2008-03-27 17:47 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
      2008-03-27 01:50 . 2008-03-27 01:50 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-03-27 01:45 . 2008-03-27 01:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-27 01:34 . 2008-03-27 01:34 <REP> d-------- C:\Program Files\Trend Micro
      2008-03-27 00:34 . 2008-03-27 00:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp
      2008-03-27 00:30 . 2008-03-27 00:30 <REP> d-------- C:\Program Files\Lavasoft
      2008-03-27 00:30 . 2008-03-27 00:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-03-27 00:12 . 2008-03-27 00:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp
      2008-03-26 23:39 . 2008-03-26 23:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp
      2008-03-26 15:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-26 15:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-26 15:48 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-26 15:48 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-26 15:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-26 15:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-26 15:48 . 2008-03-26 23:55 2,212 --a------ C:\WINDOWS\system32\tmp.reg
      2008-03-26 15:34 . 2008-03-26 15:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp
      2008-03-26 14:48 . 2008-03-26 14:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp
      2008-03-26 13:31 . 2008-03-26 13:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp
      2008-03-26 12:54 . 2008-03-26 12:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp
      2008-03-26 11:48 . 2008-03-26 11:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp
      2008-03-26 11:44 . 2008-03-26 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
      2008-03-26 11:31 . 2008-03-26 11:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\sentinel
      2008-03-26 10:37 . 2008-03-26 10:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp
      2008-03-25 23:40 . 2008-03-25 23:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp
      2008-03-25 23:11 . 2008-03-25 23:11 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-03-25 22:57 . 2008-03-25 22:57 269,334 --a------ C:\WINDOWS\system32\nipsnmdgr.bmp
      2008-03-25 22:50 . 2008-03-25 22:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp
      2008-03-25 22:49 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-03-25 22:49 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-03-25 22:49 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-03-25 22:49 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-03-25 22:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-03-25 22:46 . 2008-03-25 22:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp
      2008-03-25 22:34 . 2008-03-25 22:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp
      2008-03-25 22:30 . 2008-03-26 13:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-25 21:57 . 2008-03-25 21:57 <REP> d----c--- C:\kav
      2008-03-25 21:55 . 2008-03-25 21:55 269,334 --a------ C:\WINDOWS\system32\relkr.bmp
      2008-03-25 21:47 . 2008-03-25 21:58 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
      2008-03-25 21:44 . 2008-03-25 21:44 269,334 --a------ C:\WINDOWS\system32\netcn.bmp
      2008-03-25 21:31 . 2004-08-20 00:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll
      2008-03-25 21:29 . 2008-03-25 21:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp
      2008-03-25 21:02 . 2008-03-25 21:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp
      2008-03-25 21:01 . 2008-03-25 21:02 2 --a--c--- C:\953211791
      2008-03-25 17:52 . 2008-03-25 17:52 <REP> d----c--- C:\SAV32CLI
      2008-03-25 01:19 . 2008-03-25 23:37 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-03-25 01:19 . 2008-03-25 01:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
      2008-03-24 18:20 . 2008-03-24 18:20 <REP> d-------- C:\Program Files\ma-config.com
      2008-03-24 18:20 . 2008-03-24 18:23 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
      2008-03-20 16:36 . 2008-03-24 15:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
      2008-03-20 16:34 . 2008-03-24 15:23 <REP> d-------- C:\Program Files\BitTorrent
      2008-03-14 11:27 . 2008-03-14 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-28 09:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-27 17:08 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
      2008-03-27 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger
      2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free
      2008-03-25 22:36 --------- d-----w C:\Program Files\Google
      2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
      2008-03-22 21:19 --------- d-----w C:\Program Files\eMule
      2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live
      2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
      2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek
      2008-02-09 17:50 --------- d-----w C:\Program Files\eBay
      2008-02-07 09:27 --------- d-----w C:\Program Files\TuneUp Utilities 2004
      2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
      2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-03-27_10.05.53,67 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-03-26 14:38:48 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-03-27 17:10:37 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-03-26 14:38:48 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
      + 2008-03-27 17:10:37 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
      - 2008-03-26 14:38:48 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-03-27 17:10:37 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
      - 2008-03-26 14:38:48 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
      + 2008-03-27 17:10:37 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
      "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
      "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-30 21:49 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 19:54 155648]
      "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-25 23:40 1816208]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
      "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]
      "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Suite"="regedit -s c:\windows\temp\adj_hp.reg" [ ]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
      avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]
      opnkhfd.dll

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess
      "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "hpsysdrv"=c:\windows\system\hpsysdrv.exe
      "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
      "New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
      "nwiz"=nwiz.exe /install
      "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
      "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
      "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
      "DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
      "My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
      "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
      "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
      "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Soulseek\\slsk.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
      "C:\\Program Files\\eMule\\eMule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\system32\\rundll32.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
      "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

      R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
      R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
      R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
      R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-27 18:01]
      R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-27 18:01]
      R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
      S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS\twain_32\jwlbqzpi.dll []
      S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 17:17]
      S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 17:16]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-28 11:08:07
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
      "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
      .
      Temps d'accomplissement: 2008-03-28 11:11:34
      ComboFix-quarantined-files.txt 2008-03-28 10:11:25
      .
      2008-03-12 13:45:30 --- E O F ---


      et le rapport hijack



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:23:43, on 28/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Tall Emu\Online Armor\oaui.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
      O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
      0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    Jon dal,

    ca n´a toujours pas marché ?!

    tu es sur de bien faire la manip ?

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jon dal Messages postés 9 Statut Membre
     
    Bonjour,

    desole de ne pas etre revenu plus vite vers vous
    je vous poste les rapports

    ComboFix 08-03-25.4 - Propriétaire 2008-04-01 16:47:50.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.285 [GMT 2:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-27 20:38 . 2008-03-27 20:38 <REP> d-------- C:\Program Files\Tall Emu
    2008-03-27 20:38 . 2008-03-28 11:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\OnlineArmor
    2008-03-27 20:38 . 2008-03-27 20:38 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\OnlineArmor
    2008-03-27 20:38 . 2007-11-08 07:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
    2008-03-27 20:38 . 2007-09-29 01:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
    2008-03-27 20:38 . 2007-09-29 01:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
    2008-03-27 02:50 . 2008-03-27 02:50 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-27 02:45 . 2008-03-27 02:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-27 02:34 . 2008-03-27 02:34 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-27 01:34 . 2008-03-27 01:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp
    2008-03-27 01:30 . 2008-03-27 01:30 <REP> d-------- C:\Program Files\Lavasoft
    2008-03-27 01:30 . 2008-03-27 01:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-27 01:12 . 2008-03-27 01:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp
    2008-03-27 00:39 . 2008-03-27 00:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp
    2008-03-26 16:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-03-26 16:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-03-26 16:48 . 2008-03-02 00:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-03-26 16:48 . 2008-03-01 00:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-03-26 16:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-03-26 16:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-03-26 16:48 . 2008-03-27 00:55 2,212 --a------ C:\WINDOWS\system32\tmp.reg
    2008-03-26 16:34 . 2008-03-26 16:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp
    2008-03-26 15:48 . 2008-03-26 15:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp
    2008-03-26 14:31 . 2008-03-26 14:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp
    2008-03-26 13:54 . 2008-03-26 13:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp
    2008-03-26 12:48 . 2008-03-26 12:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp
    2008-03-26 12:44 . 2008-03-26 12:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
    2008-03-26 12:31 . 2008-03-26 12:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\sentinel
    2008-03-26 11:37 . 2008-03-26 11:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp
    2008-03-26 00:40 . 2008-03-26 00:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp
    2008-03-26 00:11 . 2008-03-26 00:11 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-03-25 23:57 . 2008-03-25 23:57 269,334 --a------ C:\WINDOWS\system32\nipsnmdgr.bmp
    2008-03-25 23:50 . 2008-03-25 23:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp
    2008-03-25 23:48 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-03-25 23:46 . 2008-03-25 23:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp
    2008-03-25 23:34 . 2008-03-25 23:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp
    2008-03-25 23:30 . 2008-03-26 14:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-25 22:57 . 2008-03-25 22:57 <REP> d----c--- C:\kav
    2008-03-25 22:55 . 2008-03-25 22:55 269,334 --a------ C:\WINDOWS\system32\relkr.bmp
    2008-03-25 22:44 . 2008-03-25 22:44 269,334 --a------ C:\WINDOWS\system32\netcn.bmp
    2008-03-25 22:31 . 2004-08-20 01:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll
    2008-03-25 22:29 . 2008-03-25 22:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp
    2008-03-25 22:02 . 2008-03-25 22:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp
    2008-03-25 22:01 . 2008-03-25 22:02 2 --a--c--- C:\953211791
    2008-03-25 18:52 . 2008-03-25 18:52 <REP> d----c--- C:\SAV32CLI
    2008-03-25 02:19 . 2008-03-25 02:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
    2008-03-24 19:20 . 2008-03-24 19:20 <REP> d-------- C:\Program Files\ma-config.com
    2008-03-24 19:20 . 2008-03-24 19:23 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
    2008-03-20 17:36 . 2008-03-24 16:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
    2008-03-20 17:34 . 2008-03-24 16:23 <REP> d-------- C:\Program Files\BitTorrent
    2008-03-14 12:27 . 2008-03-14 12:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-28 14:59 --------- d-----w C:\Program Files\eMule
    2008-03-28 11:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-28 11:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-28 11:42 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
    2008-03-28 11:19 --------- d-----w C:\Program Files\TuneUp Utilities 2004
    2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free
    2008-03-25 22:36 --------- d-----w C:\Program Files\Google
    2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live
    2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
    2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek
    2008-02-09 17:50 --------- d-----w C:\Program Files\eBay
    2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-27_10.05.53,67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
    + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
    - 2004-09-23 10:27:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-03-29 22:46:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2004-09-23 10:27:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-03-29 22:46:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2004-09-23 10:27:23 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-29 22:46:57 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-26 14:38:48 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-30 12:23:20 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-26 14:38:48 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-03-30 12:23:20 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-26 14:38:48 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-30 12:23:20 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-26 14:38:48 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-03-30 12:23:20 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:31 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 06:39 59392]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-30 22:49 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 20:54 155648]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-26 00:40 1816208]
    "OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 08:51 5029952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Suite"="regedit -s c:\windows\temp\adj_hp.reg" [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 08:50 633344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]
    opnkhfd.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe
    "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
    "New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    "nwiz"=nwiz.exe /install
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
    "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
    "My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
    "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Soulseek\\slsk.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
    "C:\\Program Files\\eMule\\eMule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\kav\\kav7.0\\english\\setup.exe"=

    R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 01:06]
    R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 07:37]
    R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 01:06]
    R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 08:51]
    S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS\twain_32\jwlbqzpi.dll []
    S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 18:17]
    S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 18:16]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 16:55:07
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
    .
    Temps d'accomplissement: 2008-04-01 16:57:28
    ComboFix-quarantined-files.txt 2008-04-01 14:57:21
    .
    2008-03-12 13:45:30 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:04:20, on 01/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
    O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut jon dal,

    tu n´as pas d´anti virus ?

    instale antivir :

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    puis :

    * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    et autoruns :

    https://www.clubic.com/telecharger-fiche15501-microsoft-autoruns.html que tu dezip dans un dossier

    n´y touche pas

    redemarre en mode sans echec:

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
    une fois en mode sans echec.

    Fix.reg

    Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Suite"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler­­­]
    "{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
    Puis click sur "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    ca doit ressembler a ca une fois enrregistré :

    http://img520.imageshack.us/img520/4251/screenshot005ps2.png

    quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\jfiehayd.dll
    C:\WINDOWS\twain_32\jwlbqzpi.dll

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

    ouvre le programme autoruns en clickant sur autoruns.exe dans le dossier que tu avais crée, puis dans la fenetre du programme appuie sur l´onglet services.

    navigue jusqu´a : jwlbqzpi

    click droit dessus et delete

    Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

    si tu ne comprends pas quelque chose demande moi avant de debuter...

    @+
    0
  8. jon dal Messages postés 9 Statut Membre
     
    Bonsoir,
    voci les rapports
    j'ai pas pu effacer " jwlbqzpi " car il n 'etait pas dans l 'onglet services comme tu me l'avais indiqué

    ouvre le programme autoruns en clickant sur autoruns.exe dans le dossier que tu avais crée, puis dans la fenetre du programme appuie sur l´onglet services.

    navigue jusqu´a : "

    click droit dessus et delete "

    [Custom Input]
    < C:\WINDOWS\system32\tmp.reg >
    C:\WINDOWS\system32\tmp.reg moved successfully.
    < C:\WINDOWS\system32\jfiehayd.dll >
    File/Folder C:\WINDOWS\system32\jfiehayd.dll not found.
    < C:\WINDOWS\twain_32\jwlbqzpi.dll >
    File/Folder C:\WINDOWS\twain_32\jwlbqzpi.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04072008_194239

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:58:49, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    passe ceci maintenant :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    0
  10. jon dal Messages postés 9 Statut Membre
     
    bonsoir,

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 598

    Type de recherche: Examen complet (A:\|C:\|D:\|)
    Eléments examinés: 107995
    Temps écoulé: 1 hour(s), 0 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 15
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 20

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\IQSoftware (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\system32\fccaxxx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\iesearch.dll.vir (Spyware.Banker) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\baloned.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cfetofqdgj.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\etcrahcfidgr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fadonapgrap.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fihgjmd.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fmhcratsjahgr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fqdofmd.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fqlkjipsr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gfqhorilsfel.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\idcjetgjal.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ilsfit.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lkfadsfeh.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lsnmdgbip.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netcn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nipsnmdgr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\orqtojahcfilgn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pcjelgrmt.bmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\relkr.bmp (Malware.Trace) -> Quarantined and deleted successfully.

    a plus
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    jon ddal.

    ok cool

    fais ceci maintenant :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    ps . fais le scan en mode sans echec :

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    -> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

    @+
    0
  12. jon dal Messages postés 9 Statut Membre
     
    Bonsoir,

    AntiVir PersonalEdition Classic
    Report file date: mercredi 9 avril 2008 19:03

    Scanning for 1188179 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Propriétaire
    Computer name: NOM-BMU9LZ61VCE

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 18:17:59
    ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 2008-04-07 18:09:21
    ANTIVIR3.VDF : 7.0.3.135 57344 Bytes 2008-04-08 21:29:24
    AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 2008-04-05 12:57:54
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-04-02 18:18:01
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: mercredi 9 avril 2008 19:03

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '23' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>

    End of the scan: mercredi 9 avril 2008 20:53
    Used time: 1:49:51 min

    The scan has been done completely.

    5031 Scanning directories
    275430 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    275430 Files not concerned
    17960 Archives were scanned
    1 Warnings
    35 Notes
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok jon

    comment va le pc maintenant ?

    @+
    0
    1. jon dal
       
      Bonsoir g!rly,


      le pc marche tres bien, il est juste un peu lent au demarrage mais sinon tout va bien
      merci beaucoup
      0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    post un nouveau rapport hijack this je vais retirer le superflu du demarrage

    @+
    0
    1. jon dal Messages postés 9 Statut Membre
       
      Bonsoir g!rly,

      voici le rapport hijack

      ogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:56:31, on 10/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Tall Emu\Online Armor\oaui.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\System32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
      0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    j´arrete
    merci de trouver un autre helper
    0
  16. vinven
     
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\drivers\hldrrr.exe
    C:\Windows\system32\drivers\mdelk.exe
    C:\Windows\system32\drivers\srosa.sys
    C:\Windows\system32\mdelk.exe
    C:\Windows\system32\wintems.exe
    .
    ---- Previous Run -------
    .
    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\uninstall.exe
    C:\Windows\system32\ban_list.txt
    C:\Windows\system32\drivers\downld
    C:\Windows\system32\drivers\downld\100620.exe
    C:\Windows\system32\drivers\downld\136641.exe
    C:\Windows\system32\drivers\downld\15184357.exe
    C:\Windows\system32\drivers\downld\153785.exe
    C:\Windows\system32\drivers\downld\15482490.exe
    C:\Windows\system32\drivers\downld\15625512.exe
    C:\Windows\system32\drivers\downld\15706757.exe
    C:\Windows\system32\drivers\downld\15764228.exe
    C:\Windows\system32\drivers\downld\176608.exe
    C:\Windows\system32\drivers\downld\242597.exe
    C:\Windows\system32\drivers\downld\305574.exe
    C:\Windows\system32\drivers\downld\30761603.exe
    C:\Windows\system32\drivers\downld\30766501.exe
    C:\Windows\system32\drivers\downld\30769293.exe
    C:\Windows\system32\drivers\downld\309427.exe
    C:\Windows\system32\drivers\downld\324154.exe
    C:\Windows\system32\drivers\downld\333015.exe
    C:\Windows\system32\drivers\downld\334575.exe
    C:\Windows\system32\drivers\downld\342016.exe
    C:\Windows\system32\drivers\downld\342578.exe
    C:\Windows\system32\drivers\downld\349691.exe
    C:\Windows\system32\drivers\downld\362827.exe
    C:\Windows\system32\drivers\downld\556377.exe
    C:\Windows\system32\drivers\downld\571712.exe
    C:\Windows\system32\drivers\downld\581493.exe
    C:\Windows\system32\drivers\downld\587624.exe
    C:\Windows\system32\drivers\downld\59311.exe
    C:\Windows\system32\drivers\downld\67049.exe
    C:\Windows\system32\drivers\downld\68765.exe
    C:\Windows\system32\drivers\downld\69685.exe
    C:\Windows\system32\drivers\downld\83632.exe
    C:\Windows\system32\drivers\downld\94255.exe
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA
    -------\Service_PortProxy

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-13 17:11 . 2008-04-13 21:59 477 --a------ C:\ifexist.sed
    2008-04-13 16:47 . 2008-04-13 16:47 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-13 16:38 . 2008-04-13 16:38 <REP> d-------- C:\killbagle
    2008-04-13 16:08 . 2008-04-13 16:08 <REP> d-------- C:\Program Files\Sophos
    2008-04-13 15:33 . 2008-04-13 15:35 <REP> d-------- C:\Users\Ventura\AppData\Roaming\LimeWire
    2008-04-13 15:32 . 2008-04-13 15:32 <REP> d-------- C:\Users\Ventura\Program Files
    2008-04-13 15:32 . 2008-04-13 15:33 <REP> d-------- C:\Users\Ventura\AppData\Roaming\uTorrent
    2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Users\Ventura\AppData\Roaming\Teleca
    2008-04-13 14:50 . 2008-04-13 14:50 <REP> d-------- C:\Users\Ventura\AppData\Roaming\Sony Ericsson
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> d---s---- C:\Users\Ventura\Videos
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> d---s---- C:\Users\Ventura\Searches
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> dr------- C:\Users\Ventura\Saved Games
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> d---s---- C:\Users\Ventura\Pictures
    2008-04-13 14:49 . 2008-04-13 15:06 <REP> d---s---- C:\Users\Ventura\Music
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> d---s---- C:\Users\Ventura\Links
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> dr------- C:\Users\Ventura\Downloads
    2008-04-13 14:49 . 2008-04-13 15:06 <REP> dr------- C:\Users\Ventura\Documents
    2008-04-13 14:49 . 2008-04-13 15:45 <REP> dr------- C:\Users\Ventura\Contacts
    2008-04-13 14:49 . 2006-11-02 14:37 <REP> d-------- C:\Users\Ventura\AppData\Roaming\Media Center Programs
    2008-04-13 14:49 . 2008-04-13 14:49 <REP> d--h----- C:\Users\Ventura\AppData
    2008-04-12 11:31 . 2008-04-12 11:31 <REP> d-------- C:\Program Files\THQ
    2008-04-09 16:38 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
    2008-04-09 16:38 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
    2008-04-09 16:04 . 2008-04-13 16:35 41 --a------ C:\Windows\Filzip.ini
    2008-04-09 16:01 . 2008-04-09 16:01 237,534,280 --a------ C:\Windows\MEMORY.DMP
    2008-04-09 13:31 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
    2008-04-09 13:31 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
    2008-04-09 13:31 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
    2008-04-09 13:31 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
    2008-04-09 13:31 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
    2008-04-09 13:31 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
    2008-04-09 13:31 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
    2008-04-09 13:31 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
    2008-04-09 13:31 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
    2008-04-09 13:31 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
    2008-04-09 12:29 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-04-09 12:29 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-04-09 11:10 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
    2008-04-09 09:06 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
    2008-03-29 22:05 . 2008-03-29 22:09 <REP> d-------- C:\Program Files\ElcomSoft
    2008-03-29 22:05 . 2008-03-29 22:09 1,100 --a------ C:\Windows\ARPR.INI
    2008-03-26 08:25 . 2008-03-26 08:25 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-03-20 21:13 . 2006-11-29 14:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
    2008-03-20 21:13 . 2006-09-28 17:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
    2008-03-20 21:13 . 2006-11-29 14:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
    2008-03-20 21:13 . 2006-12-08 13:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll
    2008-03-20 21:13 . 2006-09-28 17:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
    2008-03-20 21:11 . 2008-03-20 21:11 319 --a------ C:\Windows\game.ini
    2008-03-20 18:47 . 2008-03-20 18:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-03-19 16:27 . 2008-03-19 16:27 172 --ah----- C:\sqmnoopt03.sqm
    2008-03-19 16:27 . 2008-03-19 16:27 172 --ah----- C:\sqmdata03.sqm
    2008-03-19 16:02 . 2008-03-19 18:11 <REP> d-------- C:\PerfLogs
    2008-03-19 15:34 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
    2008-03-19 15:34 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
    2008-03-19 15:32 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-03-19 15:31 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-03-19 15:30 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-03-19 15:29 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-03-19 15:28 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-03-19 15:28 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-03-19 15:28 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-03-19 15:28 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-03-19 15:28 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-03-19 15:27 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-03-19 15:27 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-03-19 15:27 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-03-19 15:27 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-03-18 09:20 . 2008-03-18 09:20 <REP> d-------- C:\Program Files\Windows Live Favorites
    2008-03-18 09:19 . 2008-03-18 09:19 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-03-13 16:58 . 2008-03-20 21:29 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-03-13 16:58 . 2008-03-20 21:51 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-03-13 16:57 . 2008-03-20 21:51 103,736 --a------ C:\Windows\System32\PnkBstrB.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 14:15 --------- d-----w C:\Program Files\Windows Mail
    2008-04-10 05:32 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-09 14:11 --------- d-----w C:\ProgramData\eMule
    2008-04-08 17:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-02 15:03 --------- d-----w C:\Program Files\RocketDock
    2008-03-30 15:14 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
    2008-03-20 18:29 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-03-19 14:34 --------- d-----w C:\ProgramData\Kiwee Toolbar2
    2008-03-19 14:11 174 --sha-w C:\Program Files\desktop.ini
    2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Journal
    2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Defender
    2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Collaboration
    2008-03-19 14:03 --------- d-----w C:\Program Files\Windows Calendar
    2008-03-17 19:22 --------- d-----w C:\Program Files\uTorrent
    2008-03-09 13:11 --------- d-----w C:\Program Files\Marvell
    2008-03-09 12:58 --------- d-----w C:\Program Files\ma-config.com
    2008-03-08 10:58 --------- d-----w C:\Program Files\KONAMI
    2008-03-04 21:37 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-03 09:31 --------- d-----w C:\Program Files\Kiwee Toolbar2
    2008-02-28 16:57 --------- d-----w C:\Program Files\LimeWire
    2008-02-27 13:49 --------- d-----w C:\Program Files\eRightSoft
    2008-02-26 18:45 --------- d-----w C:\Program Files\MagicISO
    2008-02-26 14:00 --------- d-----w C:\Program Files\BitTorrent_DNA
    2008-02-24 18:02 --------- d-----w C:\Program Files\FlashGet
    2008-02-23 20:37 --------- d-----w C:\Program Files\Game Graphic Studio
    2008-02-21 14:38 --------- d-----w C:\Program Files\UHARC for Windows
    2008-02-20 14:28 --------- d-----w C:\Program Files\Crocodile Clips
    2008-02-17 15:37 --------- d-----w C:\ProgramData\Lavasoft
    2008-02-17 15:36 --------- d-----w C:\Program Files\Lavasoft
    2008-02-17 15:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-17 09:26 --------- d-----w C:\Program Files\Google
    2008-02-17 09:06 --------- d-----w C:\Program Files\Alwil Software
    2008-02-17 09:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-17 09:02 --------- d-----w C:\ProgramData\Symantec
    2008-02-17 09:02 --------- d-----w C:\Program Files\Symantec
    2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe
    2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe
    2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
    2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
    2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe
    2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-19 07:33 151,040 ----a-w C:\Windows\notepad.exe
    2008-01-19 07:33 134,656 ----a-w C:\Windows\regedit.exe
    2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
    2008-02-18 15:01 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll" [2008-02-18 15:01 248976]

    [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
    [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
    [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.3.118\KiweeIEToolbar.dll [2008-02-18 15:01 248976]

    [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
    [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
    [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 08:22 68856]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
    "Acer Tour Reminder"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
    "Acer Tour"="" []
    "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
    "snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 21:54 339968]
    "NeroCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "WiFiCtrl"="C:\Program Files\Hercules\Hercules WiFi Controller Software\WiFiCtrl.exe" [ ]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-04-13 15:57 79224]
    "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
    PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Users^alfred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    path=C:\Users\alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
    backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]
    --a------ 2008-02-18 15:01 48264 C:\Program Files\Kiwee Toolbar2\1.3.118\kwtbaim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1019308718-3554108289-4126605990-1000]
    "EnableNotificationsRef"=dword:00000008

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
    "{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
    "{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
    "{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
    "{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
    "{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
    "{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
    "{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
    "{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
    "{34DEA44F-1671-47DB-9D98-E163EE1CEDE2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{B388BF0C-B616-4C6D-8B90-950FBE5B8219}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{71B2647E-3AFA-4CF8-94E4-621BA5BFF632}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CD4F2AAC-1366-4FCE-89C9-BB6CE88D39CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{22938D5C-E7D1-4B22-A91B-BF67493523D8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F5E3238A-8D27-40DA-B239-05FC6B4198AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4B5D5F08-186C-4DF5-A223-BE3D842F9513}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A111EDE7-3803-4A46-9C3C-A6D3D433D7D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0CB24CB6-4CAC-4DEE-804A-24B7589BBB55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7AD475C6-DF11-46A6-8868-2B49B08B2546}"= UDP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008
    "{731ED7EF-B18D-493F-803E-77F2B3143064}"= TCP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008
    "{E078BD84-4130-4177-8C27-2AAB2CA16A8A}"= UDP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008
    "{AAEB1413-4DB8-4804-B535-B3F2DB9F99FB}"= TCP:C:\Users\alfred\Desktop\PES2008.exe:Pro Evolution Soccer 2008
    "{828E3802-3CA4-4C0C-91C0-B1CCE3CC1D1D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{F36D03A9-2469-47BC-9A2A-812F7C53DC36}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{90D88BD8-E1C4-4F1D-ACF3-B91AB7E2F753}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{8AD3BC4E-EC8C-4B06-A7C7-06DE963A2E17}"= UDP:D:\vincent\pes 2008\Peke23c_P.E.S.08.Crack_wWw.ProgramasFull.net\ViTALiTY\PES2008.exe:Pro Evolution Soccer 2008
    "{B36E91B5-DFC7-450C-8AC0-CCE4DA008414}"= TCP:D:\vincent\pes 2008\Peke23c_P.E.S.08.Crack_wWw.ProgramasFull.net\ViTALiTY\PES2008.exe:Pro Evolution Soccer 2008
    "{F0B7345A-0982-4636-A169-951882FBAF8A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{100A0459-4F9C-4538-ACE7-540CDA170ECD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{97551B4B-DF22-49CD-B3A3-94EE7687DB02}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{9F219804-DF52-4744-969E-F42708426B4B}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{0D33E4FC-3E48-4811-BABD-87450D7E8D45}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{30C7726B-F848-4611-8725-0560AA0AE401}C:\\counter-strike source lan edition\\hl2.exe"= UDP:C:\counter-strike source lan edition\hl2.exe:hl2
    "UDP Query User{ED062AAE-62B4-4C54-9BFA-5B123673ED5D}C:\\counter-strike source lan edition\\hl2.exe"= TCP:C:\counter-strike source lan edition\hl2.exe:hl2
    "{2C319B75-A5E0-465E-8A9C-B6C26BBA2B6D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5B80D8FB-055C-4C9D-96BC-4A03CFF02819}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5A9643CD-E359-402D-825D-744E1751779C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{B824B5A6-F050-4171-8856-0AC94AC3840F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5CA0B963-C474-4124-B699-792594B45091}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E3A5DE18-E878-40C1-BFEF-0CCDB0AAC9AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{22EFDE0F-C5DD-4523-AA9C-F4FAB93FF289}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{95AD7A1E-5134-4B16-983E-F0393DE9A669}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{073E9944-4FFA-49CF-817F-1D9263C2436B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A26934FD-F4CF-4EEA-9796-5F7154520425}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{32B240DF-1DB1-422D-9283-117563130C9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{049BE66D-47DC-4DAB-A99F-5455E0800828}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1555FA49-0F86-4B06-AEAD-CFECC693D896}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{6329B82F-32DE-417A-8C91-474813066369}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{63074F18-5EEA-498C-9712-14D6E46B6694}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{86A1C35E-676D-452B-A0A9-F0AEEA3CC9FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{33613252-FFA9-44FA-A6DA-740A0351DA6C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{FD7FBC44-140F-44F1-8414-3D11CAEE77CB}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
    "UDP Query User{13FAE621-A2FB-42B8-9E28-CF2B1B9017E7}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
    "{9527423C-0E15-46D1-B437-650886CA7A70}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{79C73949-F943-44C5-B318-79DE643DF923}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{3C365E50-2339-4E72-9012-61A4341870E5}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{4810D81A-D38D-4F57-B19D-17F8C293B1A1}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{D4CB415D-C15A-4717-95EE-9586F2D77F59}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{BB8B51D4-DE41-4555-826F-8B158C8A423B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
    "UDP Query User{C3926E94-B59E-42A8-9BBE-F36708A6C328}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent
    "TCP Query User{DFA027FD-CA0B-4458-B1A8-0E1783A18EE8}C:\\users\\alfred\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\alfred\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{5656A35A-196E-4CAD-B2AA-50C21A499F8D}C:\\users\\alfred\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\alfred\program files\bittorrent_dna\dna.exe:dna.exe
    "{426A59B9-55E4-48DB-BFB3-08F9ABC02FCE}"= UDP:15050:utorrent
    "TCP Query User{75496B8E-9C64-46E6-9978-96100C9E997E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{7D081DCB-F6BB-4FA5-BADF-42BE449747C0}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{F6EBFD5B-4B41-42F6-86F2-D448BB810A61}"= UDP:16106:emule
    "{0787D5D7-2460-46C4-BBE8-4B97D1A8F16E}"= TCP:4357:emule
    "TCP Query User{A2671E39-C4E4-43EC-8B48-178CCE7A6136}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{43BB0F10-E5E8-42E6-8294-C5D56D45B1F1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{5FFA819E-F04D-462D-B28F-A2EDBF2AFB61}C:\\users\\invité\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\invité\program files\utorrent\utorrent.exe:utorrent.exe
    "UDP Query User{FFBF34C3-191E-4D59-8FD4-B0C0875CF102}C:\\users\\invité\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\invité\program files\utorrent\utorrent.exe:utorrent.exe
    "{5CDB81B5-01C1-441A-9DF6-8C9021FC7E27}"= TCP:15050:utorrent
    "{E8B560E3-2FDF-49AD-AC6D-6D6286659301}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F04E7E3F-4DEC-4375-A34B-6D271460FDAC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{8CB59DA6-CCE2-489B-845B-DBA2A04FFC5A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C4BDA9B2-0088-4DCA-BC38-27E4441DE83F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{2EBBE08A-0E83-4E94-AC6E-2B346179C29E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{82F19D9F-E5D5-4797-8F67-DE9C69968AEA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{BC9CDBD4-2D4B-4E04-AA6A-31DF164AEC10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4161B8C5-EAAB-40DB-AE96-F7F506E7872D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{70F85029-992D-4044-9BF5-AA274C04394B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{546A9E5F-EC22-4015-8A54-E63CB2BBFEBB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{BB908967-41D3-44EC-9223-237579AB4E55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5C6CDECF-A085-4EC2-BD6C-94AF93FF273C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{3A19AEAB-DE26-49E5-BCEC-8BCC2718A90C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7D0DD0E9-8719-464E-AF71-ABCB40A90F48}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{03C63FE5-45A1-475A-96FA-58D83BBD0C7A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DA45F0CD-3E7C-416A-8588-8DFAF7A673DA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{11FA8E22-81F8-4CCA-A135-99822D9768B8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DFFC373D-CC5B-4E7F-87C2-2CB84A52E5C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{907B50E1-72CA-4152-A89E-1BD1615DDFB2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4360E6F9-B46E-4688-B57D-C792F1602637}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{EE895A50-00E4-4B16-99D7-F39159E7D6AF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C0CC56CE-C6D1-469D-A5DB-AD506A5F9C47}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{21660381-865F-4D3F-BFA9-DC874CE76710}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{31DCEF4B-7762-4D6C-84C8-2B5E3D243623}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{853CDBCC-6C4B-4563-8793-95C7CA7CB961}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{427CA469-EA0D-47F2-B230-BC04E3C57481}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A5F25928-2BE6-4CD1-85B8-3976DB765887}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{53565DB8-0AA6-4FA7-988B-3FA8BCBD0DF8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0D38FAE0-1CAD-4BE8-8E25-C3EBD3501D09}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{DF16E1C6-0400-44D2-B5F7-3C496546FCCB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{90891730-DC6C-4389-A6EE-A69631487D3D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{CC4CC689-0ACB-4E69-8708-9DBB7D1641C9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E13F766F-D369-4B91-B060-0898DA6A2533}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{5C73015D-269F-4A39-92B2-FA073138E580}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A8A32DA7-1F23-4CD2-8D8C-C67F5AF031DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{6D5B420E-CED2-4311-87A0-26935D4C77D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{D53837A7-F95F-41DA-A32B-251DAAAD5ABC}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{B4854296-3B46-46CD-B0EE-0248273F3A1B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{16033B65-591F-46EC-B36A-0B28339B9BD1}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{55F8C772-2FB1-4115-961D-382EB1DF319C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "TCP Query User{651BBE58-8671-4161-83D7-C33E9293DB07}C:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "UDP Query User{43828BDD-0EE9-4853-9F4E-F5BE42282BF9}C:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:C:\program files\codemasters\dirt\dirt.exe:DiRT Executable
    "TCP Query User{2D130240-1B5C-422B-A097-C22626ED8AB4}C:\\program files\\techland\\xpand rally xtreme\\xrx.exe"= UDP:C:\program files\techland\xpand rally xtreme\xrx.exe:XpandRallyXtreme
    "UDP Query User{D8B54EE6-C022-41C4-8081-FB2526ACEEA1}C:\\program files\\techland\\xpand rally xtreme\\xrx.exe"= TCP:C:\program files\techland\xpand rally xtreme\xrx.exe:XpandRallyXtreme
    "{06A24364-8E91-4E79-B483-A3150E8ACB37}"= UDP:C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:FIFA 08
    "{7CA159AB-98EB-4287-AA41-BD3B24F25A1E}"= TCP:C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:FIFA 08
    "TCP Query User{84714218-85C0-4C08-AA0E-8320292C0086}C:\\program files\\thq\\motogp 2007\\motogp.exe"= UDP:C:\program files\thq\motogp 2007\motogp.exe:motogp
    "UDP Query User{5ED7F099-4019-4E6B-8164-1F9A675BADD7}C:\\program files\\thq\\motogp 2007\\motogp.exe"= TCP:C:\program files\thq\motogp 2007\motogp.exe:motogp
    "TCP Query User{343B855E-4DB1-479D-A6B7-DAE7AB3FD88E}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
    "UDP Query User{48B8EDA1-3E07-43B8-B306-26F144E89CA0}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
    "TCP Query User{AF9E47C6-0CF9-43A3-9C5C-8289C20437E5}C:\\users\\ventura\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\ventura\program files\utorrent\utorrent.exe:utorrent.exe
    "UDP Query User{8CDB3D32-5E78-41C8-AC7E-882139D66823}C:\\users\\ventura\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\ventura\program files\utorrent\utorrent.exe:utorrent.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
    R0 BsStor;InCD Storage Helper Driver;C:\Windows\system32\DRIVERS\bsstor.sys [2002-06-05 18:07]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
    R2 BsUDF;InCD UDF Driver;C:\Windows\system32\drivers\BsUDF.sys [2002-06-28 04:12]
    R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
    R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-17 16:01]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-01-18 11:53]
    S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\Windows\system32\DRIVERS\se57bus.sys [2006-11-30 16:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-13 15:18:01 C:\Windows\Tasks\User_Feed_Synchronization-{6C92311E-540D-4FDA-963B-B6A48125086D}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-04-12 18:03:23 C:\Windows\Tasks\User_Feed_Synchronization-{94213F52-C31E-47DB-BC1E-EE054390015F}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-04-13 14:49:57 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    0
  17. khalidlesfar
     
    SmitFraudFix v2.315

    Rapport fait à 15:02:03.90, Sun 04/20/2008
    Executé à partir de C:\Downloads\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\sysrxmfdksp.exe
    C:\WINDOWS\syspyukrazv.exe
    C:\WINDOWS\sysawpbkvnq.exe
    C:\WINDOWS\sysqkmwfedz.exe
    C:\WINDOWS\sysnxcphmgy.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\cmd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\config.ini PRESENT !
    C:\WINDOWS\mywallpaper.bmp PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\les far

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\les far\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://alamuae.com/gallery/data/media/29/1576312-0bc6462bd93b8f2e.jpg"
    "SubscribedURL"="http://alamuae.com/gallery/data/media/29/1576312-0bc6462bd93b8f2e.jpg"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="http://www.tahfeed.net/site/modules/xcgal/albums/userpics/10007/normal_10007022.jpg"
    "SubscribedURL"="http://www.tahfeed.net/site/modules/xcgal/albums/userpics/10007/normal_10007022.jpg"
    "FriendlyName"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
    "Source"="http://www.alamuae.com/gallery/data/media/29/1532151-0f57d0bc77f37bb5.jpg"
    "SubscribedURL"="http://www.alamuae.com/gallery/data/media/29/1532151-0f57d0bc77f37bb5.jpg"
    "FriendlyName"=""

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 212.217.0.3
    DNS Server Search Order: 196.217.246.210

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E8A3088-9813-4410-B457-14AB96BBF769}: NameServer=212.217.0.3 196.217.246.210
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E8A3088-9813-4410-B457-14AB96BBF769}: NameServer=212.217.0.3 196.217.246.210
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E8A3088-9813-4410-B457-14AB96BBF769}: NameServer=212.217.0.3 196.217.246.210

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  18. Maitchou
     
    Bonjour,
    j'ai un problème mon écran est bleu avec inscrit warning! spyware detected on your computer. que dois je faire?
    Merci d'avance

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:01:18, on 19/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\WINDOWS\System32\G-VGA.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\pascal\LOCALS~1\Temp\Rar$EX01.631\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
    O4 - HKLM\..\Run: [f098dd72] rundll32.exe "C:\WINDOWS\system32\fbometlg.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [yqkveby] c:\documents and settings\pascal\local settings\application data\yqkveby.exe yqkveby
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
    O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Pinnacle Scheduler.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut maitchou,

    Tu vas passer ces deux fix :

    Fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    puis

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Post egalement un nouveau rapport hijack this stp

    Donc ca fait trois rapports...

    @+
    0
    1. HIPPY
       
      Bonjour g!rly, moi aussi j'ai ce virus. Mais je viens de commencer l'informatique. Pourra tu m'aider par étape pour le virer. Merci d'avance.
      0
  • 1
  • 2