Sujet Précédent Sujet Suivant

Msn virus demande de l'aide

Fermé
jimbo67 - 27 mars 2008 à 21:27
 Utilisateur anonyme - 28 mars 2008 à 23:05
Bonjour, j'ai regardé dans le forum s'il é possible de se débarasser du virus d'msn "pk y a ta tof sur le site?"
j'ai pu lire qu'il faut lancé SDFix et puis ensuite faire une analyse avek Hijackthis.
on m'a indiqué aussi d'envoyer les résultats dans ce forum et que peut-ètre quelqu'un pouvait m'aider.
merci d'avance.

voila le résultat:

Logfile of HijackThis v1.99.1
Scan saved at 20:31:39, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Utilisateur anonyme
27 mars 2008 à 22:19
Salut ,

→ Télécharge MSNFix.zip sur le bureau :


Ps: Il est possible que l'antivirus détecte un virus au téléchargement, mais ne t'inquiete pas , c'est normal.

Décompresse-le (clic droit : Extraire tout).
A la racine du disque dur, déplace le dossier décompressé --> (C:\MSNFix.)


→ Ouvre-le et double clique sur le fichier MSNFix.bat

→ Fait l'option 'R'.

Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

Sauvegarde ce rapport puis poste-le moi.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas redemarre le pc.
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

Recommande à tes contacts d'appliquer la même procédure afin de stopper le virus.

Tutorial : https://www.malekal.com/supprimer-virus-desinfecter-pc/

*************************************************

→ Lance HijackThis et clique sur "Open misc tools section" Déscends jusqu' a "uninstall HijackThis & exit" clique dessus puis répond ' oui ' à la demande de confirmation.

********************************************


→ Télécharge SDFix et sauvegarde le sur ton Bureau.

→ Redémarre en MSE

Autre tutorials pour MSE :

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Poste moi le rapport.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

***********************************

→ Télécharge HJT



Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe

Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

*****************************

Bonne chance

A+
0
Réponse 2 / 26
jimbo67
27 mars 2008 à 22:51
salut,

voila le rapport de MSNFix dans un premier temps, le reste arrive:

MSNFix 1.692

C:\MSNFix
Fix exécuté le 27/03/2008 - 22:44:37,00 By Proprietaire
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

Aucun Fichier trouvé


************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winlogon.exe


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
Réponse 3 / 26
jimbo67
27 mars 2008 à 23:10
le rapport de SDFix:


[b]SDFix: Version 1.162 [/b]

Run by Proprietaire on 27/03/2008 at 22:58

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 23:03:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e18e2d4f
"s2"=dword:0c24f9d5
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:28,e0,65,6a,e0,e2,01,a9,91,b7,c9,e3,ff,7e,ac,27,6f,fb,34,88,76,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,16,0f,30,7e,c6,1a,fd,11,8f,7b,a1,6f,68,28,d7,97,..
"khjeh"=hex:97,e7,71,5c,f6,59,75,b1,04,25,a0,38,6d,74,fc,5f,32,5d,aa,4f,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fc,fc,0b,ba,d4,c2,50,d4,ea,82,83,18,89,46,b0,4e,aa,b9,5b,f9,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,21,d9,5d,78,c5,20,e7,1d,f1,72,c2,06,96,1d,26,3d,89,..
"ljej40"=hex:b2,31,94,b9,4e,2e,d4,72,84,41,31,49,1d,27,62,3a,43,ae,66,b2,12,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:28,e0,65,6a,e0,e2,01,a9,91,b7,c9,e3,ff,7e,ac,27,6f,fb,34,88,76,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,16,0f,30,7e,c6,1a,fd,11,8f,7b,a1,6f,68,28,d7,97,..
"khjeh"=hex:97,e7,71,5c,f6,59,75,b1,04,25,a0,38,6d,74,fc,5f,32,5d,aa,4f,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fc,fc,0b,ba,d4,c2,50,d4,ea,82,83,18,89,46,b0,4e,aa,b9,5b,f9,5d,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 809


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\PROPRI~1\\LOCALS~1\\Temp\\winlogon.exe"="C:\\DOCUME~1\\PROPRI~1\\LOCALS~1\\Temp\\winlogon.exe:*:Enabled:Flash Driver"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 14 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 8 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT2.tmp"

[b]Finished![/b]
0
Réponse 4 / 26
Utilisateur anonyme
27 mars 2008 à 23:11
Re , Hijackthis maintenant.

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
jimbo67
27 mars 2008 à 23:21
voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:31, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HJC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 6 / 26
Utilisateur anonyme
27 mars 2008 à 23:23
Re ,

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne comptétente /!\


Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]


Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]

Tutorial ( aide ): https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

a+
0
Réponse 7 / 26
jimbo67
27 mars 2008 à 23:38
voila:

ComboFix 08-03-26.3 - Proprietaire 2008-03-27 23:32:15.1 - NTFSx86
Endroit: C:\Documents and Settings\Proprietaire\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 23:12 . 2008-03-27 23:12 <REP> d-------- C:\Program Files\Trend Micro
2008-03-27 22:38 . 2008-03-27 22:48 <REP> d-------- C:\MSNFix
2008-03-27 20:24 . 2008-03-27 22:52 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-03-27 19:58 . 2008-03-27 19:58 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-27 19:57 . 2006-05-11 09:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-27 19:57 . 2006-05-11 09:35 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-27 19:57 . 2007-08-08 07:03 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-27 19:57 . 2007-08-08 07:03 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-27 19:57 . 2007-08-08 07:03 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-27 19:57 . 2007-08-08 07:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-27 19:57 . 2008-03-27 20:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-27 19:51 . 2008-03-27 23:06 <REP> d-------- C:\SDFix
2008-03-25 17:40 . 2008-03-27 23:07 <REP> d-------- C:\Program Files\Steam
2008-03-12 20:51 . 2008-03-12 20:51 <REP> d-------- C:\Documents and Settings\All Users\Modèles
2008-03-12 20:32 . 2008-03-12 20:32 <REP> d-------- C:\Program Files\Fx Audio Conveter
2008-03-12 20:32 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-03-12 20:32 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-03-12 20:32 . 2002-10-07 14:16 155,648 --a------ C:\WINDOWS\system32\Dbgwproc.dll
2008-03-12 20:32 . 2005-02-04 11:21 40,960 --a------ C:\WINDOWS\system32\FxHorizBtn.ocx
2008-03-12 20:32 . 2003-03-06 11:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-03-12 20:32 . 1999-03-12 03:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb
2008-03-10 18:12 . 2008-03-14 15:03 <REP> d-------- C:\Documents and Settings\Proprietaire\Contacts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 22:33 312,657,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-27 22:07 --------- d-----w C:\Documents and Settings\Proprietaire\Application Data\AVG7
2008-03-27 21:54 493,568 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-27 21:54 2,296,320 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-27 21:39 --------- d-----w C:\Documents and Settings\Proprietaire\Application Data\LimeWire
2008-03-27 18:52 3,666,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-27 17:09 --------- d-----w C:\Documents and Settings\Proprietaire\Application Data\AdobeUM
2008-03-25 18:35 --------- d-----w C:\Program Files\SolidWorks
2008-03-25 18:30 --------- d-----w C:\Program Files\VirtualDJ
2008-03-25 18:30 --------- d-----w C:\Program Files\Java
2008-03-24 12:02 --------- d-----w C:\Program Files\MSN Messenger
2008-03-24 12:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 18:31 2,272,256 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-20 20:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-20 20:31 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-16 19:16 53,248 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-16 18:12 4,580,464 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-14 22:37 429,568 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-14 22:37 2,260,480 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-07 11:00 2,243,584 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-04 03:02 2,238,976 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-28 23:06 114,688 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-27 22:09 2,493,952 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 17:03 --------- d-----w C:\Program Files\HighGrow
2008-02-24 19:39 12,384,815 ----a-w C:\AVG7QT.DAT
2008-02-23 11:21 384 ----a-w C:\Documents and Settings\Proprietaire\Application Data\wklnhst.dat
2008-02-17 19:23 --------- d-----w C:\Program Files\DivX
2008-02-04 19:39 --------- d-----w C:\Program Files\Everest Poker
2008-02-01 22:26 2,185,216 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-28 17:22 --------- d-----w C:\Documents and Settings\Proprietaire\Application Data\OpenOwnsRemote
2008-01-28 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\live 64 math does
2008-01-16 18:48 2,129,408 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-11 20:19 2,109,952 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-28 18:01 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-04 12:32 1,786,368 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-10-08 20:02 1,710,592 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-09-28 06:20 1,697,792 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-09-09 20:55 1,627,136 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-09-08 18:07 1,618,432 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-25 17:41 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 19:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 19:26 86016]
"nwiz"="nwiz.exe" [2006-04-15 19:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 21:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 18:47 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54 919016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 18:08 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3ae9dc2-4a88-11dc-891e-0016d43455ac}]
\Shell\AutoRun\command - H:\EasyCN.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-27 21:00:00 C:\WINDOWS\Tasks\AB36055C9185BBFC.job"
- c:\docume~1\propri~1\applic~1\openow~1\settings meal meow.exe
"2007-09-13 09:03:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 23:33:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????U??????(?@???????@

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-27 23:34:12
ComboFix-quarantined-files.txt 2008-03-27 22:34:08
Pre-Run: 72,370,515,968 octets libres
Post-Run: 72,357,642,240 octets libres
.
2008-03-21 02:03:06 --- E O F ---
0
Réponse 8 / 26
Utilisateur anonyme
27 mars 2008 à 23:45
Re ...

→ Relance hijackthis , Choisis ' Do a system scan ' Et fixe ces lignes : ( coche la case à leurs gauches > ' fixchecked ')

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winlogon.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


*****************************

→ Télécharge CleanUp452 ( Primary download site ... )

→ Lance-le et choisi l'option ' cleanup! '

Poste le rapport.

Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )

**************************

→ Télécharge clean : http://www.malekal.com/download/clean.zip

→ Dézippe-le ( clique droit , extraire tout)

→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.

*******************

a+
0
Réponse 9 / 26
jimbo67
27 mars 2008 à 23:56
CleanUp! started on 03/27/08 23:55:16.
...
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@studyrama[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@t.msn[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@t.msn[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@t.voila[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tc.sfr[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tch0u-tch0uu.skyrock[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@terminala[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@test-et-vous.psychologies[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tf1[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@th0ms.skyrock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@titanpoker[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@titanpoker[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@toilokdo[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tomsguide[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@topachat[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@torrent-passion[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@toutelatele[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@toxick-0.skyrock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@track.effiliation[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@track.espaceclient[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@track.webgains[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tracker.affistats[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tracking.publicidees[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tradedoubler[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@trafiz[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@transaction-immo[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@translate.google[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@transvente[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@trdpdc.solidworks[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tribalfusion[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@tsw0[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@uniquepeek[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@updateservice.sonic[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@upload.youporn[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@vhost.oddcast[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@video.google[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@videos-de-celebrites[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@vidmax[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@vidmax[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@virginmobile[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@vivastreet[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@vlaze[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@voila[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@voirunfilm[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@voyages-sncf[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@voyance-web[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@vueling[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@w14.easy-share[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@w15.easy-share[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@watchindia[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@wc.mit.grandvirtual[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@wdm.map24[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@web-stats[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@web.ifrance[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@web.ifrance[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@web.ifrance[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@webdistrib[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@webgirlbank[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@weborama[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@wedoo[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@windowsmarketplace[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@ws2.smartp[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@wunderloop[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.01net[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.18qt[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.2xmoinscher[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.abix[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.adverland[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.aina-media[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.alpoze[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.alsace.cci[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.aramisauto[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.aronet[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.assaut.mnsf[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.aujardin[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.be2[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.best-rated-uk-casinos[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.bestmediabuy[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.bestmediabuy[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.boursier[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.bravofly[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.businesspme[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.canalplay[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.cannaweed[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.cdpoker[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.cibleclick[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.cinemotions[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.clubxtrem[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.cnomy[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.cnrtl[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.complicio[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.ctqui[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.darmowe-liczniki[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.dimension-bts[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.e-voyageur[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.easyjet[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.easyjet[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.efukt[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.embauche[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.emfi[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.etracker[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.europacasino[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.eurotunnel[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.everestpoker[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.filefactory[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.filefactory[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.fishmpegs[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.florajet[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.fr.lastminute[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.france-credit[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[4].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[5].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[6].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.googleadservices[7].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.google[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.homemadeking[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.hotfrog[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.humour[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.illegal-party[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.ilovemessenger[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.infos-du-net[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.insa-strasbourg[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.irfa-est[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.jamba[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.jeuxvideo-flash[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.jeuxvideo[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.kiaramedia[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.kompassfrance[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.kompass[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.koonect[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.koreus[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.laboutique.bouyguestelecom[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.le-cirque[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.leboncoin[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.leboncoin[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.leguide[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.leguide[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.look-voyages[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.lop[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.manpower[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.manpower[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.manpower[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.marionnaud[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.marmara[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.max-clubbing[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.max-clubbing[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.mbkdarmon[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.mediatis[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.meetic[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.mes-jeux-flash[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.messengerfx[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.messengerskinner[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.messtats.xchangeattitude[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.miniclip[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.misterbang[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.misterbang[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.monabanq[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.mydesign[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.myvideo[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.news-torrent[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.norauto[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.optioncarriere[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.pagesjaunes[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.partirpascher[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.partners-finances[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.paruvendu[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.paruvendu[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.paruvendu[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.paruvendu[4].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.paruvendu[5].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.pleinchamp[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.pornoamateurs[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.priceminister[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.priceminister[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.programme-tv[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.queblock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.queblock[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.radioblogclub[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.rencontre[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.revresda[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.roxypalace[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.scratch2cash[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.seloger[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.serencontrer[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.sfr[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.skyrock[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.skyrock[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.smooki[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.solidworks[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.spartoo[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.spyjoy[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.spyjoy[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.starzik[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.steampowered[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.steampowered[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.sur-la-toile[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.sur-la-toile[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.titanpoker[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.topachat[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.toutelatele[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.trendsecure[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.trombi[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.uniquepeek[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.utarget.co[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.viamichelin[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.vidmax[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.vikingdirect[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.vikingdirect[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.voyages-sncf[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.voyance-web[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.vueling[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.webdistrib[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.webmarchand[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.wellpack[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.xe[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www.zetrack[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www1.admission-postbac[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www18.officedepot[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www2.ina[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www2.viamichelin[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www3.admission-postbac[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www3.messengerfx[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www4.admission-postbac[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@www999.shopping[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@wysistat[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@x-etoilefilant3-x.skyrock[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@x-fee-n0mene-x.skyrock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@x-kor4liie.skyrock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@x-tralilala-x.skyrock[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@xiti[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@xopcj934[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@xx-mazeto-tck-xx.skyrock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@xx-so-beautiiful-xx.skyrock[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@yahoo[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@yahoo[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@yoox[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@youporncocks[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@youporn[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@youporn[3].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@youramateurporn[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@yourfilehost[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@yourmedia[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@youtube[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zacarititiaa10.spaces.live[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zanox.promovacances[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zbox.zanox[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zedo[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zlio[2].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zoneadsl[1].txt - deleted
C:\Documents and Settings\Proprietaire\Cookies\proprietaire@zune[2].txt - deleted
C:\Documents and Settings\Proprietaire\Local Settings\Temp\~DF267C.tmp - deleted
C:\Documents and Settings\Proprietaire\Local Settings\Temp\~DF8A58.tmp - deleted
C:\Documents and Settings\Proprietaire\Local Settings\Temp\~DF8AD1.tmp - deleted
C:\Documents and Settings\Proprietaire\Local Settings\Temp\~DF9EE6.tmp - deleted
C:\Documents and Settings\Proprietaire\Local Settings\Temp\~DF9F10.tmp - deleted
C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat - deleted
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat - deleted
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\Default User\Cookies\index.dat - deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
C:\Documents and Settings\Administrateur\Cookies\index.dat - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 32.0 MB of disk space from 4492 files.
CleanUp! finished on 03/27/08 23:55:23.
0
Réponse 10 / 26
jimbo67
28 mars 2008 à 00:03
27/03/2008 a 23:58:31,57

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
0
Réponse 11 / 26
Utilisateur anonyme
28 mars 2008 à 00:05
Re' !

→ Redémarre en MSE

Autre tutorials pour MSE:

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Re-lance clean -> Choisis l'option 2

---Clean va travailler.---

→ Un rapport Va etre généré , poste le moi ;)

( Le rapport est aussi sauvegardé dans C:\Rapport_clean.txt )

***********************

+ un nouveau rapport Hijackthis stp.




Encore des soucis ?
( je tiens à préciser que c'est pas encore terminé =) )
A+
0
Réponse 12 / 26
jimbo67
28 mars 2008 à 00:11
on peut continuer demain? parce que moi j'ai une épreuve de bac blanc demain matin :(

ofaite tu fais quoi avec mon pc?? =)
0
Réponse 13 / 26
Utilisateur anonyme
28 mars 2008 à 00:19
Re ,

Oui c'est plus important que ton pc ;))) 



ofaite tu fais quoi avec mon pc?? =)


Je fait passer des outils de désinfection , spécifiques à ... ton infection ( justement ^^ )

Bonne chance pour ton épreuve ;)

A demain =)

0
Réponse 14 / 26
jimbo67
28 mars 2008 à 00:29
merci a demain, je t'envoi déja lé rapports ;)

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/03/2008 a 0:17:16,23

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:26, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 15 / 26
Utilisateur anonyme
28 mars 2008 à 15:21
Re , le rapport est propre encore des soucis ?

************************************************************************************

Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '

Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/


Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :

https://www.adobe.com/support/security/bulletins/apsb07-01.html


https://get2.adobe.com/reader/otherversions/

**********************************************************************

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

****************************************************************

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...

Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.

Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.

***********************************************************

a+
0
Réponse 16 / 26
jimbo67
28 mars 2008 à 21:13
re, merci pour cette grande aide, tu m'a été d'un grand secour

j'ai peut ètre 2-3 petites questions qui pourraient m'éviter des soucis pareil

voila le rapport de toolscleaner:

-->- Recherche:

C:\SDFIX: trouvé !
C:\MsnFix: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\tar.exe: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\remove.reg: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\pskill.exe: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\LFiles.exe: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\gzip.exe: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\delr.cmd: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\del3.cmd: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\del2.cmd: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\clean.cmd: trouvé !
C:\Documents and Settings\Proprietaire\Bureau\clean\cherche.cmd: trouvé !
C:\Documents and Settings\Proprietaire\Recent\MSNFix.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\tar.exe: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\remove.reg: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\pskill.exe: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\LFiles.exe: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\gzip.exe: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\delr.cmd: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\del3.cmd: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\del2.cmd: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\clean.cmd: supprimé !
C:\Documents and Settings\Proprietaire\Bureau\clean\cherche.cmd: supprimé !
C:\Documents and Settings\Proprietaire\Recent\MSNFix.lnk: supprimé !
C:\SDFIX: supprimé !
C:\MsnFix: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 17 / 26
Utilisateur anonyme
28 mars 2008 à 21:16
Re , oki

> Supprime Toolscleaner.

**********


-------------Infos-------------

Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention ( merci espion3004 )

*****************


Pourquoi sécuriser mon pc ?

Trojan ? =/

**************


Si tu as des questions n'hésite pas

a+
0
Réponse 18 / 26
jimbo67
28 mars 2008 à 21:25
ree,


je pocède un disque dur externe:
je voulais le défragmenté, mais il m'indique qu'il y a une erreur au fichier I:\Recycled\Di10.avi
je ne trouve pa ce fichier, ni en caché...

Puis pourrais-tu me conseiller un antivirus?

mercii
0
Réponse 19 / 26
Utilisateur anonyme
28 mars 2008 à 22:07
Et bien tu as déja AVG7 ... à moins que tu veuilles changer
0
Réponse 20 / 26
jimbo67
28 mars 2008 à 22:12
toi tu en pence quoi? il est bien et je dois le garder, ou il est sert a rien et je dois changer?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses