Page internet qui s'ouvre toute seul

Résolu
alex1912 Messages postés 44 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,J'ai un petit probleme avec internet.
Quant je vais sur google pour faire une recherche des dizaines d'autre page s'ouvre systematiquement Que dois je faire svp? car la je ne sais pas comment resoudre ce probleme.
Merci d'avance
P.S voici mon rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:48:04, on 03/04/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\VM303_STI.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\tz_exec.tmp130\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [mfcd chic] "C:\ProgramData\RDR GPL GPL.ol2kqym"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Wipe Wave Lite.b573za"
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF87E00-FDF9-4937-9E2F-FFC4646D7C89}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CF87E00-FDF9-4937-9E2F-FFC4646D7C89}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Configuration: Windows Vista
Internet Explorer 7.0

15 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      voila le rapport combofix:
      ComboFix 08-04-02.1 - alexandre 2008-04-03 15:06:05.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.230 [GMT 2:00]
      Endroit: C:\Users\alexandre\Downloads\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\internetgamebox
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-03 14:58 . 2008-04-03 14:58 <REP> d-------- C:\ComboFix[1]
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Users\All Users\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Users\alexandre\AppData\Roaming\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\ProgramData\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Program Files\Trojan Remover
      2008-04-03 12:09 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
      2008-04-03 12:09 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
      2008-04-03 12:09 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
      2008-04-03 12:09 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
      2008-04-02 10:53 . 2008-04-02 15:13 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-04-01 20:14 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-01 20:14 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-04-01 18:43 . 2008-04-01 18:43 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-01 18:43 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-01 18:43 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-01 18:43 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-01 18:43 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-01 18:43 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-01 18:43 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-03-31 17:07 . 2008-02-21 04:05 129,784 --------- C:\Windows\System32\pxafs.dll
      2008-03-31 17:07 . 2008-02-21 04:05 120,056 --------- C:\Windows\System32\pxcpyi64.exe
      2008-03-31 17:07 . 2008-02-21 04:05 118,520 --------- C:\Windows\System32\pxinsi64.exe
      2008-03-31 17:02 . 2008-03-31 17:02 <REP> d-------- C:\Users\alexandre\.drdivx2
      2008-03-31 13:11 . 2008-03-31 13:11 <REP> d-------- C:\Temp
      2008-03-31 13:01 . 2008-03-31 13:03 <REP> d-------- C:\Program Files\MP3 AVI MPEG WMV RM to Audio CD Burner
      2008-03-31 13:01 . 2008-03-31 13:02 66 --a------ C:\Windows\MP3 AVI MPEG WMV RM to Audio CD Burner.INI
      2008-03-28 10:39 . 2008-03-28 11:07 <REP> d-------- C:\Program Files\ALO Power Audio Converter
      2008-03-28 10:39 . 2000-09-22 15:10 647,872 --a------ C:\Windows\System32\MSCOMCT2.OCX
      2008-03-28 10:39 . 2003-08-07 16:01 237,568 --a------ C:\Windows\System32\lame_enc.dll
      2008-03-25 11:57 . 2008-03-25 13:23 <REP> d-------- C:\Program Files\RM-X® Easy Compress
      2008-03-25 11:12 . 2008-03-25 11:12 <REP> d-------- C:\Program Files\TUGZip
      2008-03-24 18:53 . 2008-03-24 18:56 <REP> d-------- C:\Program Files\eMule1
      2008-03-20 13:33 . 2008-03-20 13:33 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2008-03-20 11:30 . 2008-03-20 11:30 <REP> d-------- C:\PerfLogs
      2008-03-20 10:39 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-03-20 10:38 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
      2008-03-20 10:37 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
      2008-03-20 10:36 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
      2008-03-20 10:34 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
      2008-03-20 10:34 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
      2008-03-20 10:34 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
      2008-03-20 10:34 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
      2008-03-20 10:34 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
      2008-03-20 10:33 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
      2008-03-20 10:33 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
      2008-03-20 10:33 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
      2008-03-20 10:33 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
      2008-03-04 16:29 . 2008-03-04 16:29 <REP> d-------- C:\Program Files\Common Files\EasyInfo

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-03 13:04 --------- d---a-w C:\ProgramData\TEMP
      2008-04-03 11:32 --------- d-----w C:\Program Files\Spyware Doctor
      2008-04-03 11:11 --------- d-----w C:\ProgramData\Google Updater
      2008-04-01 18:23 --------- d-----w C:\ProgramData\eMule
      2008-04-01 18:23 --------- d-----w C:\Program Files\eMule
      2008-04-01 18:13 --------- d-----w C:\ProgramData\Secondtonsbody
      2008-04-01 17:12 --------- d-----w C:\ProgramData\Kaspersky Lab
      2008-04-01 16:29 --------- d-----w C:\Program Files\HP
      2008-04-01 16:17 --------- d-----w C:\ProgramData\HP
      2008-03-31 15:08 --------- d-----w C:\Program Files\DivX
      2008-03-31 15:04 --------- d-----w C:\Program Files\AskTBar
      2008-03-31 10:42 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
      2008-03-31 07:53 --------- d-----w C:\Users\alexandre\AppData\Roaming\Dr. DivX 2.0 OSS
      2008-03-29 19:07 --------- d-----w C:\Program Files\Picasa2
      2008-03-28 19:01 --------- d-----w C:\ProgramData\does dog two city
      2008-03-28 18:59 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-28 09:01 --------- d-----w C:\Program Files\VideoLAN
      2008-03-25 09:41 --------- d-----w C:\Users\alexandre\AppData\Roaming\DivX
      2008-03-20 09:46 174 --sha-w C:\Program Files\desktop.ini
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Sidebar
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Photo Gallery
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Mail
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Defender
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Collaboration
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Calendar
      2008-03-20 09:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
      2008-03-20 09:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
      2008-03-19 18:53 --------- d-----w C:\Users\alexandre\AppData\Roaming\Image Zone Express
      2008-03-13 19:59 524 ----a-w C:\Users\alexandre\AppData\Roaming\wklnhst.dat
      2008-03-12 08:27 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-28 11:15 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-25 15:41 --------- d-----w C:\Program Files\RM-X Player V5.2
      2008-02-24 09:32 --------- d-----w C:\ProgramData\Yahoo! Companion
      2008-02-24 09:15 --------- d-----w C:\Program Files\Yahoo!
      2008-02-23 09:45 --------- d-----w C:\ProgramData\Nero
      2008-02-23 09:22 964,735 ----a-w C:\Users\alexandre\SETUP-UCS_V4.6.3[1].EXE
      2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
      2008-02-21 08:05 --------- d-----w C:\Program Files\Common Files\AVSMedia
      2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
      2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
      2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
      2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
      2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
      2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
      2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
      2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
      2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
      2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
      2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
      2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
      2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
      2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
      2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
      2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
      2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
      2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
      2008-02-20 22:03 --------- d-----w C:\Users\alexandre\AppData\Roaming\AVSMedia
      2008-02-20 15:05 --------- d-----w C:\ProgramData\LightScribe
      2008-02-20 14:54 --------- d-----w C:\Users\alexandre\AppData\Roaming\Nero
      2008-02-16 09:26 --------- d-----w C:\Users\alexandre\AppData\Roaming\Zylom
      2008-02-16 09:18 --------- d-----w C:\ProgramData\Zylom
      2008-02-13 20:05 6,656 ----a-w C:\Windows\System32\kbd106n.dll
      2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
      2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
      2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
      2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
      2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
      2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
      2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
      2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
      2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
      2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
      2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
      2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
      2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
      2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
      2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
      2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
      2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
      2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
      2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
      2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
      2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
      2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
      2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
      2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
      2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
      2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
      2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
      2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
      2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
      2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
      2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
      2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
      2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
      2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
      2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
      "Acer Tour Reminder"="" []
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
      "mfcd chic"="C:\ProgramData\RDR GPL GPL.ol2kqym" [2008-03-28 21:00 245776]
      "two city internet heck"="C:\ProgramData\Wipe Wave Lite.b573za" [2008-03-28 21:01 155664]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
      "eRecoveryService"="" []
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
      "BigDog303"="C:\Windows\VM303_STI.exe" [2006-01-25 00:07 61440]
      "VX1000"="C:\Windows\vVX1000.exe" [2007-04-10 23:46 709992]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "Skytel"="Skytel.exe" [2007-03-16 09:06 1822720 C:\Windows\SkyTel.exe]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-03-27 18:10 874064]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

      C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 23:22:26 528384]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-10 11:43:52 124400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{24AB70F3-9717-43B1-B473-2B48017BC0F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{7013DBCF-570F-4A1C-9ED9-246C76E7D6C0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{8C9DB831-4A24-4906-8F3D-9AA9B8E4FE4D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
      "TCP Query User{936884B8-1B40-4C9F-842A-6EFAD731E6BB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{1765ED25-98BE-4E1E-9438-945BB3F1880D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "TCP Query User{59A240AD-CDA6-42DD-A946-89500DBDC3F2}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
      "UDP Query User{4A6B8C50-28F1-40C3-8E7F-C4E82A1E2805}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
      "TCP Query User{21915AF6-98EA-4E44-8279-462D540D3DDB}C:\\program files\\sony ericsson\\update service\\telephone\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\telephone\update service\update service.exe:Update Service
      "UDP Query User{0AA490E6-7833-43E4-B1AB-AD4B83EA77DE}C:\\program files\\sony ericsson\\update service\\telephone\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\telephone\update service\update service.exe:Update Service
      "{01400A41-6A7A-4ED6-A5A4-706284860364}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
      "{D3F73AE7-645D-49BE-8168-BB3E3F8C328E}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
      "TCP Query User{2BF471F2-563B-4349-8316-9964B0BB96F7}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "UDP Query User{B5E828EB-9ABB-47FB-9ADE-8403AE7B1F68}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "TCP Query User{9CE08571-F730-488D-AA7E-80C8674C667E}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
      "UDP Query User{A4ED8093-6D04-4AC9-96E1-B4180C89A7D9}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
      "TCP Query User{4D2650CB-C384-4017-8EF4-9218DA6B2B6D}C:\\program files\\emule1\\emule.exe"= UDP:C:\program files\emule1\emule.exe:eMule Plus
      "UDP Query User{92717BED-A18E-4C67-927A-0A6F27F0BD16}C:\\program files\\emule1\\emule.exe"= TCP:C:\program files\emule1\emule.exe:eMule Plus

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
      "C:\\Program Files\\WINSOS\\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
      "C:\\Program Files\\WINSOS\\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
      "C:\\Program Files\\WINSOS\\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help

      R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
      R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
      S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-01 15:00]
      S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0c4b680-cdcc-11dc-a28c-00016c0d3989}]
      \shell\AutoRun\command - J:\ClickMe.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-03 15:09:25
      Windows 6.0.6001 Service Pack 1 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      BigDog303 = C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-03 15:10:14
      ComboFix-quarantined-files.txt 2008-04-03 13:10:10
      Pre-Run: 35,269,271,552 octets libres
      Post-Run: 35,280,617,472 octets libres
      .
      2008-04-02 07:24:25 --- E O F ---

      et le rapport hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:20:49, on 03/04/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Windows\VM303_STI.EXE
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\vVX1000.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\explorer.exe
      C:\Windows\system32\notepad.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\taskeng.exe
      C:\Users\alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR8V47TH\HiJackThis[1].exe
      C:\Windows\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [mfcd chic] "C:\ProgramData\RDR GPL GPL.ol2kqym"
      O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Wipe Wave Lite.b573za"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF87E00-FDF9-4937-9E2F-FFC4646D7C89}: NameServer = 192.168.1.1,192.168.1.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{7CF87E00-FDF9-4937-9E2F-FFC4646D7C89}: NameServer = 192.168.1.1,192.168.1.2
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      0
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok la suite :

    Copie le texte ci-dessous :

    File::
    C:\ProgramData\Wipe Wave Lite.b573za
    C:\ProgramData\RDR GPL GPL.ol2kqym
    C:\Windows\system32\DRIVERS\ggflt.sys

    Folder::
    C:\Program Files\AskTBar

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "two city internet heck"=-
    "mfcd chic"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    Driver::
    ggflt

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      voici le rapport combofix:
      ComboFix 08-04-02.1 - alexandre 2008-04-03 15:48:21.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.251 [GMT 2:00]
      Endroit: C:\Users\alexandre\Downloads\ComboFix.exe
      Command switches used :: C:\Users\alexandre\Desktop\CFScript.txt..lnk
      * Création d'un nouveau point de restauration
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-03 14:58 . 2008-04-03 14:58 <REP> d-------- C:\ComboFix[1]
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Users\All Users\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Users\alexandre\AppData\Roaming\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\ProgramData\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Program Files\Trojan Remover
      2008-04-03 12:09 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
      2008-04-03 12:09 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
      2008-04-03 12:09 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
      2008-04-03 12:09 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
      2008-04-02 10:53 . 2008-04-02 15:13 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-04-01 20:14 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-01 20:14 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-04-01 18:43 . 2008-04-01 18:43 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-01 18:43 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-01 18:43 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-01 18:43 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-01 18:43 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-01 18:43 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-01 18:43 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-03-31 17:07 . 2008-02-21 04:05 129,784 --------- C:\Windows\System32\pxafs.dll
      2008-03-31 17:07 . 2008-02-21 04:05 120,056 --------- C:\Windows\System32\pxcpyi64.exe
      2008-03-31 17:07 . 2008-02-21 04:05 118,520 --------- C:\Windows\System32\pxinsi64.exe
      2008-03-31 17:02 . 2008-03-31 17:02 <REP> d-------- C:\Users\alexandre\.drdivx2
      2008-03-31 13:11 . 2008-03-31 13:11 <REP> d-------- C:\Temp
      2008-03-31 13:01 . 2008-03-31 13:03 <REP> d-------- C:\Program Files\MP3 AVI MPEG WMV RM to Audio CD Burner
      2008-03-31 13:01 . 2008-03-31 13:02 66 --a------ C:\Windows\MP3 AVI MPEG WMV RM to Audio CD Burner.INI
      2008-03-28 10:39 . 2008-03-28 11:07 <REP> d-------- C:\Program Files\ALO Power Audio Converter
      2008-03-28 10:39 . 2000-09-22 15:10 647,872 --a------ C:\Windows\System32\MSCOMCT2.OCX
      2008-03-28 10:39 . 2003-08-07 16:01 237,568 --a------ C:\Windows\System32\lame_enc.dll
      2008-03-25 11:57 . 2008-03-25 13:23 <REP> d-------- C:\Program Files\RM-X® Easy Compress
      2008-03-25 11:12 . 2008-03-25 11:12 <REP> d-------- C:\Program Files\TUGZip
      2008-03-24 18:53 . 2008-03-24 18:56 <REP> d-------- C:\Program Files\eMule1
      2008-03-20 13:33 . 2008-03-20 13:33 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2008-03-20 11:30 . 2008-03-20 11:30 <REP> d-------- C:\PerfLogs
      2008-03-20 10:39 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-03-20 10:38 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
      2008-03-20 10:37 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
      2008-03-20 10:36 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
      2008-03-20 10:34 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
      2008-03-20 10:34 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
      2008-03-20 10:34 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
      2008-03-20 10:34 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
      2008-03-20 10:34 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
      2008-03-20 10:33 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
      2008-03-20 10:33 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
      2008-03-20 10:33 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
      2008-03-20 10:33 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
      2008-03-04 16:29 . 2008-03-04 16:29 <REP> d-------- C:\Program Files\Common Files\EasyInfo

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-03 13:46 --------- d---a-w C:\ProgramData\TEMP
      2008-04-03 11:32 --------- d-----w C:\Program Files\Spyware Doctor
      2008-04-03 11:11 --------- d-----w C:\ProgramData\Google Updater
      2008-04-01 18:23 --------- d-----w C:\ProgramData\eMule
      2008-04-01 18:23 --------- d-----w C:\Program Files\eMule
      2008-04-01 18:13 --------- d-----w C:\ProgramData\Secondtonsbody
      2008-04-01 17:12 --------- d-----w C:\ProgramData\Kaspersky Lab
      2008-04-01 16:29 --------- d-----w C:\Program Files\HP
      2008-04-01 16:17 --------- d-----w C:\ProgramData\HP
      2008-03-31 15:08 --------- d-----w C:\Program Files\DivX
      2008-03-31 15:04 --------- d-----w C:\Program Files\AskTBar
      2008-03-31 10:42 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
      2008-03-31 07:53 --------- d-----w C:\Users\alexandre\AppData\Roaming\Dr. DivX 2.0 OSS
      2008-03-29 19:07 --------- d-----w C:\Program Files\Picasa2
      2008-03-28 19:01 --------- d-----w C:\ProgramData\does dog two city
      2008-03-28 18:59 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-28 09:01 --------- d-----w C:\Program Files\VideoLAN
      2008-03-25 09:41 --------- d-----w C:\Users\alexandre\AppData\Roaming\DivX
      2008-03-20 09:46 174 --sha-w C:\Program Files\desktop.ini
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Sidebar
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Photo Gallery
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Mail
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Defender
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Collaboration
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Calendar
      2008-03-20 09:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
      2008-03-20 09:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
      2008-03-19 18:53 --------- d-----w C:\Users\alexandre\AppData\Roaming\Image Zone Express
      2008-03-13 19:59 524 ----a-w C:\Users\alexandre\AppData\Roaming\wklnhst.dat
      2008-03-12 08:27 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-28 11:15 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-25 15:41 --------- d-----w C:\Program Files\RM-X Player V5.2
      2008-02-24 09:32 --------- d-----w C:\ProgramData\Yahoo! Companion
      2008-02-24 09:15 --------- d-----w C:\Program Files\Yahoo!
      2008-02-23 09:45 --------- d-----w C:\ProgramData\Nero
      2008-02-23 09:22 964,735 ----a-w C:\Users\alexandre\SETUP-UCS_V4.6.3[1].EXE
      2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
      2008-02-21 08:05 --------- d-----w C:\Program Files\Common Files\AVSMedia
      2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
      2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
      2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
      2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
      2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
      2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
      2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
      2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
      2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
      2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
      2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
      2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
      2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
      2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
      2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
      2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
      2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
      2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
      2008-02-20 22:03 --------- d-----w C:\Users\alexandre\AppData\Roaming\AVSMedia
      2008-02-20 15:05 --------- d-----w C:\ProgramData\LightScribe
      2008-02-20 14:54 --------- d-----w C:\Users\alexandre\AppData\Roaming\Nero
      2008-02-16 09:26 --------- d-----w C:\Users\alexandre\AppData\Roaming\Zylom
      2008-02-16 09:18 --------- d-----w C:\ProgramData\Zylom
      2008-02-13 20:05 6,656 ----a-w C:\Windows\System32\kbd106n.dll
      2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
      2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
      2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
      2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
      2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
      2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
      2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
      2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
      2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
      2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
      2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
      2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
      2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
      2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
      2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
      2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
      2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
      2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
      2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
      2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
      2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
      2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
      2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
      2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
      2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
      2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
      2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
      2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
      2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
      2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
      2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
      2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
      2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
      2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
      2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-03_15.09.54,69 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-03 11:05:01 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-03 13:43:56 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-04-03 12:20:13 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-03 13:47:08 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-03 11:07:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-03 13:45:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      - 2008-04-03 13:05:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-03 13:47:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-03 11:07:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-03 13:46:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-03 13:46:24 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-03 11:11:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-03 13:45:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-03 11:11:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-03 13:45:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-03 11:11:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-03 13:45:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-03 11:08:23 10,218 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-386166472-3820410549-3574106131-1000_UserData.bin
      + 2008-04-03 13:46:42 10,234 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-386166472-3820410549-3574106131-1000_UserData.bin
      - 2008-04-03 11:08:23 63,706 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-03 13:46:42 63,770 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-03 11:08:18 58,442 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-03 13:46:39 58,642 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
      "Acer Tour Reminder"="" []
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
      "mfcd chic"="C:\ProgramData\RDR GPL GPL.ol2kqym" [2008-03-28 21:00 245776]
      "two city internet heck"="C:\ProgramData\Wipe Wave Lite.b573za" [2008-03-28 21:01 155664]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
      "eRecoveryService"="" []
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
      "BigDog303"="C:\Windows\VM303_STI.exe" [2006-01-25 00:07 61440]
      "VX1000"="C:\Windows\vVX1000.exe" [2007-04-10 23:46 709992]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "Skytel"="Skytel.exe" [2007-03-16 09:06 1822720 C:\Windows\SkyTel.exe]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
      "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-03-27 18:10 874064]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

      C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 23:22:26 528384]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-10 11:43:52 124400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{24AB70F3-9717-43B1-B473-2B48017BC0F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{7013DBCF-570F-4A1C-9ED9-246C76E7D6C0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{8C9DB831-4A24-4906-8F3D-9AA9B8E4FE4D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
      "TCP Query User{936884B8-1B40-4C9F-842A-6EFAD731E6BB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{1765ED25-98BE-4E1E-9438-945BB3F1880D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "TCP Query User{59A240AD-CDA6-42DD-A946-89500DBDC3F2}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
      "UDP Query User{4A6B8C50-28F1-40C3-8E7F-C4E82A1E2805}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
      "TCP Query User{21915AF6-98EA-4E44-8279-462D540D3DDB}C:\\program files\\sony ericsson\\update service\\telephone\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\telephone\update service\update service.exe:Update Service
      "UDP Query User{0AA490E6-7833-43E4-B1AB-AD4B83EA77DE}C:\\program files\\sony ericsson\\update service\\telephone\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\telephone\update service\update service.exe:Update Service
      "{01400A41-6A7A-4ED6-A5A4-706284860364}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
      "{D3F73AE7-645D-49BE-8168-BB3E3F8C328E}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
      "TCP Query User{2BF471F2-563B-4349-8316-9964B0BB96F7}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "UDP Query User{B5E828EB-9ABB-47FB-9ADE-8403AE7B1F68}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "TCP Query User{9CE08571-F730-488D-AA7E-80C8674C667E}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
      "UDP Query User{A4ED8093-6D04-4AC9-96E1-B4180C89A7D9}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
      "TCP Query User{4D2650CB-C384-4017-8EF4-9218DA6B2B6D}C:\\program files\\emule1\\emule.exe"= UDP:C:\program files\emule1\emule.exe:eMule Plus
      "UDP Query User{92717BED-A18E-4C67-927A-0A6F27F0BD16}C:\\program files\\emule1\\emule.exe"= TCP:C:\program files\emule1\emule.exe:eMule Plus

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
      "C:\\Program Files\\WINSOS\\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
      "C:\\Program Files\\WINSOS\\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
      "C:\\Program Files\\WINSOS\\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help

      R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
      R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
      S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-01 15:00]
      S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0c4b680-cdcc-11dc-a28c-00016c0d3989}]
      \shell\AutoRun\command - J:\ClickMe.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-03 15:51:50
      Windows 6.0.6001 Service Pack 1 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      BigDog303 = C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-03 15:52:50
      ComboFix-quarantined-files.txt 2008-04-03 13:52:46
      ComboFix2.txt 2008-04-03 13:10:15
      Pre-Run: 36,109,856,768 octets libres
      Post-Run: 36,076,122,112 octets libres
      .
      2008-04-02 07:24:25 --- E O F ---

      et le rapport hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:57:22, on 03/04/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\VM303_STI.EXE
      C:\Windows\vVX1000.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Windows\Explorer.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
      C:\Users\alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR8V47TH\HiJackThis[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [mfcd chic] "C:\ProgramData\RDR GPL GPL.ol2kqym"
      O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Wipe Wave Lite.b573za"
      O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    tu n´as pas du le faire comme il faut...

    recommence en telechargeant le cfsript ici :

    https://www.cjoint.com/?edqfLLnJ5d

    decompresse le fichier .txt sur ton bureau et

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      vfoici le rapport combofix:
      ComboFix 08-04-02.1 - alexandre 2008-04-03 16:15:04.3 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.250 [GMT 2:00]
      Endroit: C:\Users\alexandre\Downloads\ComboFix.exe
      Command switches used :: C:\CFScript.txt..txt
      * Création d'un nouveau point de restauration

      FILE ::
      C:\ProgramData\RDR GPL GPL.ol2kqym
      C:\ProgramData\Wipe Wave Lite.b573za
      C:\Windows\system32\DRIVERS\ggflt.sys
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\AskTBar
      C:\Program Files\AskTBar\bar\Cache\[u]0/u4A2EB11
      C:\Program Files\AskTBar\bar\Cache\[u]0/u4A30278.bin
      C:\Program Files\AskTBar\bar\Cache\[u]0/u4A30A83.bin
      C:\Program Files\AskTBar\bar\Cache\[u]0/u4A30E2B.bin
      C:\Program Files\AskTBar\bar\Cache\files.ini
      C:\Program Files\AskTBar\bar\History\search2
      C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
      C:\Program Files\AskTBar\PopSwatr\History\notallow
      C:\ProgramData\RDR GPL GPL.ol2kqym
      C:\ProgramData\Wipe Wave Lite.b573za
      C:\Windows\system32\DRIVERS\ggflt.sys

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_ggflt


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-03 14:58 . 2008-04-03 14:58 <REP> d-------- C:\ComboFix[1]
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Users\All Users\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Users\alexandre\AppData\Roaming\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\ProgramData\Simply Super Software
      2008-04-03 12:09 . 2008-04-03 12:09 <REP> d-------- C:\Program Files\Trojan Remover
      2008-04-03 12:09 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
      2008-04-03 12:09 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
      2008-04-03 12:09 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
      2008-04-03 12:09 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
      2008-04-02 10:53 . 2008-04-02 15:13 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-04-01 20:14 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
      2008-04-01 20:14 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
      2008-04-01 18:43 . 2008-04-01 18:43 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-01 18:43 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
      2008-04-01 18:43 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
      2008-04-01 18:43 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
      2008-04-01 18:43 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
      2008-04-01 18:43 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
      2008-04-01 18:43 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
      2008-03-31 17:07 . 2008-02-21 04:05 129,784 --------- C:\Windows\System32\pxafs.dll
      2008-03-31 17:07 . 2008-02-21 04:05 120,056 --------- C:\Windows\System32\pxcpyi64.exe
      2008-03-31 17:07 . 2008-02-21 04:05 118,520 --------- C:\Windows\System32\pxinsi64.exe
      2008-03-31 17:02 . 2008-03-31 17:02 <REP> d-------- C:\Users\alexandre\.drdivx2
      2008-03-31 13:11 . 2008-03-31 13:11 <REP> d-------- C:\Temp
      2008-03-31 13:01 . 2008-03-31 13:03 <REP> d-------- C:\Program Files\MP3 AVI MPEG WMV RM to Audio CD Burner
      2008-03-31 13:01 . 2008-03-31 13:02 66 --a------ C:\Windows\MP3 AVI MPEG WMV RM to Audio CD Burner.INI
      2008-03-28 10:39 . 2008-03-28 11:07 <REP> d-------- C:\Program Files\ALO Power Audio Converter
      2008-03-28 10:39 . 2000-09-22 15:10 647,872 --a------ C:\Windows\System32\MSCOMCT2.OCX
      2008-03-28 10:39 . 2003-08-07 16:01 237,568 --a------ C:\Windows\System32\lame_enc.dll
      2008-03-25 11:57 . 2008-03-25 13:23 <REP> d-------- C:\Program Files\RM-X© Easy Compress
      2008-03-25 11:12 . 2008-03-25 11:12 <REP> d-------- C:\Program Files\TUGZip
      2008-03-24 18:53 . 2008-03-24 18:56 <REP> d-------- C:\Program Files\eMule1
      2008-03-20 13:33 . 2008-03-20 13:33 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2008-03-20 11:30 . 2008-03-20 11:30 <REP> d-------- C:\PerfLogs
      2008-03-20 10:39 . 2008-01-19 07:46 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-03-20 10:38 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
      2008-03-20 10:37 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
      2008-03-20 10:36 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
      2008-03-20 10:34 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
      2008-03-20 10:34 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
      2008-03-20 10:34 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
      2008-03-20 10:34 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
      2008-03-20 10:34 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
      2008-03-20 10:33 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
      2008-03-20 10:33 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
      2008-03-20 10:33 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
      2008-03-20 10:33 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
      2008-03-04 16:29 . 2008-03-04 16:29 <REP> d-------- C:\Program Files\Common Files\EasyInfo

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-03 14:12 --------- d---a-w C:\ProgramData\TEMP
      2008-04-03 11:32 --------- d-----w C:\Program Files\Spyware Doctor
      2008-04-03 11:11 --------- d-----w C:\ProgramData\Google Updater
      2008-04-01 18:23 --------- d-----w C:\ProgramData\eMule
      2008-04-01 18:23 --------- d-----w C:\Program Files\eMule
      2008-04-01 18:13 --------- d-----w C:\ProgramData\Secondtonsbody
      2008-04-01 17:12 --------- d-----w C:\ProgramData\Kaspersky Lab
      2008-04-01 16:29 --------- d-----w C:\Program Files\HP
      2008-04-01 16:17 --------- d-----w C:\ProgramData\HP
      2008-03-31 15:08 --------- d-----w C:\Program Files\DivX
      2008-03-31 10:42 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
      2008-03-31 07:53 --------- d-----w C:\Users\alexandre\AppData\Roaming\Dr. DivX 2.0 OSS
      2008-03-29 19:07 --------- d-----w C:\Program Files\Picasa2
      2008-03-28 19:01 --------- d-----w C:\ProgramData\does dog two city
      2008-03-28 18:59 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-28 09:01 --------- d-----w C:\Program Files\VideoLAN
      2008-03-25 11:23 --------- d-----w C:\Program Files\RM-X® Easy Compress
      2008-03-25 09:41 --------- d-----w C:\Users\alexandre\AppData\Roaming\DivX
      2008-03-20 09:46 174 --sha-w C:\Program Files\desktop.ini
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Sidebar
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Photo Gallery
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Mail
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Defender
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Collaboration
      2008-03-20 09:32 --------- d-----w C:\Program Files\Windows Calendar
      2008-03-20 09:04 82,432 ----a-w C:\Windows\System32\axaltocm.dll
      2008-03-20 09:04 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
      2008-03-19 18:53 --------- d-----w C:\Users\alexandre\AppData\Roaming\Image Zone Express
      2008-03-13 19:59 524 ----a-w C:\Users\alexandre\AppData\Roaming\wklnhst.dat
      2008-03-12 08:27 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-28 11:15 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-25 15:41 --------- d-----w C:\Program Files\RM-X Player V5.2
      2008-02-24 09:32 --------- d-----w C:\ProgramData\Yahoo! Companion
      2008-02-24 09:15 --------- d-----w C:\Program Files\Yahoo!
      2008-02-23 09:45 --------- d-----w C:\ProgramData\Nero
      2008-02-23 09:22 964,735 ----a-w C:\Users\alexandre\SETUP-UCS_V4.6.3[1].EXE
      2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
      2008-02-21 08:05 --------- d-----w C:\Program Files\Common Files\AVSMedia
      2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
      2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
      2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
      2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
      2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
      2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
      2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
      2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
      2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
      2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
      2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
      2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
      2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
      2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
      2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
      2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
      2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
      2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
      2008-02-20 22:03 --------- d-----w C:\Users\alexandre\AppData\Roaming\AVSMedia
      2008-02-20 15:05 --------- d-----w C:\ProgramData\LightScribe
      2008-02-20 14:54 --------- d-----w C:\Users\alexandre\AppData\Roaming\Nero
      2008-02-16 09:26 --------- d-----w C:\Users\alexandre\AppData\Roaming\Zylom
      2008-02-16 09:18 --------- d-----w C:\ProgramData\Zylom
      2008-02-13 20:05 6,656 ----a-w C:\Windows\System32\kbd106n.dll
      2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
      2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
      2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
      2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
      2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
      2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
      2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
      2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
      2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
      2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
      2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
      2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
      2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
      2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
      2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
      2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
      2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
      2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
      2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
      2008-01-19 07:36 996,352 ----a-w C:\Windows\System32\WMNetMgr.dll
      2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
      2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
      2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
      2008-01-19 07:32 879,616 ----a-w C:\Windows\System32\Bubbles.scr
      2008-01-19 07:32 704,512 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-19 07:32 5,714,432 ----a-w C:\Windows\System32\logon.scr
      2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
      2008-01-19 07:32 221,184 ----a-w C:\Windows\System32\Mystify.scr
      2008-01-19 07:32 220,672 ----a-w C:\Windows\System32\Ribbons.scr
      2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
      2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
      2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
      2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
      2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
      2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
      2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-03_15.09.54,69 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-03 11:05:01 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-04-03 14:20:05 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2000-08-31 06:00:00 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
      - 2008-04-03 12:20:13 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-03 14:12:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-03 11:07:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-03 14:20:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
      + 2008-04-03 14:20:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
      - 2008-04-03 13:05:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-03 14:13:35 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-03 11:07:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-03 14:20:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      - 2008-04-03 11:11:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-03 14:20:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-03 11:11:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-03 14:20:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-03 11:11:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-03 14:20:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-03 11:12:42 101,052 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-03 14:17:38 101,052 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-03 11:12:42 123,350 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-04-03 14:17:38 123,350 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-04-03 11:12:42 586,980 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-03 14:17:38 586,980 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-03 11:12:42 669,340 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-04-03 14:17:38 669,340 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-03 11:08:23 10,218 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-386166472-3820410549-3574106131-1000_UserData.bin
      + 2008-04-03 14:12:23 10,250 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-386166472-3820410549-3574106131-1000_UserData.bin
      - 2008-04-03 11:08:23 63,706 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-03 14:12:23 63,834 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-04-03 11:08:18 58,442 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-04-03 14:12:18 58,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      -- Snapshot reset to current date --
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
      "Acer Tour Reminder"="" []
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 13:04 4423680 C:\Windows\RtHDVCpl.exe]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
      "eRecoveryService"="" []
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
      "BigDog303"="C:\Windows\VM303_STI.exe" [2006-01-25 00:07 61440]
      "VX1000"="C:\Windows\vVX1000.exe" [2007-04-10 23:46 709992]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "Skytel"="Skytel.exe" [2007-03-16 09:06 1822720 C:\Windows\SkyTel.exe]
      "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-03-27 18:10 874064]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
      "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

      C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 23:22:26 528384]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-10 11:43:52 124400]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{27A992E8-3191-4058-BDC4-1321D34A3BBD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{825364F4-5206-4106-9837-CCC9FB893293}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{24AB70F3-9717-43B1-B473-2B48017BC0F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{7013DBCF-570F-4A1C-9ED9-246C76E7D6C0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
      "UDP Query User{8C9DB831-4A24-4906-8F3D-9AA9B8E4FE4D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
      "TCP Query User{936884B8-1B40-4C9F-842A-6EFAD731E6BB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{1765ED25-98BE-4E1E-9438-945BB3F1880D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "TCP Query User{59A240AD-CDA6-42DD-A946-89500DBDC3F2}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
      "UDP Query User{4A6B8C50-28F1-40C3-8E7F-C4E82A1E2805}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
      "TCP Query User{21915AF6-98EA-4E44-8279-462D540D3DDB}C:\\program files\\sony ericsson\\update service\\telephone\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\telephone\update service\update service.exe:Update Service
      "UDP Query User{0AA490E6-7833-43E4-B1AB-AD4B83EA77DE}C:\\program files\\sony ericsson\\update service\\telephone\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\telephone\update service\update service.exe:Update Service
      "{01400A41-6A7A-4ED6-A5A4-706284860364}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
      "{D3F73AE7-645D-49BE-8168-BB3E3F8C328E}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
      "TCP Query User{2BF471F2-563B-4349-8316-9964B0BB96F7}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "UDP Query User{B5E828EB-9ABB-47FB-9ADE-8403AE7B1F68}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
      "TCP Query User{9CE08571-F730-488D-AA7E-80C8674C667E}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
      "UDP Query User{A4ED8093-6D04-4AC9-96E1-B4180C89A7D9}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
      "TCP Query User{4D2650CB-C384-4017-8EF4-9218DA6B2B6D}C:\\program files\\emule1\\emule.exe"= UDP:C:\program files\emule1\emule.exe:eMule Plus
      "UDP Query User{92717BED-A18E-4C67-927A-0A6F27F0BD16}C:\\program files\\emule1\\emule.exe"= TCP:C:\program files\emule1\emule.exe:eMule Plus

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
      "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
      "C:\\Program Files\\WINSOS\\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
      "C:\\Program Files\\WINSOS\\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
      "C:\\Program Files\\WINSOS\\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help

      R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
      R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]
      S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0c4b680-cdcc-11dc-a28c-00016c0d3989}]
      \shell\AutoRun\command - J:\ClickMe.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-03 16:20:50
      Windows 6.0.6001 Service Pack 1 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Windows\system32\conime.exe
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-03 16:23:30 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-04-03 14:23:23
      ComboFix2.txt 2008-04-03 13:52:51
      ComboFix3.txt 2008-04-03 13:10:15
      Pre-Run: 40,559,837,184 octets libres
      Post-Run: 40,248,938,496 octets libres
      .
      2008-04-02 07:24:25 --- E O F ---

      et le rapport hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:24:57, on 03/04/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\VM303_STI.EXE
      C:\Windows\vVX1000.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Windows\Explorer.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
      C:\Users\alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR8V47TH\HiJackThis[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    a l´aide de hijack this coche et fix :

    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    puis passe cet antispyware :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      voici le rapport de malwarebytes:
      Malwarebytes' Anti-Malware 1.10
      Version de la base de données: 586

      Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
      Eléments examinés: 114843
      Temps écoulé: 18 minute(s), 32 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 2
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok alex ;-)

    post un nouveau rapport hijack this stp

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      voici le rapport hijackthis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:03:21, on 03/04/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\VM303_STI.EXE
      C:\Windows\vVX1000.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Windows\Explorer.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Users\alexandre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HPNJICB\HiJackThis[1].exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    re

    a l´aide de hijack this coche et fix :

    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    puis il serait judicieux d´installer un vrai par feu autre que celui de windows qui laise a desirer :

    si tu est en vista 64 bits :

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    tuto : https://www.malekal.com/tutorial-comodo-firewall/

    ou

    en 32 bits

    http://soft.softoogle.com/

    ou plus facil a parametrer mais moins efficace : zone alarm

    https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html

    https://www.zonealarm.com/software/free-firewall

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    puis tu peux rajouter cet antispyware :

    https://www.usitility.com/spywareblaster/

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    comment ca va de ton coté ?

    pour verifier il serait sage de faire ce scan en ligne :

    http://www.vista-xp.fr/forum/topic110.html

    ps : avant de commencer le scan panda il faut desactiver avast qui ne l´aime pas du tout.

    voila

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      voici le rapport scan panda:
      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2008-04-03 20:44:00
      PROTECTIONS: 1
      MALWARE: 25
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      avast! antivirus 4.8.1169 [VPS 080402-0] 4.8.1169 No Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@doubleclick[1].txt
      00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@doubleclick[1].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@atdmt[1].txt
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@tradedoubler[1].txt
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@tradedoubler[1].txt
      00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@fastclick[1].txt
      00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@pacificpoker[1].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@xiti[1].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@xiti[1].txt
      00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@statcounter[2].txt
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@ad.yieldmanager[2].txt
      00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@apmebf[2].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@serving-sys[2].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@serving-sys[1].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@bs.serving-sys[2].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@bs.serving-sys[2].txt
      00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@888[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@weborama[1].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@weborama[1].txt
      00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@adtech[1].txt
      00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@fl01.ct2.comclick[1].txt
      00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@advertising[1].txt
      00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@statse.webtrendslive[2].txt
      00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@overture[2].txt
      00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@zedo[2].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@bluestreak[2].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@bluestreak[1].txt
      00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@adrevolver[2].txt
      00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@adviva[2].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\alexandre@smartadserver[2].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandre@smartadserver[2].txt
      01185375 Application/Psexec.A HackTools No 0 Yes No C:\Windows\PSEXESVC.EXE
      02889738 Adware/NaviPromo Adware No 1 Yes No C:\Users\alexandre\AppData\Local\asngztnfct.exe.vir
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location �Fl����
      3
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description �Fl����
      3
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    re.

    où en sont tes soucis ?

    @´+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      ca va plus de soucis j'ai telecharger zone alarm et spyware doctor merci pour ton aide
      0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok alex1912 ;-)

    fais ceci pour supprimer les outils utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      j'ai un probleme avec toolscleaner il ne repond pas quand je click sur recherche
      0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    fichier !

    supprime les outils manuellement :

    hijack this
    combofix puis les dossiers a la racine de C.\qoobox et combofix.txt

    @+
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      ok j'ai tout supprimer
      0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    cool ;-)

    bon, nos chemins se separent ici...

    bonne continuation`

    bye`

    g!rly`
    0
    1. alex1912 Messages postés 44 Statut Membre
       
      ok merci a toi pour ton aide
      0
    2. leon95 Messages postés 1231 Statut Membre 22
       
      oh non je veux pas..que nos chemins se separent....
      0
      1. g!rly Messages postés 18462 Statut Contributeur 407 > leon95 Messages postés 1231 Statut Membre
         
        LoL
        Pourtant un jour, il le faut !
        ;-)
        0
      2. leon95 Messages postés 1231 Statut Membre 22 > g!rly Messages postés 18462 Statut Contributeur
         
        sourires...mais qui m aidera apres??
        0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    ;-)
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    Time will tell ?!
    0
    1. leon95 Messages postés 1231 Statut Membre 22
       
      bonjour.;peux tu traduire??merci
      0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut
    regarde sur google LOL
    0
    1. leon95 Messages postés 1231 Statut Membre 22
       
      ouais mais je ne comprends pas cette langue etrangere...

      Mx3 - TIME WILL TELL - Metal Punk HxC
      Formé fin 2003, Time will Tell est un groupe de punk rock avec cuivres, mais également un team de skeleton, curling, patinage de vitesse et autre combiné ...
      www.mx3.ch/artist/timewilltell - 49k - En cache - Pages similaires

      merci de m expliquer.;je ne suis pas tres fute vas tu dire..mais je ne vois pas le rapport
      0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    achete un dictionnaire LOL
    ca veut dire : avec le temps on verra...
    0
    1. leon95 Messages postés 1231 Statut Membre 22
       
      ....tu peux me l offrir???
      0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    c´est pas un forum de discution !
    stop`
    0