panda ou antivir?Fermé

Question

Bonjour,

j'ai le meme probleme que ds le sujet suivant:

http://www.commentcamarche.net/forum/affich 5744306 probleme trojandownloader xs c windows wml

... où vous nous recommandé d'utiliser antivir; le probleme est que j'ai panda.
Que dois-je faire, désinstaller panda, le désactiver, le combiner; ne vont -ils pas entrer en confusion?
Pour le moment c'est dans mons cerveau qu'il y-a confusion. Merci pour votre aide.

                                        &#9827;rEms2MaRs&#9827;

g!rly · Answer

salut,

garde panda,

post un rapport hijack this stp

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+

asics · Answer

Premièrement il est incompatible de mettre, lancé 2 antivirus en même temps ( la protection n'est pas doublée comme beaucoup le crois), après il doit bien y avoir un autre moyen que d'installer antivir...

Néanmoins vu sa légéreté je pense que je l'installerai, comme ça il te vire ton problème et ça te permettra de le tester et qui sait de peut-être l'adopter.

prend juste soin de ne pas les lancer simultanément

rems2mars · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:08, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32undll32.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\xijsvyvs.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AvTask.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony\ACID Pro 5.0\acid50.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Capturino 1.4\Capturino.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: stfngdvw - {CB3FFE86-E971-48CB-A945-D6CDEA33E842} - C:\WINDOWS\stfngdvw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xfwvoiqw] C:\WINDOWS\system32\xijsvyvs.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

g!rly · Answer

re,

passe ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+

un nouveau rapport hijack this

@+

rems2mars · Answer

ok je poste tout ca vers midi, Merci.beaucoup pour ton aide...
   a toute ....

g!rly · Answer

ok

je vais m´absenter moi aussi a un moment mais je reviendrais; t´inkièt ;D

@+

rems2mars · Answer

ca marche ;  merci

g!rly · Answer

de rien`

rems2mars · Answer

as tu stp un lien valide pour télécharger combofix.exe?
 j'en ai essayer plusieurs mais ils ne fonctionnent pas.
merci

g!rly · Answer

re,

oui c´est vrai il n´est pas accessible...

prends le ici :

http://sd-1.archive-host.com/membres/up/1366464061/ComboFix2.rar

@+

rems2mars · Answer

nouveau probleme:  ton lien est bon 
*j'ai decompresser l' .exe ke j'ai mis sur le bureau,
*j'ai fermé toutes les appli, 
*me suis déconnecté d'internet 
*et désactivé mon anti-virus.
je double-clic sur l' ".exe ComboFix(2)", il fait mine de s'ouvrir en chargeant brièvement, mais rien ne se passe
Que dois-je faire?
merci

g!rly · Answer

re,

je crois qu´il y a un probleme avec combofix depuis aujourd´hui ;-/

on va faire manuellement :

Télécharge ComboScan sur ton Bureau en bas de cette pae en clickant sur download file

-> http://www.geekstogo.com/forum/files/

Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.

Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.

@+

rems2mars · Answer

ALors !!! voici les hyéroglifs que tu m'a demandé:


Deckard's System Scanner v20071014.68
Run by Rems on 2008-04-08 15:10:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Rems.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:46, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32undll32.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\xijsvyvs.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32undll32.exe
C:\Documents and Settings\Rems\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rems.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.search.yahoo.com/?fr=altavista
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: stfngdvw - {CB3FFE86-E971-48CB-A945-D6CDEA33E842} - C:\WINDOWS\stfngdvw.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xfwvoiqw] C:\WINDOWS\system32\xijsvyvs.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

g!rly · Answer

ok

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

n´y touche pas 

redemarre en mode sans echec:

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
une fois en mode sans echec.

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xfwvoiqw"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\WINDOWS\system32\xijsvyvs.exe
C:\WINDOWS\stfngdvw.dll
C:\WINDOWS\svpekgonrlo.dll
C:\WINDOWS\system32\smrgdf.exe
C:\WINDOWS\system32\iolobtdfg.exe
C:\WINDOWS\system32\mfc45.dll
C:\Documents and Settings\LocalService\Application Data\iolo
C:\Program Files\iolo
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\a.bat
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\iTunesMusic.exe
C:\Documents and Settings\Rems\Bureauvirii
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32smp
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32msvchost.exe
C:\Documents and Settings\Rems\Bureaufilemanagerclient.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\bdn.com
C:\Documents and Settings\Rems\BureauFWebdEditor.exe
C:\Documents and Settings\Rems\Bureaufwebd.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32awtoolb.dll
C:\Documents and Settings\All Users\Application Data\verebaha
C:\WINDOWS\system32\xijsvyvs.exe
C:\WINDOWS\sxfnewqb.dll
C:\WINDOWS\fkdnrwsv.dll
C:\WINDOWS\stfngdvw.dll

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

@+

rems2mars · Answer

* je Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles :

C:\WINDOWS\system32\xijsvyvs.exe moved successfully.
C:\WINDOWS\stfngdvw.dll unregistered successfully.
C:\WINDOWS\stfngdvw.dll moved successfully.
C:\WINDOWS\svpekgonrlo.dll NOT unregistered.
C:\WINDOWS\svpekgonrlo.dll moved successfully.
C:\WINDOWS\system32\smrgdf.exe moved successfully.
C:\WINDOWS\system32\iolobtdfg.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mfc45.dll
C:\WINDOWS\system32\mfc45.dll NOT unregistered.
C:\WINDOWS\system32\mfc45.dll moved successfully.
C:\Documents and Settings\LocalService\Application Data\iolo moved successfully.
C:\Program Files\iolo\System Mechanic 7\WebUpdate moved successfully.
C:\Program Files\iolo\System Mechanic 7 moved successfully.
C:\Program Files\iolo\Common\Lib moved successfully.
C:\Program Files\iolo\Common moved successfully.
C:\Program Files\iolo moved successfully.
LoadLibrary failed for C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\userconfig9x.dll NOT unregistered.
C:\WINDOWS\userconfig9x.dll moved successfully.
C:\WINDOWS\system32winlogonpc.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hoproxy.dll NOT unregistered.
C:\WINDOWS\system32hoproxy.dll moved successfully.
C:\WINDOWS\FVProtect.exe moved successfully.
C:\WINDOWS\system32taack.exe moved successfully.
C:\WINDOWS\system32taack.dat moved successfully.
C:\WINDOWS\system32sncntr.exe moved successfully.
C:\WINDOWS\system32mwin32.exe moved successfully.
C:\WINDOWS\system32hxiwlgpm.exe moved successfully.
C:\WINDOWS\system32hxiwlgpm.dat moved successfully.
C:\WINDOWS\a.bat moved successfully.
C:\WINDOWS\system32psoft1.exe moved successfully.
C:\WINDOWS\system32psof1.exe moved successfully.
C:\WINDOWS\system32ps1.exe moved successfully.
C:\WINDOWS\system32bsva-egihsg52.exe moved successfully.
C:\WINDOWS\iTunesMusic.exe moved successfully.
C:\Documents and Settings\Rems\Bureauvirii moved successfully.
C:\WINDOWS\system32temp#01.exe moved successfully.
C:\WINDOWS\system32ssvchost.exe moved successfully.
C:\WINDOWS\system32ssvchost.com moved successfully.
LoadLibrary failed for C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssurf022.dll NOT unregistered.
C:\WINDOWS\system32ssurf022.dll moved successfully.
C:\WINDOWS\system32smp moved successfully.
C:\WINDOWS\system32netode.exe moved successfully.
C:\WINDOWS\system32mtr2.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msnbho.dll NOT unregistered.
C:\WINDOWS\system32msnbho.dll moved successfully.
C:\WINDOWS\system32msgp.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup020.dll NOT unregistered.
C:\WINDOWS\system32medup020.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup012.dll NOT unregistered.
C:\WINDOWS\system32medup012.dll moved successfully.
< C:\WINDOWS\system32h@tkeysh@@k.dll  >
LoadLibrary failed for C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32h@tkeysh@@k.dll NOT unregistered.
C:\WINDOWS\system32h@tkeysh@@k.dll moved successfully.
C:\WINDOWS\system32dpcproxy.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun32.dll NOT unregistered.
C:\WINDOWS\system32thun32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun.dll NOT unregistered.
C:\WINDOWS\system32thun.dll moved successfully.
C:\WINDOWS\system32Rundl1.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regm64.dll NOT unregistered.
C:\WINDOWS\system32regm64.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regc64.dll NOT unregistered.
C:\WINDOWS\system32regc64.dll moved successfully.
C:\WINDOWS\system32msvchost.exe moved successfully.
C:\Documents and Settings\Rems\Bureaufilemanagerclient.exe moved successfully.
C:\WINDOWS\winsystem.exe moved successfully.
C:\WINDOWS\system32winsystem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vcatchpi.dll NOT unregistered.
C:\WINDOWS\system32vcatchpi.dll moved successfully.
C:\WINDOWS\system32newsd32.exe moved successfully.
C:\WINDOWS\system32mssecu.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32emesx.dll NOT unregistered.
C:\WINDOWS\system32emesx.dll moved successfully.
C:\WINDOWS\system32bdn.com moved successfully.
LoadLibrary failed for C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32anticipator.dll NOT unregistered.
C:\WINDOWS\system32anticipator.dll moved successfully.
C:\WINDOWS\system32akttzn.exe moved successfully.
C:\WINDOWS\mssecu.exe moved successfully.
C:\WINDOWS\bdn.com moved successfully.
C:\Documents and Settings\Rems\BureauFWebdEditor.exe moved successfully.
C:\Documents and Settings\Rems\Bureaufwebd.exe moved successfully.
C:\WINDOWS\system32WINWGPX.EXE moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vbsys2.dll NOT unregistered.
C:\WINDOWS\system32vbsys2.dll moved successfully.
C:\WINDOWS\system32sysreq.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32awtoolb.dll NOT unregistered.
C:\WINDOWS\system32awtoolb.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\verebaha moved successfully.
File/Folder C:\WINDOWS\system32\xijsvyvs.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\sxfnewqb.dll
C:\WINDOWS\sxfnewqb.dll NOT unregistered.
C:\WINDOWS\sxfnewqb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\fkdnrwsv.dll
C:\WINDOWS\fkdnrwsv.dll NOT unregistered.
C:\WINDOWS\fkdnrwsv.dll moved successfully.
File/Folder C:\WINDOWS\stfngdvw.dll not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_155808



*********************************
Pour le rapport hijack this je dois le faire tout déconnecté ?????,,

g!rly · Answer

ok

essaie a nouveau combofix il doit remarcher maintenant ;-)

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

rems2mars · Answer

ComboFix 08-04-07.5 - Rems 2008-04-08 16:30:15.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.78 [GMT 2:00] Endroit: C:\Documents and Settings\Rems\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))))))) . 2008-04-08 16:20 . 2008-04-08 16:20 d-------- C:\ComboFix(2) 2008-04-08 16:19 . 2008-04-08 16:19 0 --a------ C:\Documents and Settings\Rems\.EXE 2008-04-08 15:58 . 2008-04-08 15:58 d-------- C:\_OTMoveIt 2008-04-08 15:05 . 2008-04-08 15:05 d-------- C:\Deckard 2008-04-08 10:07 . 2008-04-08 10:07 d-------- C:\Program Files\Trend Micro 2008-04-07 17:35 . 2008-04-07 17:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-07 17:35 . 2008-04-07 17:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-04 21:41 . 2008-04-07 17:22 d-------- C:\Program Files\Total Uninstall 4 2008-04-04 21:41 . 2008-04-04 21:41 d-------- C:\Documents and Settings\All Users\Application Data\Martau 2008-04-01 00:38 . 2008-04-01 00:55 d-------- C:\Program Files\Winsos 2008-04-01 00:34 . 2008-04-01 00:34 d-------- C:\Program Files\PC-Cleaner 2008-03-31 08:45 . 2008-03-31 08:45 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg 2008-03-31 08:33 . 2008-03-13 10:19 438,632 --a------ C:\WINDOWS\system32\Incinerator.dll 2008-03-31 08:30 . 2008-03-31 09:25 d-------- C:\Documents and Settings\Rems\Application Data\iolo 2008-03-31 08:30 . 2008-03-31 08:45 d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-03-31 08:05 . 2008-03-31 09:14 1,270 --a------ C:\WINDOWS\ARCHPR4.INI 2008-03-31 08:04 . 2008-03-31 10:21 d-------- C:\Program Files\ElcomSoft 2008-03-30 22:21 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-03-28 10:09 . 2008-03-28 10:09 3,532 --a------ C:\drmHeader.bin 2008-03-26 23:10 . 2008-03-26 23:10 d-------- C:\Program Files\MagicISO 2008-03-26 21:50 . 2008-03-27 20:54 d-------- C:\Données Ciel 2008-03-26 21:48 . 2008-03-27 20:58 117 --a------ C:\WINDOWS\system32\CRUNX.BIN 2008-03-26 21:44 . 2008-03-31 10:24 d-------- C:\Program Files\RunAtStart 2008-03-26 21:29 . 2008-03-26 21:29 d-------- C:\Program Files\ISSENDIS 2008-03-26 21:28 . 2008-03-26 21:29 d-------- C:\Documents and Settings\Rems\Application Data\OFFICE One v6 2008-03-26 21:27 . 2008-03-26 21:27 d-------- C:\Program Files\Ciel 2008-03-26 21:27 . 2008-03-26 21:48 d-------- C:\Documents and Settings\All Users\Application Data\Ciel 2008-03-26 19:15 . 2008-03-26 21:29 d-------- C:\Program Files\OFFICE One6.5 2008-03-26 19:15 . 2008-03-26 19:15 77,824 --a------ C:\WINDOWS\uinst001.exe 2008-03-26 19:15 . 2008-03-26 19:15 235 --a------ C:\WINDOWS\oomultiuser.oon 2008-03-25 08:48 . 2008-03-25 08:48 d-------- C:\Documents and Settings\Rems\Application Data\DivX 2008-03-25 08:47 . 2008-03-25 08:47 d-------- C:\Program Files\DivX 2008-03-24 18:45 . 2008-03-24 20:36 93 --a------ C:\WINDOWS\Videodeluxe.INI 2008-03-24 18:41 . 2008-03-24 18:46 d-------- C:\Program Files\Fichiers communs\MAGIX Shared 2008-03-24 18:40 . 2008-03-24 18:40 d-------- C:\MAGIX 2008-03-24 18:40 . 1998-10-15 18:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2008-03-24 18:36 . 2008-03-24 18:45 d-------- C:\WINDOWS\system32\MAGIX 2008-03-24 18:36 . 2006-09-13 14:44 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll 2008-03-24 18:36 . 2008-03-24 18:46 6,423 --a------ C:\WINDOWS\mgxoschk.ini 2008-03-24 16:19 . 2008-03-24 16:19 d-------- C:\Documents and Settings\Rems\Application Data\NeroDigital™ 2008-03-24 14:01 . 2008-03-24 14:01 d-------- C:\Program Files\ASIO4ALL v2 2008-03-24 14:01 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32 ewire.dll 2008-03-23 18:36 . 2008-03-23 19:44 d-------- C:\Program Files\Repertoire 2008-03-21 19:50 . 2008-03-21 19:50 d-------- C:\Program Files\Intuisphere 2008-03-20 23:14 . 2008-03-20 23:14 d-------- C:\Program Files\Xvid 2008-03-20 23:14 . 2007-06-28 19:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-03-20 23:14 . 2007-06-28 19:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-03-20 23:14 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-03-19 20:25 . 2008-03-19 20:25 d-------- C:\Program Files\pspvideo9 2008-03-19 20:25 . 2008-03-19 20:25 d-------- C:\Program Files\AviSynth 2.5 2008-03-19 18:36 . 2008-03-19 18:36 d-------- C:\Program Files\MediaInfo 2008-03-17 19:24 . 2008-03-17 19:24 d-------- C:\Documents and Settings\Rems\Application Data\Cakewalk 2008-03-17 19:20 . 2008-03-17 23:51 d-------- C:\Program Files\Cakewalk 2008-03-15 13:44 . 2008-03-15 13:44 d-------- C:\Program Files\VirtualDJ 2008-03-15 13:05 . 2008-03-15 13:21 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-03-15 12:57 . 2008-03-31 10:23 d-------- C:\Program Files\Autodesk 2008-03-15 12:50 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-03-15 12:50 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-03-15 12:50 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-03-15 12:49 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-03-15 12:48 . 2008-03-15 12:48 d-------- C:\Program Files\Windows Media Connect 2 2008-03-15 12:46 . 2008-03-15 12:46 d-------- C:\WINDOWS\system32\LogFiles 2008-03-15 12:46 . 2008-03-15 12:47 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-15 12:13 . 2008-03-15 12:13 d--h----- C:\WINDOWS\PIF 2008-03-15 11:40 . 2008-03-15 11:40 d-------- C:\Program Files\Fichiers communs\PACE Anti-Piracy 2008-03-15 11:40 . 2008-03-15 11:40 d-------- C:\Documents and Settings\Rems\Application Data\PACE Anti-Piracy 2008-03-15 11:40 . 2008-03-15 11:40 d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-03-15 11:40 . 2007-10-31 01:34 196,608 --a------ C:\WINDOWS\system32\Digi32.dll 2008-03-15 11:39 . 2008-03-15 11:39 d-------- C:\Program Files\Fichiers communs\Digidesign 2008-03-15 11:39 . 2008-03-15 11:40 d-------- C:\Program Files\Digidesign 2008-03-15 11:38 . 2008-03-15 11:38 d-------- C:\Documents and Settings\Rems\Application Data\InstallShield 2008-03-15 11:13 . 2008-03-15 11:13 d-------- C:\Program Files\PowerISO 2008-03-14 23:49 . 2008-03-14 23:49 d-------- C:\Program Files\Fichiers communs\xing shared 2008-03-13 23:57 . 2008-03-13 23:57 d-------- C:\Program Files\NeroInstall.bak 2008-03-13 23:54 . 2008-03-13 23:54 d-------- C:\Program Files\Nero 2008-03-13 21:50 . 2008-03-13 21:50 d-------- C:\Program Files\ESTsoft 2008-03-13 21:50 . 2008-03-13 21:50 d-------- C:\Documents and Settings\Rems\Application Data\ESTsoft 2008-03-13 21:37 . 2008-04-07 17:19 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-13 20:31 . 2008-03-13 20:31 144 --a------ C:\WINDOWS\Eudcedit.ini 2008-03-13 20:17 . 2008-03-13 20:17 d-------- C:\Documents and Settings\Rems\Application Data\Nero 2008-03-13 20:14 . 2008-03-13 23:55 d-------- C:\Program Files\Fichiers communs\Nero 2008-03-13 20:14 . 2008-03-13 23:54 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-03-13 19:38 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\drivers cpip.sys.ORIGINAL 2008-03-13 19:38 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\dllcache cpip.sys.ORIGINAL 2008-03-13 10:42 . 2008-03-13 10:42 d-------- C:\Documents and Settings\Rems\Application Data\AdobeUM 2008-03-13 08:54 . 2008-03-13 08:54 d-------- C:\Program Files\Outsim 2008-03-12 21:37 . 2008-03-12 21:37 d-------- C:\WINDOWS\Sun 2008-03-11 16:57 . 2008-03-13 08:43 d-------- C:\Program Files\BitComet 2008-03-11 16:57 . 2008-04-07 08:18 d-------- C:\Downloads 2008-03-11 16:57 . 2008-03-11 16:57 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-03-09 14:30 . 2008-03-09 14:30 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-08 14:34 . 2008-04-03 17:36 2,110 --a------ C:\WINDOWS\cdplayer.ini 2008-03-08 12:24 . 2008-03-13 20:20 d-------- C:\Program Files\Tweak-XP Pro 4 2008-03-08 11:50 . 1999-03-24 10:54 40,960 --a------ C:\WINDOWS\system32\dsplib.dll 2008-03-08 11:45 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2008-03-08 11:44 . 2008-04-04 21:52 d-------- C:\Program Files\Image-Line 2008-03-08 11:20 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-08 11:20 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-08 11:20 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 14:19 0 ----a-w C:\Documents and Settings\Rems\.EXE 2008-04-05 04:29 --------- d-----w C:\Program Files\Vstplugins 2008-03-31 08:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-03-26 21:17 --------- d-----w C:\Program Files\Sony Setup 2008-03-16 19:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-15 10:13 --------- d-----w C:\Program Files\Sony 2008-03-15 09:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-14 21:49 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-13 17:38 360,064 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-03-09 10:23 --------- d-----w C:\Program Files\Windows Live 2008-03-07 16:45 --------- d-----w C:\Program Files\Screaming Bee 2008-03-07 16:30 --------- d-----w C:\Documents and Settings\Rems\Application Data\Screaming Bee 2008-03-07 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee 2008-03-07 16:29 --------- d-----w C:\Program Files\Fichiers communs\Screaming Bee 2008-03-07 15:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-07 14:32 --------- d-----w C:\Program Files\FC Loader 2008-03-07 12:57 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-03-07 12:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-07 12:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-07 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-07 11:15 --------- d-----w C:\Documents and Settings\Rems\Application Data\MSNInstaller 2008-03-07 10:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony 2008-03-07 10:58 --------- d-----w C:\Documents and Settings\Rems\Application Data\Publish Providers 2008-03-07 10:58 --------- d-----w C:\Documents and Settings\Rems\Application Data\NetMedia Providers 2008-03-07 10:57 --------- d-----w C:\Documents and Settings\Rems\Application Data\Sony 2008-03-07 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data View_Profiles 2008-03-07 09:23 --------- d-----w C:\Program Files\HP 2008-03-07 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2008-03-07 09:07 --------- d-----w C:\Program Files\Fichiers communs\HP 2008-03-07 08:40 --------- d-----w C:\Program Files\Hewlett-Packard 2008-03-07 08:14 --------- d-----w C:\Program Files\Google 2008-03-07 08:06 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2008-03-07 07:44 --------- d-----w C:\Program Files\Java 2008-03-07 07:41 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd 2008-03-07 07:41 --------- d-----w C:\Program Files\Fichiers communs\Labtec 2008-03-07 07:40 --------- d-----w C:\Program Files\Labtec 2008-03-07 07:28 --------- d-----w C:\Documents and Settings\Rems\Application Data\OD2 2008-03-07 01:11 --------- d-----w C:\Program Files\Services en ligne 2008-03-07 01:11 --------- d-----w C:\Program Files\QuickTime 2008-03-07 01:10 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared 2008-03-07 01:10 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-03-07 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-07 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2 2008-03-07 01:09 --------- d-----w C:\Program Files\Fichiers communs\aolshare 2008-03-07 01:09 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-03-07 01:09 --------- d-----w C:\Program Files\AOL Compagnon 2008-03-07 01:09 --------- d-----w C:\Program Files\AOL 9.0 2008-03-06 21:10 --------- d-----w C:\Documents and Settings\Rems\Application Data\Jasc 2008-03-06 21:09 --------- d-----w C:\Program Files\Jasc Software Inc 2008-03-06 21:09 --------- d-----w C:\Documents and Settings\Rems\Application Data\Jasc Software Inc 2008-03-06 20:45 --------- d-----w C:\Program Files\Total Video Converter 2008-03-06 20:44 --------- d-----w C:\Program Files\Capturino 1.4 2008-03-06 20:42 --------- d-----w C:\Documents and Settings\Rems\Application Data\TuneUp Software 2008-03-06 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-06 20:41 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-06 19:38 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-06 18:09 --------- d-----w C:\Program Files\Fichiers communs\Panda Software 2008-03-06 16:56 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-03-06 16:56 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys 2008-03-06 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel 2008-03-06 16:38 --------- d-----w C:\Program Files\Panda Security 2008-03-06 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-06 16:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ------- Sigcheck ------- 2005-03-14 03:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE cpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE cpip.sys 2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$ cpip.sys 2005-03-14 02:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB941644$ cpip.sys 2008-03-13 19:38 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\dllcache cpip.sys 2008-03-13 19:38 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\drivers cpip.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [2008-03-28 13:31 2116102] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 12:26 5566464] "nwiz"="nwiz.exe" [2005-03-05 12:26 1495040 C:\WINDOWS\system32 wiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 11:10 110740] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 16:14 455984] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 18:48 488984] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-03-14 23:49 185896] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-12 18:44 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 10:09 171448] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2008-03-26 21:29:07 257536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableCurrentUserRunOnce"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\avldr] avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave"= Digi32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2008-02-01 09:20 2194744 C:\Program Files\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-03-06 18:58 1060376 C:\Program Files\Labtec\WebCam10\WebCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2008-03-07 14:57 185480 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] --a------ 2008-03-14 23:49 69632 C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 10:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9] --a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspvideo9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-07-12 18:44 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-14 23:49 185896 C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\aol.exe"= "C:\WINDOWS\system32\sessmgr.exe"= "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\BitComet\BitComet.exe"= "C:\Program Files\Internet Explorer\iexplore.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\Winsos\winsos.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22173:TCP"= 22173:TCP:BitComet 22173 TCP "22173:UDP"= 22173:UDP:BitComet 22173 UDP R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-06 18:56] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-06 18:56] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00] S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-08 10:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job" - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe "2008-04-04 15:40:40 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 16:33:15 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime] "ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime" . Temps d'accomplissement: 2008-04-08 16:34:54 ComboFix-quarantined-files.txt 2008-04-08 14:34:50 ComboFix2.txt 2008-04-08 14:27:19 Pre-Run: 54,600,646,656 octets libres Post-Run: 54,588,899,328 octets libres . 2008-03-30 20:21:34 --- E O F ---

g!rly · Answer

re,

la suite :


Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\ioloBootDefrag.cfg

Folder::
C:\Program Files\iolo

Driver::
ioloFileInfoList
ioloSystemService

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

puis passe cet antispyware :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

rems2mars · Answer

ComboFix 08-04-07.5 - Rems 2008-04-08 19:22:45.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.104 [GMT 2:00] Endroit: C:\Documents and Settings\Rems\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Rems\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\ioloBootDefrag.cfg . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ioloBootDefrag.cfg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IOLOSYSTEMSERVICE -------\Service_ioloSystemService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))))))) . 2008-04-08 16:34 . 53,248 C:\WINDOWS\PSEXESVC.EXE 2008-04-08 16:20 . 2008-04-08 16:20 d-------- C:\ComboFix(2) 2008-04-08 16:19 . 2008-04-08 16:19 0 --a------ C:\Documents and Settings\Rems\.EXE 2008-04-08 15:58 . 2008-04-08 15:58 d-------- C:\_OTMoveIt 2008-04-08 15:05 . 2008-04-08 15:05 d-------- C:\Deckard 2008-04-08 10:07 . 2008-04-08 10:07 d-------- C:\Program Files\Trend Micro 2008-04-07 17:35 . 2008-04-07 17:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-07 17:35 . 2008-04-07 17:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-04 21:41 . 2008-04-07 17:22 d-------- C:\Program Files\Total Uninstall 4 2008-04-04 21:41 . 2008-04-04 21:41 d-------- C:\Documents and Settings\All Users\Application Data\Martau 2008-04-01 00:38 . 2008-04-01 00:55 d-------- C:\Program Files\Winsos 2008-04-01 00:34 . 2008-04-01 00:34 d-------- C:\Program Files\PC-Cleaner 2008-03-31 08:33 . 2008-03-13 10:19 438,632 --a------ C:\WINDOWS\system32\Incinerator.dll 2008-03-31 08:30 . 2008-03-31 09:25 d-------- C:\Documents and Settings\Rems\Application Data\iolo 2008-03-31 08:30 . 2008-03-31 08:45 d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-03-31 08:05 . 2008-03-31 09:14 1,270 --a------ C:\WINDOWS\ARCHPR4.INI 2008-03-31 08:04 . 2008-03-31 10:21 d-------- C:\Program Files\ElcomSoft 2008-03-30 22:21 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-03-28 10:09 . 2008-03-28 10:09 3,532 --a------ C:\drmHeader.bin 2008-03-26 23:10 . 2008-03-26 23:10 d-------- C:\Program Files\MagicISO 2008-03-26 21:50 . 2008-03-27 20:54 d-------- C:\Donn‚es Ciel 2008-03-26 21:48 . 2008-03-27 20:58 117 --a------ C:\WINDOWS\system32\CRUNX.BIN 2008-03-26 21:44 . 2008-03-31 10:24 d-------- C:\Program Files\RunAtStart 2008-03-26 21:29 . 2008-03-26 21:29 d-------- C:\Program Files\ISSENDIS 2008-03-26 21:28 . 2008-03-26 21:29 d-------- C:\Documents and Settings\Rems\Application Data\OFFICE One v6 2008-03-26 21:27 . 2008-03-26 21:27 d-------- C:\Program Files\Ciel 2008-03-26 21:27 . 2008-03-26 21:48 d-------- C:\Documents and Settings\All Users\Application Data\Ciel 2008-03-26 19:15 . 2008-03-26 21:29 d-------- C:\Program Files\OFFICE One6.5 2008-03-26 19:15 . 2008-03-26 19:15 77,824 --a------ C:\WINDOWS\uinst001.exe 2008-03-26 19:15 . 2008-03-26 19:15 235 --a------ C:\WINDOWS\oomultiuser.oon 2008-03-25 08:48 . 2008-03-25 08:48 d-------- C:\Documents and Settings\Rems\Application Data\DivX 2008-03-25 08:47 . 2008-03-25 08:47 d-------- C:\Program Files\DivX 2008-03-24 18:45 . 2008-03-24 20:36 93 --a------ C:\WINDOWS\Videodeluxe.INI 2008-03-24 18:41 . 2008-03-24 18:46 d-------- C:\Program Files\Fichiers communs\MAGIX Shared 2008-03-24 18:40 . 2008-03-24 18:40 d-------- C:\MAGIX 2008-03-24 18:40 . 1998-10-15 18:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2008-03-24 18:36 . 2008-03-24 18:45 d-------- C:\WINDOWS\system32\MAGIX 2008-03-24 18:36 . 2006-09-13 14:44 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll 2008-03-24 18:36 . 2008-03-24 18:46 6,423 --a------ C:\WINDOWS\mgxoschk.ini 2008-03-24 16:19 . C:\Documents and Settings\Rems\Application Data\NeroDigitalT 2008-03-24 14:01 . 2008-03-24 14:01 d-------- C:\Program Files\ASIO4ALL v2 2008-03-24 14:01 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32 ewire.dll 2008-03-23 18:36 . 2008-03-23 19:44 d-------- C:\Program Files\Repertoire 2008-03-21 19:50 . 2008-03-21 19:50 d-------- C:\Program Files\Intuisphere 2008-03-20 23:14 . 2008-03-20 23:14 d-------- C:\Program Files\Xvid 2008-03-20 23:14 . 2007-06-28 19:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-03-20 23:14 . 2007-06-28 19:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-03-20 23:14 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-03-19 20:25 . 2008-03-19 20:25 d-------- C:\Program Files\pspvideo9 2008-03-19 20:25 . 2008-03-19 20:25 d-------- C:\Program Files\AviSynth 2.5 2008-03-19 18:36 . 2008-03-19 18:36 d-------- C:\Program Files\MediaInfo 2008-03-17 19:24 . 2008-03-17 19:24 d-------- C:\Documents and Settings\Rems\Application Data\Cakewalk 2008-03-17 19:20 . 2008-03-17 23:51 d-------- C:\Program Files\Cakewalk 2008-03-15 13:44 . 2008-03-15 13:44 d-------- C:\Program Files\VirtualDJ 2008-03-15 13:05 . 2008-03-15 13:21 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-03-15 12:57 . 2008-03-31 10:23 d-------- C:\Program Files\Autodesk 2008-03-15 12:50 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-03-15 12:50 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-03-15 12:50 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-03-15 12:49 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-03-15 12:48 . 2008-03-15 12:48 d-------- C:\Program Files\Windows Media Connect 2 2008-03-15 12:46 . 2008-03-15 12:46 d-------- C:\WINDOWS\system32\LogFiles 2008-03-15 12:46 . 2008-03-15 12:47 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-15 12:13 . 2008-03-15 12:13 d--h----- C:\WINDOWS\PIF 2008-03-15 11:40 . 2008-03-15 11:40 d-------- C:\Program Files\Fichiers communs\PACE Anti-Piracy 2008-03-15 11:40 . 2008-03-15 11:40 d-------- C:\Documents and Settings\Rems\Application Data\PACE Anti-Piracy 2008-03-15 11:40 . 2008-03-15 11:40 d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-03-15 11:40 . 2007-10-31 01:34 196,608 --a------ C:\WINDOWS\system32\Digi32.dll 2008-03-15 11:39 . 2008-03-15 11:39 d-------- C:\Program Files\Fichiers communs\Digidesign 2008-03-15 11:39 . 2008-03-15 11:40 d-------- C:\Program Files\Digidesign 2008-03-15 11:38 . 2008-03-15 11:38 d-------- C:\Documents and Settings\Rems\Application Data\InstallShield 2008-03-15 11:13 . 2008-03-15 11:13 d-------- C:\Program Files\PowerISO 2008-03-14 23:49 . 2008-03-14 23:49 d-------- C:\Program Files\Fichiers communs\xing shared 2008-03-13 23:57 . 2008-03-13 23:57 d-------- C:\Program Files\NeroInstall.bak 2008-03-13 23:54 . 2008-03-13 23:54 d-------- C:\Program Files\Nero 2008-03-13 21:50 . 2008-03-13 21:50 d-------- C:\Program Files\ESTsoft 2008-03-13 21:50 . 2008-03-13 21:50 d-------- C:\Documents and Settings\Rems\Application Data\ESTsoft 2008-03-13 21:37 . 2008-04-07 17:19 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-13 20:31 . 2008-03-13 20:31 144 --a------ C:\WINDOWS\Eudcedit.ini 2008-03-13 20:17 . 2008-03-13 20:17 d-------- C:\Documents and Settings\Rems\Application Data\Nero 2008-03-13 20:14 . 2008-03-13 23:55 d-------- C:\Program Files\Fichiers communs\Nero 2008-03-13 20:14 . 2008-03-13 23:54 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-03-13 19:38 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\drivers cpip.sys.ORIGINAL 2008-03-13 19:38 . 2007-10-30 19:20 360,064 --a------ C:\WINDOWS\system32\dllcache cpip.sys.ORIGINAL 2008-03-13 10:42 . 2008-03-13 10:42 d-------- C:\Documents and Settings\Rems\Application Data\AdobeUM 2008-03-13 08:54 . 2008-03-13 08:54 d-------- C:\Program Files\Outsim 2008-03-12 21:37 . 2008-03-12 21:37 d-------- C:\WINDOWS\Sun 2008-03-11 16:57 . 2008-03-13 08:43 d-------- C:\Program Files\BitComet 2008-03-11 16:57 . 2008-04-07 08:18 d-------- C:\Downloads 2008-03-11 16:57 . 2008-03-11 16:57 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-03-09 14:30 . 2008-03-09 14:30 1,158 --a------ C:\WINDOWS\mozver.dat 2008-03-08 14:34 . 2008-04-03 17:36 2,110 --a------ C:\WINDOWS\cdplayer.ini 2008-03-08 12:24 . 2008-03-13 20:20 d-------- C:\Program Files\Tweak-XP Pro 4 2008-03-08 11:50 . 1999-03-24 10:54 40,960 --a------ C:\WINDOWS\system32\dsplib.dll 2008-03-08 11:45 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2008-03-08 11:44 . 2008-04-04 21:52 d-------- C:\Program Files\Image-Line 2008-03-08 11:20 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-08 11:20 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-08 11:20 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 14:19 0 ----a-w C:\Documents and Settings\Rems\.EXE 2008-04-05 04:29 --------- d-----w C:\Program Files\Vstplugins 2008-03-31 08:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-03-26 21:17 --------- d-----w C:\Program Files\Sony Setup 2008-03-24 14:19 --------- d-----w C:\Documents and Settings\Rems\Application Data\NeroDigital™ 2008-03-16 19:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-15 10:13 --------- d-----w C:\Program Files\Sony 2008-03-15 09:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-14 21:49 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-13 17:38 360,064 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-03-09 10:23 --------- d-----w C:\Program Files\Windows Live 2008-03-07 16:45 --------- d-----w C:\Program Files\Screaming Bee 2008-03-07 16:30 --------- d-----w C:\Documents and Settings\Rems\Application Data\Screaming Bee 2008-03-07 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee 2008-03-07 16:29 --------- d-----w C:\Program Files\Fichiers communs\Screaming Bee 2008-03-07 15:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-07 14:32 --------- d-----w C:\Program Files\FC Loader 2008-03-07 12:57 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-03-07 12:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-07 12:48 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-07 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-07 11:15 --------- d-----w C:\Documents and Settings\Rems\Application Data\MSNInstaller 2008-03-07 10:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony 2008-03-07 10:58 --------- d-----w C:\Documents and Settings\Rems\Application Data\Publish Providers 2008-03-07 10:58 --------- d-----w C:\Documents and Settings\Rems\Application Data\NetMedia Providers 2008-03-07 10:57 --------- d-----w C:\Documents and Settings\Rems\Application Data\Sony 2008-03-07 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data View_Profiles 2008-03-07 09:23 --------- d-----w C:\Program Files\HP 2008-03-07 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2008-03-07 09:07 --------- d-----w C:\Program Files\Fichiers communs\HP 2008-03-07 08:40 --------- d-----w C:\Program Files\Hewlett-Packard 2008-03-07 08:14 --------- d-----w C:\Program Files\Google 2008-03-07 08:06 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2008-03-07 07:44 --------- d-----w C:\Program Files\Java 2008-03-07 07:41 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd 2008-03-07 07:41 --------- d-----w C:\Program Files\Fichiers communs\Labtec 2008-03-07 07:40 --------- d-----w C:\Program Files\Labtec 2008-03-07 07:28 --------- d-----w C:\Documents and Settings\Rems\Application Data\OD2 2008-03-07 01:11 --------- d-----w C:\Program Files\Services en ligne 2008-03-07 01:11 --------- d-----w C:\Program Files\QuickTime 2008-03-07 01:10 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared 2008-03-07 01:10 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared 2008-03-07 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-07 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2 2008-03-07 01:09 --------- d-----w C:\Program Files\Fichiers communs\aolshare 2008-03-07 01:09 --------- d-----w C:\Program Files\Fichiers communs\AOL 2008-03-07 01:09 --------- d-----w C:\Program Files\AOL Compagnon 2008-03-07 01:09 --------- d-----w C:\Program Files\AOL 9.0 2008-03-06 21:10 --------- d-----w C:\Documents and Settings\Rems\Application Data\Jasc 2008-03-06 21:09 --------- d-----w C:\Program Files\Jasc Software Inc 2008-03-06 21:09 --------- d-----w C:\Documents and Settings\Rems\Application Data\Jasc Software Inc 2008-03-06 20:45 --------- d-----w C:\Program Files\Total Video Converter 2008-03-06 20:44 --------- d-----w C:\Program Files\Capturino 1.4 2008-03-06 20:42 --------- d-----w C:\Documents and Settings\Rems\Application Data\TuneUp Software 2008-03-06 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-06 20:41 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-06 19:38 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-06 18:09 --------- d-----w C:\Program Files\Fichiers communs\Panda Software 2008-03-06 16:56 38,968 ----a-w C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-03-06 16:56 178,872 ----a-w C:\WINDOWS\system32\drivers\PavProc.sys 2008-03-06 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel 2008-03-06 16:38 --------- d-----w C:\Program Files\Panda Security 2008-03-06 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-06 16:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ------- Sigcheck ------- 2005-03-14 03:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE cpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE cpip.sys 2004-08-05 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$ cpip.sys 2005-03-14 02:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB941644$ cpip.sys 2008-03-13 19:38 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\dllcache cpip.sys 2008-03-13 19:38 360064 01c7cfaeeb03b86fde965a6007450a67 C:\WINDOWS\system32\drivers cpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-08_16.27.02,23 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [2008-03-28 13:31 2116102] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-05 12:26 5566464] "nwiz"="nwiz.exe" [2005-03-05 12:26 1495040 C:\WINDOWS\system32 wiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 11:10 110740] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 18:48 488984] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2008-03-14 23:49 185896] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-12 18:44 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 10:09 171448] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableCurrentUserRunOnce"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\avldr] avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave"= Digi32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2008-02-01 09:20 2194744 C:\Program Files\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-03-06 18:58 1060376 C:\Program Files\Labtec\WebCam10\WebCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2008-03-07 14:57 185480 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] --a------ 2008-03-14 23:49 69632 C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 10:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9] --a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspvideo9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-07-12 18:44 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-14 23:49 185896 C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\AOL 9.0\aol.exe"= "C:\WINDOWS\system32\sessmgr.exe"= "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\BitComet\BitComet.exe"= "C:\Program Files\Internet Explorer\iexplore.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\Winsos\winsos.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22173:TCP"= 22173:TCP:BitComet 22173 TCP "22173:UDP"= 22173:UDP:BitComet 22173 UDP R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-06 18:56] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-06 18:56] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00] S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-08 10:00:00 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job" - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe "2008-04-04 15:40:40 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 19:29:06 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\apps\ABoard\AOSD.exe C:\WINDOWS\system32 undll32.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32 askmgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-08 19:32:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-08 17:32:30 ComboFix2.txt 2008-04-08 14:34:55 ComboFix3.txt 2008-04-08 14:27:19 Pre-Run: 54,580,920,320 octets libres Post-Run: 54,505,832,448 octets libres . 2008-03-30 20:21:34 --- E O F --- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ et celui de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:33:39, on 08/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32 undll32.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32 askmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.search.yahoo.com/?fr=altavista R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer pbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet ools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet ools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

rems2mars · Answer

SCAN AVEC malwarebytes


Malwarebytes' Anti-Malware 1.11
Version de la base de données: 600

Type de recherche: Examen rapide
Eléments examinés: 28948
Temps écoulé: 4 minute(s), 34 second(s)
 
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

g!rly · Answer

ok

psot un nouveau rapport hijack this stp

@+

Panda ou antivir?

21 réponses

Discussions similaires

Newsletters