fenetre pop upRésolu/Fermé

Question

Bonjour,
il se trouve que j'ai une fenetre qui pop me disant que mon ordi est infecté de spywares et qu'il va scanner mon pc gratuit....bla bla bla...quand je scan avec spybot il ne détecte rien.Devrais-je m'inquiéter?merci de vos réponses!marie-douce12

JADIDKHA · Answer

C'est la même chose que ton problème   https://www.01net.com/actualites/

JADIDKHA · Answer

Une autre explication    http://www.clubic.com/telecharger-fiche25107-vundofix.html

marjorie · Answer

Ce que je te conseil , c'est D'arrêter l'utilisation d'internet et de changer pour Mozilla Firefox Car nous aussi avant nous avions des problémes (virus/patente pas raport)Mais depuis ce temps là ,Il nous avertisse en-haut de la page qu'on a des fenetres pop-up pi si tu veut pas les voirs tu clique sur le petit X ...C vraiment utile !Faaque ce que tu devrais faire c'est d'aller sur

 http://www.mozilla-europe.org/fr/products/firefox/      

Alors je te souhaite bonne chance ;)

marjorie · Answer

Jvoulais rajouter que depuis que nous avons Mozilla 
On Beaucoup Beaucoup Beaucoup moins de virus

sKe69 · Answer

Salut marie-douce ! encore des soucis ;)

Pas de panic et fait exactement comme ce-ci : 

télécharges et instales le logiciel HijackThis : 

ftp://ftp.commentcamarche.com/download/HJTInstall.exe 

Important : 
1-Faire un click droit sur le lien ci-dessus et choisir "enregistrer la cible sous ... " et renommer Hijackthis en "thejack" . 

Cliker sur thejack.exe pour lancer l'instale . laisses toi guider et instale le à l'endroit par défaut( C\: programme file \ ) . 
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " . 

2-Renommer le prg HijackThis : 
dans "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe", clik droit sur ce dernier et choisis "renommé" : tapes monjack et valide . 

tuto pour l’utiliser 
regarde ici c'est parfaitement expliqué en images 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

Fermes toute tes applications et déconnectes toi : doubles clik sur le raccourci du bureau, 
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...

sKe69 · Answer

bon ... on commence :

Fais un clic droit sur ce lien : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.

Déconnectes toi et fermes bien toutes tes applications le temps de la manipe .
 
Fais un clic droit sur navilog1.zip et choisis "tout extraire" 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
 
Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 

Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite . 

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" ) 

TUTO (aide) :: http://www.malekal.com/Adware.Magic_Control.

sKe69 · Answer

Fausse pioche de ma part ...

1ere chose , rends toi sur ton PC ici : "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe " <---click droit sur ce dernier et choisis dans le déroulant "renommé ". Ensuite tu renommes en "monjack" et tu valides.
retourne sur ton bureau et double-click sur le raccourci Hijackthis : refait un scan et postes moi le nouveau rapport monjack ( = hijackthis "renommé ") .

Ensuite on continu  :
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Déconnectes toi,fermes toute tes applications et désactives tes défences ( anti-virus ,anti-spyware,...)le temps de la manipe .

Installe le soft à la racine de C\( et pas ailleur! --->"C\:SmitfraudFix.exe" ) : double clique sur l'exe pour le décompresser et lancer le fix.
 
Utilisation ----> option 1 - Recherche : 
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
 
Postes le rapport ( rapport.txt qui se trouve sous C\:) et attends la suite ...
 
(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.) 

 Je regarderai tout cela demain si tu veut bien car là , je commence à avoir la tête dans le clavier ...  ;p 

Bonne nuit à toi ...

sKe69 · Answer

On va reprendre doucement ...
Supprimes le raccourci Hijackthis que tu as actuellement sur ton bureau .
Ensuite rends toi sur ton PC ici : "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe " . Click droit sur "HijackThis.exe "et choisis dans le déroulant "renommé " : dans la fenêtre qui s'ouvre tapes (à la place de Hijackthis ) "monjack" puis click sur "valides" .
Maintenant tu te retrouves avec un prg "monjack.exe" . Reclick droit sur monjack.exe et choisis dans le déroulant " créer un raccourci" et valides .

Retournes sur ton bureau , fermes toutes tes applications et déconnectes toi . Double click sur le raccourci que tu viens de créer : 
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...

sKe69 · Answer

très bien ....

Ensuite on continu : 
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe 

Déconnectes toi,fermes toute tes applications et désactives tes défences ( anti-virus ,anti-spyware,...)le temps de la manipe . 

Installe le soft à la racine de C\( et pas ailleur! --->chemin à avoir--->"C\:SmitfraudFix.exe" ) : double clique sur l'exe pour le décompresser et lancer le fix. 

Utilisation ----> option 1 - Recherche : 
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection. 

Postes le rapport ( rapport.txt qui se trouve sous C\:) et attends la suite ... 

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

sKe69 · Answer

ce n'est pas le bon rapport ! C'est le rapport SmitfraudFix qu'il me faut ;)

sKe69 · Answer

C'est bien le bon rapport .

Suite de la manipe ( nettoyage ), fait exactement ce qui suit : 

* Redémarrer l'ordinateur en mode sans échec . 
Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
ps : n'oublis pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessus :) 

*Double click sur SmitfraudFix.exe 

* Sélectionner 2 et presser Entrée dans le menu pour supprimer les fichiers responsables de l'infection. 

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer 
le fond d'écran et supprimer les clés de registre de l'infection. 

* Le correctif déterminera si le fichier wininet.dll est infecté.
 
* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée 
pour remplacer le fichier corrompu. 

* Un redemarrage sera peut être nécessaire pour terminer la procedure de nettoyage. 

Le rapport se trouve à la racine de C\: 
(dans le fichier rapport.txt) 

postes moi ce dernier rapport dans ton prochain message et attends les instructions ... Attention , il risque d'être assez long donc postes le en plusieurs fois SVP .

sKe69 · Answer

yes ...il y a tout ....

scan AVG Antispyware  :

--->mode d'utilisation : 
Lance AVG Anti-Spyware, mets le à jour (onglet "mise à jour") , 
Clique sur le bouton « Analyse » .
Puis dans paramètre , dans « Comment réagir », click sur "Actions recommandées". Sélectionne Quarantaine. 
Retour à l'onglet "Analyse". 
Clique sur Analyse complète du système. 
A la fin du scan, choisis " Appliquer toutes les actions " 
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware : postes moi ce rapport et après un nouveau scan monjack pour analyse .

sKe69 · Answer

Salut, 
OK pour le rapport AVG ...

une petite question : il y a une ligne du rapport monjack qui à disparue ( elle consernait une infection : sujet conserné --->" Offliner AdFilter Helper " ) , et au vu du rapport d'AVG ,ce n'est pas lui qui a nettoyer le prb ...
Bizard... As tu fait autre chose dont tu ne m'aurrait pas parlé ? As tu toujours des prb de pop-up ?

marie-douce12 · Answer

plus de problemes avec les pop up mais spybot vient encore de détecter virtumonde...,.!!@##$%$%$#@#je capote

sKe69 · Answer

?????

Télécharger ComboFix (par sUBs) sur le Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Démarrer en mode sans echec : 
Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 

Double cliquer combofix.exe. 

Appuyer sur la touche Y (Yes) pour démarrer le scan 
Le rapport sera crée dans: C:\Combofix.txt 

(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

Redémarre ton PC ( mode normal )
Postes le rapport combo fix et un nouveau rapport monjack pour analyse .

sKe69 · Answer

Apparement il y plusieurs sessions sur ton PC n'est-ce pas ?

sKe69 · Answer

Oui et non ... je pense qu'il reste dans une session le virus Virtumonde .
le mieux est de rebasculer en une seul session pour finir de bien nettoyer . Est-ce que cela est possible ? Sachant que les docs personnels de chacuns serons sauvegarder dans des dossiers mais qu'il risque d'y avoir des pertes de données (identiviants MSN, adresse "favoris" et autre trucs du genre ...) .

sKe69 · Answer

dans ce cas :
démarrer/panneau de configuration 
tu choisis "comptes d'utilisateurs" et tu supprimes ceux que tu ne veux pas conserver .

!!attention à bien conserver un" compte administrateur" !! ( le tien par exemple : il y a dessus hijackthis ,ccleaner , ect)

tu peux indiquer que tu souhaites ou pas conserver les documents de chaque compte 
petit tuto : http://www.linternaute.com/hightech/maquestion/windows/suppression-compte.shtml 

une fois que ce-ci est fait , préviens moi ...

sKe69 · Answer

Non ... MSN,très peut pour moi   ;)

Donc Spybot à trouver Vundo ...
Donc on reprend :
Télécharger Vundofix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

Ce déconnecter, fermer toutes tes applications et désactiver tes défences ( Tea timer de Spybot et AVG) le temps de la manipe .

Double-cliquer sur VundoFix.exe afin de le lancer. 
Cliquer sur le bouton Scan for Vundo. 

Lorsque le scan est complété, cliquer sur le bouton fix Vundo. 

Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES 

Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer. 

Le contenu du rapport est situé dans C:\vundofix.txt : postes ce rapport avec aussi un nouveau rapport monjack pour annalyse .

marie-douce12 · Answer

ok tu n'es pas le seul qui boycotte msn!!!moi jsuis accro!!!lol;)


voila le vundo fix:


VundoFix V7.0.3

Scan started at 15:09:49 2008-04-18

Listing files found while scanning....

C:\Program Files\PowerISO\PWRISOSH.DLL

Beginning removal...

 Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!

Performing Repairs to the registry.
Done!



et le hijack!:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:41, on 2008-04-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://get2.adobe.com/reader/otherversions/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: AdsCleaner Helper - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Program Files\SoftInform\AdsCleaner Trial\PAKIEPlugins.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AdsCleaner Bar - {B5D8F853-BEC9-4F9C-B3C9-0F744B6869D1} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

sKe69 · Answer

je ne boycote pas MSN, je n'utilise pas MSN ... c'est pas pareil ... :p

On continu ?
Télécharger VirtumundoBegone sur le bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

Ce déconnecter , fermer toute ces applications et désactiver ces défences le temps de la manipe .

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau , postes le. 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

puis ensuite, fait un autre scan monjack et postes le aussi .

sKe69 · Answer

J'aimerai que tu déplaces combofix.exe et que tu l'instale ici --->"C:\combofix.exe" (Directement sous C )

Enuite :
Démarrer en mode sans echec : 
Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 

Double cliquer combofix.exe. 

Appuyer sur la touche Y (Yes) pour démarrer le scan 
Le rapport sera crée dans: C:\Combofix.txt 

(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

Redémarre ton PC ( mode normal )
Postes le rapport combofix et un nouveau rapport monjack pour analyse .

Désolé mais je coupe pour aujourd'hui ... on reprendra la suite dimanche soir si tu veut bien ( pas dispo ce week ) 

Bon weekend ;) et n'utilises pas trop ta machine pour l'instant ...

marie-douce12 · Answer

ok voila!: ComboFix 08-04-17.1 - Kat 2008-04-18 17:25:37.2 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.789 [GMT -5:00] Endroit: C:\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))))))) . 2008-04-18 15:09 . 2008-04-18 15:24 d-------- C:\VundoFix Backups 2008-04-18 11:45 . 2008-04-18 11:45 1,770,815 --a------ C:\ComboFix.exe 2008-04-17 14:52 . 2008-04-17 14:52 d-------- C:\Program Files\Apple Software Update 2008-04-16 12:53 . 2008-04-16 17:05 4,158 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 12:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-16 12:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-16 12:48 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-16 12:48 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-16 12:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-04-16 12:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-16 12:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-15 20:09 . 2008-04-15 20:09 d-------- C:\Documents and Settings\Amely\Application Data\Grisoft 2008-04-15 18:19 . 2008-04-15 18:25 d-------- C:\Program Files\Navilog1 2008-04-12 20:33 . 2008-04-12 20:33 d-------- C:\Documents and Settings\Amely\Application Data\Nero 2008-04-12 20:33 . 2008-04-18 14:05 d-------- C:\Documents and Settings\Amely\Application Data\AVG7 2008-04-11 16:34 . 2008-04-11 16:34 d-------- C:\divx 2008-04-10 13:55 . 2008-04-10 13:55 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games 2008-04-08 23:31 . 2008-04-08 23:31 d-------- C:\Documents and Settings\Marco\Application Data\CyberLink 2008-04-08 22:45 . 2008-04-09 22:08 d-------- C:\Program Files\Project64 1.6 2008-04-08 21:12 . 2008-04-08 21:12 d-------- C:\Program Files\Aspyr 2008-04-08 20:13 . 2008-04-08 20:13 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-08 20:13 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-08 20:12 . 2008-04-08 20:14 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-08 13:50 . 2008-04-08 13:50 d-------- C:\Documents and Settings\Kat\Application Data\DAEMON Tools 2008-04-08 13:50 . 2008-04-08 13:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 20:29 . 2008-04-06 20:29 d-------- C:\Program Files\The History Channel - Lost Worlds 2008-04-06 20:18 . 2008-04-06 20:18 1,681 --a------ C:\WINDOWS\[u]0[/u] 2008-04-06 20:18 . 2008-04-06 20:18 220 --a------ C:\WINDOWS\False 2008-04-06 20:18 . 2008-04-06 20:18 102 --a------ C:\WINDOWS\Times New Roman 2008-04-06 20:15 . 2008-04-06 20:15 d-------- C:\Program Files\Mindscape 2008-04-04 14:30 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\SoftInform 2008-04-04 14:24 . 2008-04-04 14:24 d-------- C:\Program Files\SoftInform 2008-04-04 14:24 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\AdsCleaner 2008-04-03 18:30 . 2008-04-18 13:55 d-------- C:\Documents and Settings\Marco\Application Data\AVG7 2008-04-03 18:29 . 2008-04-03 18:29 d-------- C:\Documents and Settings\Marco\Application Data\Grisoft 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpFA2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpED2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpEC2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpDF2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmp162F7.FOT 2008-04-03 14:58 . 2008-04-18 15:25 d-------- C:\Program Files\PowerISO 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iTunes 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iPod 2008-04-03 14:50 . 2008-04-18 15:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-03 14:50 . 2008-04-03 14:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-03 14:48 . 2008-04-03 14:49 d-------- C:\Program Files\QuickTime 2008-03-31 16:25 . 2008-03-31 16:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 16:25 . 2008-03-31 16:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 16:25 . 2008-03-31 16:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-31 16:25 . 2008-03-31 16:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 14:12 . 2008-04-17 15:06 dr-h----- C:\$VAULT$.AVG 2008-03-31 14:11 . 2008-04-18 12:03 d-------- C:\Documents and Settings\Kat\Application Data\AVG7 2008-03-31 14:10 . 2008-03-31 14:14 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-31 12:58 . 2008-03-31 12:58 d-------- C:\Documents and Settings\Kat\Application Data\Grisoft 2008-03-31 12:52 . 2008-03-31 14:10 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-31 12:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-31 11:25 . 2008-03-31 11:27 d-------- C:\Program Files\Windows Live 2008-03-31 10:53 . 2008-04-02 15:12 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-31 10:52 . 2008-04-01 15:27 474 ---hs---- C:\WINDOWS\system32\tajnloyb.ini 2008-03-31 09:24 . 2008-03-31 09:24 654 ---hs---- C:\WINDOWS\system32\kemdceqf.ini 2008-03-31 09:16 . 2008-03-31 09:16 594 ---hs---- C:\WINDOWS\system32\qdjpvdgf.ini 2008-03-31 07:37 . 2008-03-31 08:02 534 ---hs---- C:\WINDOWS\system32\qufelgmr.ini 2008-03-30 18:29 . 2008-03-30 22:07 414 ---hs---- C:\WINDOWS\system32\dixhefte.ini 2008-03-30 15:48 . 2008-03-30 15:48 294 ---hs---- C:\WINDOWS\system32\fnfhesfk.ini 2008-03-30 14:01 . 2008-03-30 14:01 294 ---hs---- C:\WINDOWS\system32\lqejrpsy.ini 2008-03-30 11:59 . 2008-03-31 10:33 891 --a------ C:\WINDOWS\wininit.ini 2008-03-30 08:05 . 2008-03-30 08:05 294 ---hs---- C:\WINDOWS\system32\nhbefyuv.ini 2008-03-30 05:37 . 2008-03-30 05:37 d-------- C:\Documents and Settings\Marco\Application Data\Nero 2008-03-29 20:15 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-29 20:15 . 2004-03-09 16:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL 2008-03-29 20:15 . 2004-03-09 16:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-03-29 20:15 . 2004-03-09 16:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-03-29 20:15 . 2004-03-09 16:36 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-03-29 20:15 . 2004-03-09 16:36 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca 2008-03-29 20:15 . 2004-03-09 16:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-03-29 18:27 . 2008-03-29 18:27 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG 2008-03-29 18:23 . 2008-03-29 18:23 d-------- C:\Documents and Settings\Kat\Application Data\Nero 2008-03-29 18:18 . 2008-03-29 18:19 d-------- C:\Program Files\Fichiers communs\Nero 2008-03-29 11:49 . 2008-03-29 11:49 d-------- C:\Program Files\Smart Projects 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Logitech 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Fichiers communs\Logitech 2008-03-28 13:22 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-03-28 13:22 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-03-28 13:22 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-03-28 13:22 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\WINDOWS\system32\AGEIA 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\Program Files\AGEIA Technologies 2008-03-24 12:49 . 2008-03-24 12:49 d-------- C:\Program Files\programmesd 2008-03-23 20:38 . 2008-03-23 20:38 d-------- C:\Documents and Settings\Marco\Application Data\Corel 2008-03-21 22:27 . 2008-03-29 11:14 56 -r-hs---- C:\WINDOWS\system32\13D67817A2.sys 2008-03-21 22:25 . 2008-03-21 22:25 d-------- C:\Documents and Settings\Kat\Application Data\Corel 2008-03-21 22:25 . 2008-03-21 22:25 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-03-21 22:24 . 2008-03-21 22:25 d-------- C:\Program Files\Fichiers communs\Corel 2008-03-21 22:19 . 2008-03-29 11:14 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-21 22:17 . 2008-03-21 22:24 d-------- C:\Program Files\Corel 2008-03-21 18:27 . 2008-03-21 18:27 d-------- C:\Documents and Settings\Marco\Application Data\DivX 2008-03-21 18:27 . 2008-04-17 16:49 38 --a------ C:\WINDOWS\avisplitter.INI 2008-03-21 15:30 . 2008-03-21 15:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 15:30 . 2008-03-21 15:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-03-21 15:30 . 2008-03-21 15:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-03-21 15:30 . 2008-03-21 15:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-03-21 15:30 . 2008-03-21 15:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-03-21 15:30 . 2008-03-21 15:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-03-20 14:26 . 2008-04-17 14:53 d-------- C:\Program Files\Safari 2008-03-20 12:26 . 2008-03-24 21:33 28 --a------ C:\WINDOWS\system32\kifile 2008-03-20 12:26 . 2008-03-24 21:33 19 --a------ C:\WINDOWS\system32\nifile 2008-03-20 12:25 . 2008-03-20 12:25 d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 21:17 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin 2008-04-18 16:40 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vso 2008-04-18 03:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\Azureus 2008-04-17 19:56 --------- d-----w C:\Program Files\Azureus 2008-04-16 17:10 --------- d-----w C:\Program Files\Trend Micro 2008-04-15 01:04 --------- d-----w C:\Documents and Settings\Marco\Application Data\uTorrent 2008-04-11 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-11 15:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\DivX 2008-04-11 15:40 --------- d-----w C:\Program Files\DivX 2008-04-09 01:12 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-07 01:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 20:56 --------- d-----w C:\Documents and Settings\Marco\Application Data\Azureus 2008-04-02 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-31 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-30 03:07 2,277,888 ----a-w C:\WINDOWS\system32\TUKernel.exe 2008-03-30 01:15 --------- d-----w C:\Program Files\Ubisoft 2008-03-29 23:18 --------- d-----w C:\Program Files\Nero 2008-03-29 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-29 22:56 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-03-22 03:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-17 17:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-17 17:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\skypePM 2008-03-16 23:34 --------- d-----w C:\Documents and Settings\Amely\Application Data\Apple Computer 2008-03-15 15:17 --------- d-----w C:\Program Files\uTorrent 2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-03-14 04:14 --------- d-----w C:\Program Files\Java 2008-03-14 04:13 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-03-14 00:53 --------- d-----w C:\Documents and Settings\Marco\Application Data\Ahead 2008-03-11 17:22 --------- d-----w C:\Documents and Settings\Kat\Application Data\Media Player Classic 2008-03-11 15:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-10 23:07 --------- d-----w C:\Documents and Settings\Amely\Application Data\DivX 2008-03-10 21:33 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies 2008-03-10 21:31 --------- d-----w C:\Program Files\Creative 2008-03-10 20:59 --------- d-----w C:\Documents and Settings\Amely\Application Data\Creative 2008-03-10 20:40 --------- d-----w C:\Program Files\Photo Story 3 for Windows 2008-03-09 23:53 --------- d-----w C:\Documents and Settings\Amely\Application Data\TuneUp Software 2008-03-09 18:48 --------- d-----w C:\Documents and Settings\Kat\Application Data\Apple Computer 2008-03-07 01:15 --------- d-----w C:\Documents and Settings\Marco\Application Data\TuneUp Software 2008-03-06 21:51 --------- d-----w C:\Documents and Settings\Marco\Application Data\Apple Computer 2008-03-06 21:50 --------- d-----w C:\Program Files\Bonjour 2008-03-06 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-06 21:49 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-03-06 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-05 21:17 --------- d-----w C:\Documents and Settings\Kat\Application Data\gtk-2.0 2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll 2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll 2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll 2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll 2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll 2008-03-05 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-05 17:41 --------- d-----w C:\Program Files\GIMP-2.0 2008-03-05 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-05 00:07 --------- d-----w C:\Program Files\ASUS 2008-03-05 00:03 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-04 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-03-04 17:07 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-04 17:07 47,360 ----a-w C:\Documents and Settings\Kat\Application Data\pcouffin.sys 2008-03-04 17:07 --------- d-----w C:\Program Files\VSO 2008-03-04 16:30 --------- d-----w C:\Documents and Settings\Kat\Application Data\CyberLink 2008-03-04 15:44 --------- d-----w C:\Documents and Settings\Kat\Application Data\Ahead 2008-03-04 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-04 03:58 --------- d-----w C:\Documents and Settings\Kat\Application Data\MSNInstaller 2008-03-04 03:15 71,634 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-03-04 03:15 5,417 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Marco\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Amely\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vidéotron 2008-03-03 03:58 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems 2008-03-03 03:30 --------- d-----w C:\Program Files\Macrogaming 2008-03-03 02:50 --------- d-----w C:\Program Files\VSO ConvertXToDVD 2.1.17.241 2008-03-03 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-03-03 02:42 --------- d-----w C:\Program Files\MSECache 2008-03-03 02:36 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-03 02:29 --------- d-----w C:\Program Files\DVD Shrink 2008-03-03 01:53 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 01:37 --------- d-----w C:\Program Files\CCleaner 2008-03-02 20:34 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-03-02 20:19 --------- d-----w C:\Documents and Settings\Kat\Application Data\TuneUp Software 2008-03-02 19:59 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-02 19:53 --------- d-----w C:\Documents and Settings\Amely\Application Data\ATI 2008-03-02 19:48 --------- d-----w C:\Documents and Settings\Marco\Application Data\ATI 2008-03-02 18:31 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-02 18:25 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-02 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-03-02 04:49 --------- d-----w C:\Documents and Settings\Kat\Application Data\AdobeUM 2008-03-02 04:37 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-03-02 04:37 194,560 ----a-w C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr 2008-03-02 04:37 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-08-28 18:54 237,568 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2007-05-17 22:45 208,991 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2007-05-17 22:45 450,657 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2002-06-03 21:46 454,656 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2005-11-09 16:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 16:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll . ------- Sigcheck ------- 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 08:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 04:48 906480] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 07:05 16239616 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 12:00 36961] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 21:43 53340] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 20:10 579584] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-31 14:11 219136] C:\Documents and Settings\Amely\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\Marco\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] C:\Documents and Settings\Kat\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\WINDOWS\system32\logonui.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Grisoft\AVG7\avginet.exe"= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"= "C:\Program Files\Grisoft\AVG7\avgcc.exe"= "C:\Program Files\Grisoft\AVG7\avgemc.exe"= "C:\Program Files\iTunes\iTunes.exe"= S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 20:13] S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 12:00] S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-24 12:00] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-18 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-17 19:52:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-18 22:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 17:27:49 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 103 ************************************************************************** . Temps d'accomplissement: 2008-04-18 17:28:55 ComboFix-quarantined-files.txt 2008-04-18 22:28:39 Pre-Run: 19,465,404,416 octets libres Post-Run: 19,456,245,760 octets libres . 2008-04-09 04:56:46 --- E O F --- et puis hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:10, on 2008-04-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\monjack.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://get2.adobe.com/reader/otherversions/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: AdsCleaner Helper - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Program Files\SoftInform\AdsCleaner Trial\PAKIEPlugins.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AdsCleaner Bar - {B5D8F853-BEC9-4F9C-B3C9-0F744B6869D1} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

marie-douce12 · Answer

ok voila!: ComboFix 08-04-17.1 - Kat 2008-04-18 17:25:37.2 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.789 [GMT -5:00] Endroit: C:\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))))))) . 2008-04-18 15:09 . 2008-04-18 15:24 d-------- C:\VundoFix Backups 2008-04-18 11:45 . 2008-04-18 11:45 1,770,815 --a------ C:\ComboFix.exe 2008-04-17 14:52 . 2008-04-17 14:52 d-------- C:\Program Files\Apple Software Update 2008-04-16 12:53 . 2008-04-16 17:05 4,158 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 12:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-16 12:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-16 12:48 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-16 12:48 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-16 12:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-04-16 12:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-16 12:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-15 20:09 . 2008-04-15 20:09 d-------- C:\Documents and Settings\Amely\Application Data\Grisoft 2008-04-15 18:19 . 2008-04-15 18:25 d-------- C:\Program Files\Navilog1 2008-04-12 20:33 . 2008-04-12 20:33 d-------- C:\Documents and Settings\Amely\Application Data\Nero 2008-04-12 20:33 . 2008-04-18 14:05 d-------- C:\Documents and Settings\Amely\Application Data\AVG7 2008-04-11 16:34 . 2008-04-11 16:34 d-------- C:\divx 2008-04-10 13:55 . 2008-04-10 13:55 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games 2008-04-08 23:31 . 2008-04-08 23:31 d-------- C:\Documents and Settings\Marco\Application Data\CyberLink 2008-04-08 22:45 . 2008-04-09 22:08 d-------- C:\Program Files\Project64 1.6 2008-04-08 21:12 . 2008-04-08 21:12 d-------- C:\Program Files\Aspyr 2008-04-08 20:13 . 2008-04-08 20:13 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-08 20:13 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-08 20:12 . 2008-04-08 20:14 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-08 13:50 . 2008-04-08 13:50 d-------- C:\Documents and Settings\Kat\Application Data\DAEMON Tools 2008-04-08 13:50 . 2008-04-08 13:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 20:29 . 2008-04-06 20:29 d-------- C:\Program Files\The History Channel - Lost Worlds 2008-04-06 20:18 . 2008-04-06 20:18 1,681 --a------ C:\WINDOWS\[u]0[/u] 2008-04-06 20:18 . 2008-04-06 20:18 220 --a------ C:\WINDOWS\False 2008-04-06 20:18 . 2008-04-06 20:18 102 --a------ C:\WINDOWS\Times New Roman 2008-04-06 20:15 . 2008-04-06 20:15 d-------- C:\Program Files\Mindscape 2008-04-04 14:30 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\SoftInform 2008-04-04 14:24 . 2008-04-04 14:24 d-------- C:\Program Files\SoftInform 2008-04-04 14:24 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\AdsCleaner 2008-04-03 18:30 . 2008-04-18 13:55 d-------- C:\Documents and Settings\Marco\Application Data\AVG7 2008-04-03 18:29 . 2008-04-03 18:29 d-------- C:\Documents and Settings\Marco\Application Data\Grisoft 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpFA2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpED2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpEC2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpDF2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmp162F7.FOT 2008-04-03 14:58 . 2008-04-18 15:25 d-------- C:\Program Files\PowerISO 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iTunes 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iPod 2008-04-03 14:50 . 2008-04-18 15:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-03 14:50 . 2008-04-03 14:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-03 14:48 . 2008-04-03 14:49 d-------- C:\Program Files\QuickTime 2008-03-31 16:25 . 2008-03-31 16:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 16:25 . 2008-03-31 16:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 16:25 . 2008-03-31 16:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-31 16:25 . 2008-03-31 16:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 14:12 . 2008-04-17 15:06 dr-h----- C:\$VAULT$.AVG 2008-03-31 14:11 . 2008-04-18 12:03 d-------- C:\Documents and Settings\Kat\Application Data\AVG7 2008-03-31 14:10 . 2008-03-31 14:14 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-31 12:58 . 2008-03-31 12:58 d-------- C:\Documents and Settings\Kat\Application Data\Grisoft 2008-03-31 12:52 . 2008-03-31 14:10 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-31 12:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-31 11:25 . 2008-03-31 11:27 d-------- C:\Program Files\Windows Live 2008-03-31 10:53 . 2008-04-02 15:12 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-31 10:52 . 2008-04-01 15:27 474 ---hs---- C:\WINDOWS\system32\tajnloyb.ini 2008-03-31 09:24 . 2008-03-31 09:24 654 ---hs---- C:\WINDOWS\system32\kemdceqf.ini 2008-03-31 09:16 . 2008-03-31 09:16 594 ---hs---- C:\WINDOWS\system32\qdjpvdgf.ini 2008-03-31 07:37 . 2008-03-31 08:02 534 ---hs---- C:\WINDOWS\system32\qufelgmr.ini 2008-03-30 18:29 . 2008-03-30 22:07 414 ---hs---- C:\WINDOWS\system32\dixhefte.ini 2008-03-30 15:48 . 2008-03-30 15:48 294 ---hs---- C:\WINDOWS\system32\fnfhesfk.ini 2008-03-30 14:01 . 2008-03-30 14:01 294 ---hs---- C:\WINDOWS\system32\lqejrpsy.ini 2008-03-30 11:59 . 2008-03-31 10:33 891 --a------ C:\WINDOWS\wininit.ini 2008-03-30 08:05 . 2008-03-30 08:05 294 ---hs---- C:\WINDOWS\system32\nhbefyuv.ini 2008-03-30 05:37 . 2008-03-30 05:37 d-------- C:\Documents and Settings\Marco\Application Data\Nero 2008-03-29 20:15 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-29 20:15 . 2004-03-09 16:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL 2008-03-29 20:15 . 2004-03-09 16:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-03-29 20:15 . 2004-03-09 16:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-03-29 20:15 . 2004-03-09 16:36 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-03-29 20:15 . 2004-03-09 16:36 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca 2008-03-29 20:15 . 2004-03-09 16:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-03-29 18:27 . 2008-03-29 18:27 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG 2008-03-29 18:23 . 2008-03-29 18:23 d-------- C:\Documents and Settings\Kat\Application Data\Nero 2008-03-29 18:18 . 2008-03-29 18:19 d-------- C:\Program Files\Fichiers communs\Nero 2008-03-29 11:49 . 2008-03-29 11:49 d-------- C:\Program Files\Smart Projects 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Logitech 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Fichiers communs\Logitech 2008-03-28 13:22 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-03-28 13:22 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-03-28 13:22 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-03-28 13:22 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\WINDOWS\system32\AGEIA 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\Program Files\AGEIA Technologies 2008-03-24 12:49 . 2008-03-24 12:49 d-------- C:\Program Files\programmesd 2008-03-23 20:38 . 2008-03-23 20:38 d-------- C:\Documents and Settings\Marco\Application Data\Corel 2008-03-21 22:27 . 2008-03-29 11:14 56 -r-hs---- C:\WINDOWS\system32\13D67817A2.sys 2008-03-21 22:25 . 2008-03-21 22:25 d-------- C:\Documents and Settings\Kat\Application Data\Corel 2008-03-21 22:25 . 2008-03-21 22:25 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-03-21 22:24 . 2008-03-21 22:25 d-------- C:\Program Files\Fichiers communs\Corel 2008-03-21 22:19 . 2008-03-29 11:14 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-03-21 22:17 . 2008-03-21 22:24 d-------- C:\Program Files\Corel 2008-03-21 18:27 . 2008-03-21 18:27 d-------- C:\Documents and Settings\Marco\Application Data\DivX 2008-03-21 18:27 . 2008-04-17 16:49 38 --a------ C:\WINDOWS\avisplitter.INI 2008-03-21 15:30 . 2008-03-21 15:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 15:30 . 2008-03-21 15:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-03-21 15:30 . 2008-03-21 15:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-03-21 15:30 . 2008-03-21 15:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-03-21 15:30 . 2008-03-21 15:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-03-21 15:30 . 2008-03-21 15:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-03-20 14:26 . 2008-04-17 14:53 d-------- C:\Program Files\Safari 2008-03-20 12:26 . 2008-03-24 21:33 28 --a------ C:\WINDOWS\system32\kifile 2008-03-20 12:26 . 2008-03-24 21:33 19 --a------ C:\WINDOWS\system32\nifile 2008-03-20 12:25 . 2008-03-20 12:25 d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 21:17 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin 2008-04-18 16:40 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vso 2008-04-18 03:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\Azureus 2008-04-17 19:56 --------- d-----w C:\Program Files\Azureus 2008-04-16 17:10 --------- d-----w C:\Program Files\Trend Micro 2008-04-15 01:04 --------- d-----w C:\Documents and Settings\Marco\Application Data\uTorrent 2008-04-11 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-11 15:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\DivX 2008-04-11 15:40 --------- d-----w C:\Program Files\DivX 2008-04-09 01:12 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-07 01:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 20:56 --------- d-----w C:\Documents and Settings\Marco\Application Data\Azureus 2008-04-02 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-31 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-30 03:07 2,277,888 ----a-w C:\WINDOWS\system32\TUKernel.exe 2008-03-30 01:15 --------- d-----w C:\Program Files\Ubisoft 2008-03-29 23:18 --------- d-----w C:\Program Files\Nero 2008-03-29 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-29 22:56 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-03-22 03:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-17 17:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-17 17:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\skypePM 2008-03-16 23:34 --------- d-----w C:\Documents and Settings\Amely\Application Data\Apple Computer 2008-03-15 15:17 --------- d-----w C:\Program Files\uTorrent 2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-03-14 04:14 --------- d-----w C:\Program Files\Java 2008-03-14 04:13 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-03-14 00:53 --------- d-----w C:\Documents and Settings\Marco\Application Data\Ahead 2008-03-11 17:22 --------- d-----w C:\Documents and Settings\Kat\Application Data\Media Player Classic 2008-03-11 15:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-10 23:07 --------- d-----w C:\Documents and Settings\Amely\Application Data\DivX 2008-03-10 21:33 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies 2008-03-10 21:31 --------- d-----w C:\Program Files\Creative 2008-03-10 20:59 --------- d-----w C:\Documents and Settings\Amely\Application Data\Creative 2008-03-10 20:40 --------- d-----w C:\Program Files\Photo Story 3 for Windows 2008-03-09 23:53 --------- d-----w C:\Documents and Settings\Amely\Application Data\TuneUp Software 2008-03-09 18:48 --------- d-----w C:\Documents and Settings\Kat\Application Data\Apple Computer 2008-03-07 01:15 --------- d-----w C:\Documents and Settings\Marco\Application Data\TuneUp Software 2008-03-06 21:51 --------- d-----w C:\Documents and Settings\Marco\Application Data\Apple Computer 2008-03-06 21:50 --------- d-----w C:\Program Files\Bonjour 2008-03-06 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-06 21:49 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-03-06 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-05 21:17 --------- d-----w C:\Documents and Settings\Kat\Application Data\gtk-2.0 2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll 2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll 2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll 2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll 2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll 2008-03-05 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-05 17:41 --------- d-----w C:\Program Files\GIMP-2.0 2008-03-05 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-05 00:07 --------- d-----w C:\Program Files\ASUS 2008-03-05 00:03 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-04 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-03-04 17:07 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-04 17:07 47,360 ----a-w C:\Documents and Settings\Kat\Application Data\pcouffin.sys 2008-03-04 17:07 --------- d-----w C:\Program Files\VSO 2008-03-04 16:30 --------- d-----w C:\Documents and Settings\Kat\Application Data\CyberLink 2008-03-04 15:44 --------- d-----w C:\Documents and Settings\Kat\Application Data\Ahead 2008-03-04 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-04 03:58 --------- d-----w C:\Documents and Settings\Kat\Application Data\MSNInstaller 2008-03-04 03:15 71,634 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-03-04 03:15 5,417 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Marco\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Amely\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vidéotron 2008-03-03 03:58 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems 2008-03-03 03:30 --------- d-----w C:\Program Files\Macrogaming 2008-03-03 02:50 --------- d-----w C:\Program Files\VSO ConvertXToDVD 2.1.17.241 2008-03-03 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-03-03 02:42 --------- d-----w C:\Program Files\MSECache 2008-03-03 02:36 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-03 02:29 --------- d-----w C:\Program Files\DVD Shrink 2008-03-03 01:53 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 01:37 --------- d-----w C:\Program Files\CCleaner 2008-03-02 20:34 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-03-02 20:19 --------- d-----w C:\Documents and Settings\Kat\Application Data\TuneUp Software 2008-03-02 19:59 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-02 19:53 --------- d-----w C:\Documents and Settings\Amely\Application Data\ATI 2008-03-02 19:48 --------- d-----w C:\Documents and Settings\Marco\Application Data\ATI 2008-03-02 18:31 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-02 18:25 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-02 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-03-02 04:49 --------- d-----w C:\Documents and Settings\Kat\Application Data\AdobeUM 2008-03-02 04:37 606,848 ----a-w C:\WINDOWS\flashax.exe 2008-03-02 04:37 194,560 ----a-w C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr 2008-03-02 04:37 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-08-28 18:54 237,568 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2007-05-17 22:45 208,991 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2007-05-17 22:45 450,657 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2002-06-03 21:46 454,656 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2005-11-09 16:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 16:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll . ------- Sigcheck ------- 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 08:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 04:48 906480] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 07:05 16239616 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 12:00 36961] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 21:43 53340] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 20:10 579584] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-31 14:11 219136] C:\Documents and Settings\Amely\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\Marco\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] C:\Documents and Settings\Kat\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\WINDOWS\system32\logonui.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Grisoft\AVG7\avginet.exe"= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"= "C:\Program Files\Grisoft\AVG7\avgcc.exe"= "C:\Program Files\Grisoft\AVG7\avgemc.exe"= "C:\Program Files\iTunes\iTunes.exe"= S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 20:13] S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 12:00] S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-24 12:00] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-18 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-17 19:52:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-18 22:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 17:27:49 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 103 ************************************************************************** . Temps d'accomplissement: 2008-04-18 17:28:55 ComboFix-quarantined-files.txt 2008-04-18 22:28:39 Pre-Run: 19,465,404,416 octets libres Post-Run: 19,456,245,760 octets libres . 2008-04-09 04:56:46 --- E O F --- et puis hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:10, on 2008-04-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\monjack.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://get2.adobe.com/reader/otherversions/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: AdsCleaner Helper - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Program Files\SoftInform\AdsCleaner Trial\PAKIEPlugins.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AdsCleaner Bar - {B5D8F853-BEC9-4F9C-B3C9-0F744B6869D1} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

sKe69 · Answer

Salut,

Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >. 
Le scan ne marche que sous Internet Explorer(et pas sous firefox). 
- On va te demander de télécharger un contôle active x, accepte . 
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer. 
- Postes le rapport qui sera généré stp. 
S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3 
Rappel : le scan est à faire sous Internet Explorer ! 

A dimanche  =)

sKe69 · Answer

Salut Marie-douce,
Il faudrait que tu faces ce que je t'ai demandé au poste 47 ...

sKe69 · Answer

Surement un fake de moi ... =)

Kaspersky en ligne n' a rien trouvé , c'est bon signe !

Où en sont tes prb de messages intenpestifs ?
 
En attendant , fais ce-ci :
Fermes toutes tes applications et déconnectes toi .

Relance Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas clické sur les carré des lignes suivantes : 

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) 

Tu cliques en bas sur le bouton FIX CHECKED et valides .

Après un petit coup de CCleaner ( registre compris ) .

marie-douce12 · Answer

bon je viens de tout faire alors je me demandais si tout était beau....


bon j'ai une petite question:je sais qu'il faut éviter ce genre de sujet sur ce site mais jme lance quand meme...
je partage cet ordi avec quelqun qui va souvent télécharger sur les sites de torrents...et il y en a 1 en particulier,j'ai remarqué que a chaque fois qu'il visite ce site c'est a ce moment que la fenetre de messages intenpestifs de sécurité...s'ouvre.

est ce que ca pourrait que ce soit la cause de tout mes soucis?et est ce que je peux remettre les 2 autres sessions sur mon pc?

marie-douce12 · Answer

bon voila que ca recommence!!!je suis en train d'écrire un message sur commentcamarche et avg vient de détecter 7 virus dont 2 trojan,comment ca peut etre possible?ya que moi sur l'ordi.....?

sKe69 · Answer

Vas dans panneau de config. / pare feu ---> dis moi si celui-ci est activé .

marie-douce12 · Answer

oui il l'est...ensuite?

sKe69 · Answer

refait ce-ci svp :
double-clique sur le raccourci Navilog1 présent sur le bureau . 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 

Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite . 

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" ) 

TUTO (aide) :: http://www.malekal.com/Adware.Magic_Control.

sKe69 · Answer

....
"bon voila que ca recommence!!!je suis en train d'écrire un message sur commentcamarche et avg vient de détecter 7 virus dont 2 trojan,comment ca peut etre possible?ya que moi sur l'ordi.....?"

supprimes tout ce que AVG7 a de stocké en quarantaine .
tuto AVG : https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

La version AVG7 est obselette , il faut passer à la version 8 qui elle est payante .

Donc voilà ce que je te propose : supprimer AVG7 et instaler ton nouvel anti-virus gratuit :
AntiVir

Est-ce que cela te poses un prb ?

sKe69 · Answer

Tout d'abors commence par télécharger le setup sur ton bureau :
Télécharge AntiVir ici:
https://www.pcastuces.com/logitheque/antivir.htm
ou
https://www.avira.com/

anit-virus gratuit ( en anglais )

Ensuite déconnectes toi et fermes toutes tes applications en cours ...

Désinstale AVG7 via son propre prg de désinstalation si possible ( il doit ce trouver qlque part ici "C:\PROGRA~1\Grisoft\AVG7\ " ) , sinon passe par "ajout/suppression de prg" dans paneau de config.

(ne confond pas  : garde AVG anti-spyware , très utile pour scanner de temps à autre ton PC )

Une fois cela fait , double click sur le setup d'AntiVir pour lancer l'instalation .
Reconnectes toi puis mets le à jour (fait ce-ci très régulièrement ) .

Aide AntiVir : https://www.malekal.com/avira-free-security-antivirus-gratuit/ <--- consulte la bien pour comprendre le fonctionnement de 
ton nouvel anti-virus ( c'est très bien expliqué ) .

Lance un scan de ton PC avec AntiVir en mode sans échec ,mets tout ce qu'il trouve en quarantaine et postes moi le rapport obtenu ...

Sur ce bonne nuit et à demain .... ;)

sKe69 · Answer

Salut,
Supprime tout ce qui est en quarantaine d'Antivir .
Ensuite rends toi ici sur ton PC : 
E:\films kat\winzip checksum.exe <--- suprime cette m**de si elle est encore présente .

Relance un scan Antivir en mode Normale et postes le rapport .

marie-douce12 · Answer

Avira AntiVir Personal Report file date: 23 avril 2008 12:24 Scanning for 1229906 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ORDI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 16:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 15:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 15:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 15:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 17:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 20:08:58 ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 04:12:45 ANTIVIR3.VDF : 7.0.3.200 13824 Bytes 2008-04-22 04:12:45 Engineversion : 8.1.0.32 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 16:58:21 AESCRIPT.DLL : 8.1.0.26 233850 Bytes 2008-04-23 04:12:57 AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-23 04:12:55 AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 22:34:44 AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-23 04:12:55 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-23 04:12:53 AEHEUR.DLL : 8.1.0.18 1167735 Bytes 2008-04-23 04:12:52 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-23 04:12:49 AEGEN.DLL : 8.1.0.17 299380 Bytes 2008-04-23 04:12:48 AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 22:34:43 AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-23 04:12:46 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-24 00:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 17:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 20:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-24 00:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 15:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-24 00:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 21:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 19:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 23 avril 2008 12:24 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned Scan process 'CTLCMgr.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'CTSched.exe' - '1' Module(s) have been scanned Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned Scan process 'StartFX.exe' - '1' Module(s) have been scanned Scan process 'SweetIM.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'PSIService.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 53 processes with 53 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '27' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP116\A0015771.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '483f9bcb.qua'! C:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP117\A0015945.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '483f9bd2.qua'! C:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP117\A0015947.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '483f9bd4.qua'! C:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP117\A0015948.dll [DETECTION] Is the Trojan horse TR/Vundo.EFQ [NOTE] The file was moved to '483f9bd6.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' E:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP126\A0016394.exe [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen [NOTE] The file was moved to '483fa0a9.qua'! E:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP158\A0031427.exe [0] Archive type: RAR SFX (self extracting) --> winzip checksum.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001 [WARNING] E:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP171\A0035382.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '483fa1e1.qua'! End of the scan: 23 avril 2008 15:53 Used time: 3:28:38 min The scan has been done completely. 12220 Scanning directories 338405 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 6 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 338398 Files not concerned 2603 Archives were scanned 4 Warnings 6 Notes voila pour le scan antivir...

sKe69 · Answer

Clik droit sur Combofix.exe et choisis "renommer" : tappe "Killbagle" et valides .
Relance Killbagle (Combo-fix) mais en mode normal svp et postes le rapport .

marie-douce12 · Answer

voici: ComboFix 08-04-22.5 - Kat 2008-04-23 18:00:47.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.506 [GMT -5:00] Endroit: C:\Documents and Settings\Kat\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))))))) . 2008-04-22 23:11 . 2008-04-22 23:11 d-------- C:\Program Files\Avira 2008-04-22 22:32 . 2008-04-22 23:11 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-22 21:07 . 2008-04-22 21:07 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-22 11:04 . 2008-04-22 11:04 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-22 02:12 . 2008-04-22 02:12 d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-04-22 02:12 . 2008-04-22 08:11 88 -r-hs---- C:\WINDOWS\system32\A21778D613.sys 2008-04-22 02:10 . 2008-04-22 02:10 d-------- C:\Program Files\Fichiers communs\Corel 2008-04-22 02:04 . 2008-04-22 02:04 d-------- C:\Documents and Settings\Kat\Application Data\InstallShield 2008-04-22 02:01 . 2008-04-22 02:01 d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-04-21 23:52 . 2008-04-21 23:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-21 23:52 . 2008-04-21 23:52 d-------- C:\Documents and Settings\Kat\Application Data\Malwarebytes 2008-04-21 23:52 . 2008-04-21 23:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-21 23:04 . 2008-04-21 23:04 d-------- C:\Program Files\Opera 2008-04-21 22:41 . 2008-04-21 22:41 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 15:09 . 2008-04-18 15:24 d-------- C:\VundoFix Backups 2008-04-18 11:45 . 2008-04-18 11:45 1,770,815 --a------ C:\ComboFix.exe 2008-04-17 14:52 . 2008-04-17 14:52 d-------- C:\Program Files\Apple Software Update 2008-04-16 12:53 . 2008-04-16 17:05 4,158 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 12:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-16 12:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-16 12:48 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-16 12:48 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-16 12:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-16 12:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-15 20:09 . 2008-04-15 20:09 d-------- C:\Documents and Settings\Amely\Application Data\Grisoft 2008-04-15 18:19 . 2008-04-22 15:37 d-------- C:\Program Files\Navilog1 2008-04-12 20:33 . 2008-04-12 20:33 d-------- C:\Documents and Settings\Amely\Application Data\Nero 2008-04-11 16:34 . 2008-04-11 16:34 d-------- C:\divx 2008-04-10 13:55 . 2008-04-10 13:55 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games 2008-04-08 23:31 . 2008-04-08 23:31 d-------- C:\Documents and Settings\Marco\Application Data\CyberLink 2008-04-08 22:45 . 2008-04-09 22:08 d-------- C:\Program Files\Project64 1.6 2008-04-08 21:12 . 2008-04-08 21:12 d-------- C:\Program Files\Aspyr 2008-04-08 20:13 . 2008-04-08 20:13 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-08 20:13 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-08 20:12 . 2008-04-08 20:14 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-08 13:50 . 2008-04-08 13:50 d-------- C:\Documents and Settings\Kat\Application Data\DAEMON Tools 2008-04-08 13:50 . 2008-04-08 13:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 20:29 . 2008-04-06 20:29 d-------- C:\Program Files\The History Channel - Lost Worlds 2008-04-06 20:18 . 2008-04-06 20:18 1,681 --a------ C:\WINDOWS\[u]0[/u] 2008-04-06 20:18 . 2008-04-06 20:18 220 --a------ C:\WINDOWS\False 2008-04-06 20:18 . 2008-04-06 20:18 102 --a------ C:\WINDOWS\Times New Roman 2008-04-06 20:15 . 2008-04-06 20:15 d-------- C:\Program Files\Mindscape 2008-04-04 14:30 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\SoftInform 2008-04-04 14:24 . 2008-04-04 14:24 d-------- C:\Program Files\SoftInform 2008-04-04 14:24 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\AdsCleaner 2008-04-03 18:29 . 2008-04-03 18:29 d-------- C:\Documents and Settings\Marco\Application Data\Grisoft 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpFA2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpED2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpEC2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpDF2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmp162F7.FOT 2008-04-03 14:58 . 2008-04-18 15:25 d-------- C:\Program Files\PowerISO 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iTunes 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iPod 2008-04-03 14:50 . 2008-04-23 12:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-03 14:50 . 2008-04-03 14:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-03 14:48 . 2008-04-03 14:49 d-------- C:\Program Files\QuickTime 2008-03-31 16:25 . 2008-03-31 16:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 16:25 . 2008-03-31 16:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 16:25 . 2008-03-31 16:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-31 16:25 . 2008-03-31 16:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 12:58 . 2008-03-31 12:58 d-------- C:\Documents and Settings\Kat\Application Data\Grisoft 2008-03-31 12:52 . 2008-04-22 21:06 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-31 12:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-31 11:25 . 2008-04-22 11:19 d-------- C:\Program Files\Windows Live 2008-03-31 10:53 . 2008-04-02 15:12 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-31 10:52 . 2008-04-01 15:27 474 ---hs---- C:\WINDOWS\system32\tajnloyb.ini 2008-03-31 09:24 . 2008-03-31 09:24 654 ---hs---- C:\WINDOWS\system32\kemdceqf.ini 2008-03-31 09:16 . 2008-03-31 09:16 594 ---hs---- C:\WINDOWS\system32\qdjpvdgf.ini 2008-03-31 07:37 . 2008-03-31 08:02 534 ---hs---- C:\WINDOWS\system32\qufelgmr.ini 2008-03-30 18:29 . 2008-03-30 22:07 414 ---hs---- C:\WINDOWS\system32\dixhefte.ini 2008-03-30 15:48 . 2008-03-30 15:48 294 ---hs---- C:\WINDOWS\system32\fnfhesfk.ini 2008-03-30 14:01 . 2008-03-30 14:01 294 ---hs---- C:\WINDOWS\system32\lqejrpsy.ini 2008-03-30 11:59 . 2008-03-31 10:33 891 --a------ C:\WINDOWS\wininit.ini 2008-03-30 08:05 . 2008-03-30 08:05 294 ---hs---- C:\WINDOWS\system32\nhbefyuv.ini 2008-03-30 05:37 . 2008-03-30 05:37 d-------- C:\Documents and Settings\Marco\Application Data\Nero 2008-03-29 20:15 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-29 20:15 . 2004-03-09 16:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL 2008-03-29 20:15 . 2004-03-09 16:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-03-29 20:15 . 2004-03-09 16:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-03-29 20:15 . 2004-03-09 16:36 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-03-29 20:15 . 2004-03-09 16:36 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca 2008-03-29 20:15 . 2004-03-09 16:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-03-29 18:27 . 2008-03-29 18:27 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG 2008-03-29 18:23 . 2008-03-29 18:23 d-------- C:\Documents and Settings\Kat\Application Data\Nero 2008-03-29 18:18 . 2008-03-29 18:19 d-------- C:\Program Files\Fichiers communs\Nero 2008-03-29 11:49 . 2008-03-29 11:49 d-------- C:\Program Files\Smart Projects 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Logitech 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Fichiers communs\Logitech 2008-03-28 13:22 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-03-28 13:22 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-03-28 13:22 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-03-28 13:22 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\WINDOWS\system32\AGEIA 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\Program Files\AGEIA Technologies 2008-03-24 12:49 . 2008-03-24 12:49 d-------- C:\Program Files\programmesd 2008-03-23 20:38 . 2008-03-23 20:38 d-------- C:\Documents and Settings\Marco\Application Data\Corel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 17:40 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vso 2008-04-22 13:11 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-22 07:10 --------- d-----w C:\Program Files\Corel 2008-04-22 07:00 --------- d-----w C:\Documents and Settings\Kat\Application Data\Creative 2008-04-22 06:38 --------- d-----w C:\Documents and Settings\Kat\Application Data\Azureus 2008-04-22 06:21 --------- d-----w C:\Documents and Settings\Kat\Application Data\gtk-2.0 2008-04-22 04:44 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin 2008-04-22 04:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-21 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-17 19:56 --------- d-----w C:\Program Files\Azureus 2008-04-17 19:53 --------- d-----w C:\Program Files\Safari 2008-04-16 17:10 --------- d-----w C:\Program Files\Trend Micro 2008-04-15 01:04 --------- d-----w C:\Documents and Settings\Marco\Application Data\uTorrent 2008-04-11 15:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\DivX 2008-04-11 15:40 --------- d-----w C:\Program Files\DivX 2008-04-09 01:12 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-07 01:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 20:56 --------- d-----w C:\Documents and Settings\Marco\Application Data\Azureus 2008-04-02 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-30 03:07 2,277,888 ----a-w C:\WINDOWS\system32\TUKernel.exe 2008-03-30 01:15 --------- d-----w C:\Program Files\Ubisoft 2008-03-29 23:18 --------- d-----w C:\Program Files\Nero 2008-03-29 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-29 22:56 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-03-22 03:25 --------- d-----w C:\Documents and Settings\Kat\Application Data\Corel 2008-03-22 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-03-22 03:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-03-21 23:27 --------- d-----w C:\Documents and Settings\Marco\Application Data\DivX 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-17 17:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-17 17:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\skypePM 2008-03-16 23:34 --------- d-----w C:\Documents and Settings\Amely\Application Data\Apple Computer 2008-03-15 15:17 --------- d-----w C:\Program Files\uTorrent 2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-03-14 04:14 --------- d-----w C:\Program Files\Java 2008-03-14 04:13 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-03-14 00:53 --------- d-----w C:\Documents and Settings\Marco\Application Data\Ahead 2008-03-11 17:22 --------- d-----w C:\Documents and Settings\Kat\Application Data\Media Player Classic 2008-03-11 15:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-10 23:07 --------- d-----w C:\Documents and Settings\Amely\Application Data\DivX 2008-03-10 21:33 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies 2008-03-10 21:31 --------- d-----w C:\Program Files\Creative 2008-03-10 20:59 --------- d-----w C:\Documents and Settings\Amely\Application Data\Creative 2008-03-10 20:40 --------- d-----w C:\Program Files\Photo Story 3 for Windows 2008-03-09 23:53 --------- d-----w C:\Documents and Settings\Amely\Application Data\TuneUp Software 2008-03-09 18:48 --------- d-----w C:\Documents and Settings\Kat\Application Data\Apple Computer 2008-03-07 01:15 --------- d-----w C:\Documents and Settings\Marco\Application Data\TuneUp Software 2008-03-06 21:51 --------- d-----w C:\Documents and Settings\Marco\Application Data\Apple Computer 2008-03-06 21:50 --------- d-----w C:\Program Files\Bonjour 2008-03-06 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-06 21:49 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-03-06 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll 2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll 2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll 2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll 2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll 2008-03-05 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-05 17:41 --------- d-----w C:\Program Files\GIMP-2.0 2008-03-05 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-05 00:07 --------- d-----w C:\Program Files\ASUS 2008-03-05 00:03 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-04 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-03-04 17:07 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-04 17:07 47,360 ----a-w C:\Documents and Settings\Kat\Application Data\pcouffin.sys 2008-03-04 17:07 --------- d-----w C:\Program Files\VSO 2008-03-04 16:30 --------- d-----w C:\Documents and Settings\Kat\Application Data\CyberLink 2008-03-04 15:44 --------- d-----w C:\Documents and Settings\Kat\Application Data\Ahead 2008-03-04 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-04 03:58 --------- d-----w C:\Documents and Settings\Kat\Application Data\MSNInstaller 2008-03-04 03:15 71,634 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-03-04 03:15 5,417 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Marco\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Amely\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vidéotron 2008-03-03 03:58 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems 2008-03-03 03:30 --------- d-----w C:\Program Files\Macrogaming 2008-03-03 02:50 --------- d-----w C:\Program Files\VSO ConvertXToDVD 2.1.17.241 2008-03-03 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-03-03 02:42 --------- d-----w C:\Program Files\MSECache 2008-03-03 02:36 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-03 02:29 --------- d-----w C:\Program Files\DVD Shrink 2008-03-03 01:53 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 01:37 --------- d-----w C:\Program Files\CCleaner 2008-03-02 20:34 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-08-28 18:54 237,568 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2007-05-17 22:45 208,991 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2007-05-17 22:45 450,657 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2002-06-03 21:46 454,656 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2005-11-09 16:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 16:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll . ------- Sigcheck ------- 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 08:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 04:48 906480] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 07:05 16239616 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 12:00 36961] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 21:43 53340] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Corel Photo Downloader"="C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272] C:\Documents and Settings\Amely\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\Marco\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] C:\Documents and Settings\Kat\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\WINDOWS\system32\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55] R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 12:00] R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-24 12:00] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06] R4 atidgllk;atidgllk;C:\WINDOWS\atidgllk.sys [2005-10-20 10:29] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 20:13] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-23 23:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-23 22:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-23 23:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 18:03:41 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll . Temps d'accomplissement: 2008-04-23 18:05:05 ComboFix-quarantined-files.txt 2008-04-23 23:04:40 ComboFix2.txt 2008-04-18 22:28:55 Pre-Run: 16,553,136,128 octets libres Post-Run: 16,559,722,496 octets libres 328 --- E O F --- 2008-04-09 04:56:46

sKe69 · Answer

mauvaise manipe ... Endroit: C:\Documents and Settings\Kat\Bureau\ComboFix.exe <--- je t'ai demander de le renommer en "Killbagle.exe" avant de le lancer .
Recommences svp.

marie-douce12 · Answer

oups !dsl! ComboFix 08-04-22.5 - Kat 2008-04-23 18:57:24.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.483 [GMT -5:00] Endroit: C:\Documents and Settings\Kat\Bureau\killbagle.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))))))) . 2008-04-22 23:11 . 2008-04-22 23:11 d-------- C:\Program Files\Avira 2008-04-22 22:32 . 2008-04-22 23:11 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-22 21:07 . 2008-04-22 21:07 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-04-22 11:04 . 2008-04-22 11:04 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-22 02:12 . 2008-04-22 02:12 d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-04-22 02:12 . 2008-04-22 08:11 88 -r-hs---- C:\WINDOWS\system32\A21778D613.sys 2008-04-22 02:10 . 2008-04-22 02:10 d-------- C:\Program Files\Fichiers communs\Corel 2008-04-22 02:04 . 2008-04-22 02:04 d-------- C:\Documents and Settings\Kat\Application Data\InstallShield 2008-04-22 02:01 . 2008-04-22 02:01 d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-04-21 23:52 . 2008-04-21 23:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-21 23:52 . 2008-04-21 23:52 d-------- C:\Documents and Settings\Kat\Application Data\Malwarebytes 2008-04-21 23:52 . 2008-04-21 23:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-21 23:04 . 2008-04-21 23:04 d-------- C:\Program Files\Opera 2008-04-21 22:41 . 2008-04-21 22:41 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-18 15:09 . 2008-04-18 15:24 d-------- C:\VundoFix Backups 2008-04-18 11:45 . 2008-04-18 11:45 1,770,815 --a------ C:\ComboFix.exe 2008-04-17 14:52 . 2008-04-17 14:52 d-------- C:\Program Files\Apple Software Update 2008-04-16 12:53 . 2008-04-16 17:05 4,158 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-16 12:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-16 12:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-16 12:48 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-16 12:48 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-16 12:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-16 12:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-15 20:09 . 2008-04-15 20:09 d-------- C:\Documents and Settings\Amely\Application Data\Grisoft 2008-04-15 18:19 . 2008-04-22 15:37 d-------- C:\Program Files\Navilog1 2008-04-12 20:33 . 2008-04-12 20:33 d-------- C:\Documents and Settings\Amely\Application Data\Nero 2008-04-11 16:34 . 2008-04-11 16:34 d-------- C:\divx 2008-04-10 13:55 . 2008-04-10 13:55 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games 2008-04-08 23:31 . 2008-04-08 23:31 d-------- C:\Documents and Settings\Marco\Application Data\CyberLink 2008-04-08 22:45 . 2008-04-09 22:08 d-------- C:\Program Files\Project64 1.6 2008-04-08 21:12 . 2008-04-08 21:12 d-------- C:\Program Files\Aspyr 2008-04-08 20:13 . 2008-04-08 20:13 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-08 20:13 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-08 20:12 . 2008-04-08 20:14 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-08 13:50 . 2008-04-08 13:50 d-------- C:\Documents and Settings\Kat\Application Data\DAEMON Tools 2008-04-08 13:50 . 2008-04-08 13:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 20:29 . 2008-04-06 20:29 d-------- C:\Program Files\The History Channel - Lost Worlds 2008-04-06 20:18 . 2008-04-06 20:18 1,681 --a------ C:\WINDOWS\[u]0[/u] 2008-04-06 20:18 . 2008-04-06 20:18 220 --a------ C:\WINDOWS\False 2008-04-06 20:18 . 2008-04-06 20:18 102 --a------ C:\WINDOWS\Times New Roman 2008-04-06 20:15 . 2008-04-06 20:15 d-------- C:\Program Files\Mindscape 2008-04-04 14:30 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\SoftInform 2008-04-04 14:24 . 2008-04-04 14:24 d-------- C:\Program Files\SoftInform 2008-04-04 14:24 . 2008-04-04 14:30 d-------- C:\Documents and Settings\Kat\Application Data\AdsCleaner 2008-04-03 18:29 . 2008-04-03 18:29 d-------- C:\Documents and Settings\Marco\Application Data\Grisoft 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpFA2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpED2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpEC2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmpDF2F7.FOT 2008-04-03 16:07 . 2008-04-03 16:07 1,409 --a------ C:\WINDOWS\system32\tmp162F7.FOT 2008-04-03 14:58 . 2008-04-18 15:25 d-------- C:\Program Files\PowerISO 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iTunes 2008-04-03 14:50 . 2008-04-03 14:50 d-------- C:\Program Files\iPod 2008-04-03 14:50 . 2008-04-23 12:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-03 14:50 . 2008-04-03 14:50 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-03 14:48 . 2008-04-03 14:49 d-------- C:\Program Files\QuickTime 2008-03-31 16:25 . 2008-03-31 16:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 16:25 . 2008-03-31 16:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 16:25 . 2008-03-31 16:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-31 16:25 . 2008-03-31 16:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-31 12:58 . 2008-03-31 12:58 d-------- C:\Documents and Settings\Kat\Application Data\Grisoft 2008-03-31 12:52 . 2008-04-22 21:06 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-31 12:52 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-31 11:25 . 2008-04-22 11:19 d-------- C:\Program Files\Windows Live 2008-03-31 10:53 . 2008-04-02 15:12 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-31 10:52 . 2008-04-01 15:27 474 ---hs---- C:\WINDOWS\system32\tajnloyb.ini 2008-03-31 09:24 . 2008-03-31 09:24 654 ---hs---- C:\WINDOWS\system32\kemdceqf.ini 2008-03-31 09:16 . 2008-03-31 09:16 594 ---hs---- C:\WINDOWS\system32\qdjpvdgf.ini 2008-03-31 07:37 . 2008-03-31 08:02 534 ---hs---- C:\WINDOWS\system32\qufelgmr.ini 2008-03-30 18:29 . 2008-03-30 22:07 414 ---hs---- C:\WINDOWS\system32\dixhefte.ini 2008-03-30 15:48 . 2008-03-30 15:48 294 ---hs---- C:\WINDOWS\system32\fnfhesfk.ini 2008-03-30 14:01 . 2008-03-30 14:01 294 ---hs---- C:\WINDOWS\system32\lqejrpsy.ini 2008-03-30 11:59 . 2008-03-31 10:33 891 --a------ C:\WINDOWS\wininit.ini 2008-03-30 08:05 . 2008-03-30 08:05 294 ---hs---- C:\WINDOWS\system32\nhbefyuv.ini 2008-03-30 05:37 . 2008-03-30 05:37 d-------- C:\Documents and Settings\Marco\Application Data\Nero 2008-03-29 20:15 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-03-29 20:15 . 2004-03-09 16:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL 2008-03-29 20:15 . 2004-03-09 16:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-03-29 20:15 . 2004-03-09 16:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-03-29 20:15 . 2004-03-09 16:36 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-03-29 20:15 . 2004-03-09 16:36 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca 2008-03-29 20:15 . 2004-03-09 16:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-03-29 18:27 . 2008-03-29 18:27 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG 2008-03-29 18:23 . 2008-03-29 18:23 d-------- C:\Documents and Settings\Kat\Application Data\Nero 2008-03-29 18:18 . 2008-03-29 18:19 d-------- C:\Program Files\Fichiers communs\Nero 2008-03-29 11:49 . 2008-03-29 11:49 d-------- C:\Program Files\Smart Projects 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-03-28 13:24 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Logitech 2008-03-28 13:22 . 2008-03-28 13:22 d-------- C:\Program Files\Fichiers communs\Logitech 2008-03-28 13:22 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2008-03-28 13:22 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2008-03-28 13:22 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2008-03-28 13:22 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\WINDOWS\system32\AGEIA 2008-03-28 13:06 . 2008-03-28 13:06 d-------- C:\Program Files\AGEIA Technologies 2008-03-24 12:49 . 2008-03-24 12:49 d-------- C:\Program Files\programmesd 2008-03-23 20:38 . 2008-03-23 20:38 d-------- C:\Documents and Settings\Marco\Application Data\Corel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 17:40 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vso 2008-04-22 13:11 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-22 07:10 --------- d-----w C:\Program Files\Corel 2008-04-22 07:00 --------- d-----w C:\Documents and Settings\Kat\Application Data\Creative 2008-04-22 06:38 --------- d-----w C:\Documents and Settings\Kat\Application Data\Azureus 2008-04-22 06:21 --------- d-----w C:\Documents and Settings\Kat\Application Data\gtk-2.0 2008-04-22 04:44 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin 2008-04-22 04:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-21 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-04-17 19:56 --------- d-----w C:\Program Files\Azureus 2008-04-17 19:53 --------- d-----w C:\Program Files\Safari 2008-04-16 17:10 --------- d-----w C:\Program Files\Trend Micro 2008-04-15 01:04 --------- d-----w C:\Documents and Settings\Marco\Application Data\uTorrent 2008-04-11 15:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\DivX 2008-04-11 15:40 --------- d-----w C:\Program Files\DivX 2008-04-09 01:12 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-07 01:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 20:56 --------- d-----w C:\Documents and Settings\Marco\Application Data\Azureus 2008-04-02 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-30 03:07 2,277,888 ----a-w C:\WINDOWS\system32\TUKernel.exe 2008-03-30 01:15 --------- d-----w C:\Program Files\Ubisoft 2008-03-29 23:18 --------- d-----w C:\Program Files\Nero 2008-03-29 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-29 22:56 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-03-22 03:25 --------- d-----w C:\Documents and Settings\Kat\Application Data\Corel 2008-03-22 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-03-22 03:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-03-21 23:27 --------- d-----w C:\Documents and Settings\Marco\Application Data\DivX 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-17 17:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-17 17:50 --------- d-----w C:\Documents and Settings\Kat\Application Data\skypePM 2008-03-16 23:34 --------- d-----w C:\Documents and Settings\Amely\Application Data\Apple Computer 2008-03-15 15:17 --------- d-----w C:\Program Files\uTorrent 2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys 2008-03-14 04:14 --------- d-----w C:\Program Files\Java 2008-03-14 04:13 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-03-14 00:53 --------- d-----w C:\Documents and Settings\Marco\Application Data\Ahead 2008-03-11 17:22 --------- d-----w C:\Documents and Settings\Kat\Application Data\Media Player Classic 2008-03-11 15:41 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-10 23:07 --------- d-----w C:\Documents and Settings\Amely\Application Data\DivX 2008-03-10 21:33 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies 2008-03-10 21:31 --------- d-----w C:\Program Files\Creative 2008-03-10 20:59 --------- d-----w C:\Documents and Settings\Amely\Application Data\Creative 2008-03-10 20:40 --------- d-----w C:\Program Files\Photo Story 3 for Windows 2008-03-09 23:53 --------- d-----w C:\Documents and Settings\Amely\Application Data\TuneUp Software 2008-03-09 18:48 --------- d-----w C:\Documents and Settings\Kat\Application Data\Apple Computer 2008-03-07 01:15 --------- d-----w C:\Documents and Settings\Marco\Application Data\TuneUp Software 2008-03-06 21:51 --------- d-----w C:\Documents and Settings\Marco\Application Data\Apple Computer 2008-03-06 21:50 --------- d-----w C:\Program Files\Bonjour 2008-03-06 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-06 21:49 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-03-06 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-03-05 21:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll 2008-03-05 21:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll 2008-03-05 21:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll 2008-03-05 20:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll 2008-03-05 20:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll 2008-03-05 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-03-05 17:41 --------- d-----w C:\Program Files\GIMP-2.0 2008-03-05 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-03-05 00:07 --------- d-----w C:\Program Files\ASUS 2008-03-05 00:03 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-04 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk 2008-03-04 17:07 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-04 17:07 47,360 ----a-w C:\Documents and Settings\Kat\Application Data\pcouffin.sys 2008-03-04 17:07 --------- d-----w C:\Program Files\VSO 2008-03-04 16:30 --------- d-----w C:\Documents and Settings\Kat\Application Data\CyberLink 2008-03-04 15:44 --------- d-----w C:\Documents and Settings\Kat\Application Data\Ahead 2008-03-04 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-04 03:58 --------- d-----w C:\Documents and Settings\Kat\Application Data\MSNInstaller 2008-03-04 03:15 71,634 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-03-04 03:15 5,417 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Marco\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Kat\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\Amely\Application Data\Vidéotron 2008-03-03 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vidéotron 2008-03-03 03:58 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems 2008-03-03 03:30 --------- d-----w C:\Program Files\Macrogaming 2008-03-03 02:50 --------- d-----w C:\Program Files\VSO ConvertXToDVD 2.1.17.241 2008-03-03 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-03-03 02:42 --------- d-----w C:\Program Files\MSECache 2008-03-03 02:36 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-03 02:29 --------- d-----w C:\Program Files\DVD Shrink 2008-03-03 01:53 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 01:37 --------- d-----w C:\Program Files\CCleaner 2008-03-02 20:34 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-08-28 18:54 237,568 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2007-05-17 22:45 208,991 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2007-05-17 22:45 450,657 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2002-06-03 21:46 454,656 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2005-11-09 16:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 16:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll . ------- Sigcheck ------- 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe 2007-06-13 08:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 08:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 04:48 906480] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 07:05 16239616 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 12:00 36961] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 21:43 53340] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Corel Photo Downloader"="C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272] C:\Documents and Settings\Amely\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\Marco\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] C:\Documents and Settings\Kat\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 17:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14 155648] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\WINDOWS\system32\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"= "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55] R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 12:00] R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-24 12:00] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06] R4 atidgllk;atidgllk;C:\WINDOWS\atidgllk.sys [2005-10-20 10:29] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 20:13] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-23 23:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-23 22:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-23 23:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 18:58:19 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-23 18:59:10 ComboFix-quarantined-files.txt 2008-04-23 23:58:57 ComboFix2.txt 2008-04-23 23:05:05 ComboFix3.txt 2008-04-18 22:28:55 Pre-Run: 16,570,875,904 octets libres Post-Run: 16,560,111,616 octets libres 324 --- E O F --- 2008-04-09 04:56:46 voila c bon la !!!

sKe69 · Answer

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau. 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
 
clic double sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 

C:\WINDOWS\system32	ajnloyb.ini 
C:\WINDOWS\system32\kemdceqf.ini 
C:\WINDOWS\system32\qdjpvdgf.ini 
C:\WINDOWS\system32\qufelgmr.ini 
C:\WINDOWS\system32\dixhefte.ini 
C:\WINDOWS\system32\fnfhesfk.ini 
C:\WINDOWS\system32\lqejrpsy.ini 
C:\WINDOWS\system32
hbefyuv.ini 

et colles-la dans le cadre de gauche de OTMoveIt2 : 
Paste standard List of Files/Folders to be moved.
 
cliques sur MoveIt! pour lancer la suppression. 
le résultat apparaîtra dans le cadre Results.
 
cliques sur Exit pour fermer. 
postes le rapport situé dans C:\\_OTMoveIt\MovedFiles. 

il te sera peut-être demandé de redémarrer le pc pour achever la suppression. 
si c'est le cas acceptes par "Yes".

marie-douce12 · Answer

C:\WINDOWS\system32	ajnloyb.ini moved successfully.
C:\WINDOWS\system32\kemdceqf.ini moved successfully.
C:\WINDOWS\system32\qdjpvdgf.ini moved successfully.
C:\WINDOWS\system32\qufelgmr.ini moved successfully.
C:\WINDOWS\system32\dixhefte.ini moved successfully.
C:\WINDOWS\system32\fnfhesfk.ini moved successfully.
C:\WINDOWS\system32\lqejrpsy.ini moved successfully.
C:\WINDOWS\system32
hbefyuv.ini moved successfully.
File/Folder  not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04232008_201411

sKe69 · Answer

très bien ...
Un coup de CCleaner ( registre compris ) 
Relances un scan avec AntiVir pour voir ce qui reste de Vundo ...
Postes le rapport qui sera générer ...

marie-douce12 · Answer

voila le scan antivir: Avira AntiVir Personal Report file date: 23 avril 2008 20:26 Scanning for 1229906 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ORDI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 16:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 15:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 15:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 15:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 17:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 20:08:58 ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 04:12:45 ANTIVIR3.VDF : 7.0.3.200 13824 Bytes 2008-04-22 04:12:45 Engineversion : 8.1.0.32 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 16:58:21 AESCRIPT.DLL : 8.1.0.26 233850 Bytes 2008-04-23 04:12:57 AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-23 04:12:55 AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 22:34:44 AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-23 04:12:55 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-23 04:12:53 AEHEUR.DLL : 8.1.0.18 1167735 Bytes 2008-04-23 04:12:52 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-23 04:12:49 AEGEN.DLL : 8.1.0.17 299380 Bytes 2008-04-23 04:12:48 AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 22:34:43 AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-23 04:12:46 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-24 00:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 17:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 20:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-24 00:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 15:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-24 00:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 21:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 19:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 23 avril 2008 20:26 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned Scan process 'CTLCMgr.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'CTSched.exe' - '1' Module(s) have been scanned Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned Scan process 'StartFX.exe' - '1' Module(s) have been scanned Scan process 'SweetIM.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'PSIService.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '27' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' E:\System Volume Information\_restore{5C8DEE82-5E54-4DFF-8308-471B28D22313}\RP158\A0031427.exe [0] Archive type: RAR SFX (self extracting) --> winzip checksum.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001 [WARNING] End of the scan: 24 avril 2008 10:22 Used time: 13:56:11 min The scan has been done completely. 12227 Scanning directories 338177 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 338176 Files not concerned 2599 Archives were scanned 4 Warnings 0 Notes

sKe69 · Answer

Attend pour la suite , je vais demander un coup de main ...

sKe69 · Answer

en attendant , 
redémarre ton PC en mode sans échec :

Double cliquer sur VirtumundoBeGone.exe  et suivre les instructions. 
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau , postes le. 
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). 

puis ensuite, fait un autre scan monjack et postes le aussi .

marie-douce12 · Answer

voila :


[04/24/2008, 18:27:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kat\Bureau\VirtumundoBeGone.exe" )
[04/24/2008, 18:27:31] - Detected System Information:
[04/24/2008, 18:27:31] -  Windows Version: 5.1.2600, Service Pack 2
[04/24/2008, 18:27:31] -  Current Username: Kat (Admin)
[04/24/2008, 18:27:31] -  Windows is in SAFE mode with Networking.
[04/24/2008, 18:27:31] - Searching for Browser Helper Objects:
[04/24/2008, 18:27:31] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/24/2008, 18:27:31] -  BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[04/24/2008, 18:27:31] -  BHO 3: {40FB69E1-9B7B-453F-B238-37D8E9528929} (SIPAKBHO Class)
[04/24/2008, 18:27:31] -  BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 18:27:31] -  BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 18:27:31] -  BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/24/2008, 18:27:31] - Finished Searching Browser Helper Objects
[04/24/2008, 18:27:31] - Finishing up...
[04/24/2008, 18:27:31] - Nothing found! Exiting...


et le hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:48, on 2008-04-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://get2.adobe.com/reader/otherversions/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: AdsCleaner Helper - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Program Files\SoftInform\AdsCleaner Trial\PAKIEPlugins.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: AdsCleaner Links Bar - {A8415B7A-F661-4D31-92D7-4398E50483DF} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
O3 - Toolbar: AdsCleaner Bar - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AdsCleaner Bar - {B5D8F853-BEC9-4F9C-B3C9-0F744B6869D1} - C:\PROGRA~1\SOFTIN~1\ADSCLE~1\PAKIEGUI.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

sKe69 · Answer

click double sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 

E:\films kat\winzip checksum.exe

et colles-la dans le cadre de gauche de OTMoveIt2 : 
Paste standard List of Files/Folders to be moved. 

cliques sur MoveIt! pour lancer la suppression. 
le résultat apparaîtra dans le cadre Results. 

cliques sur Exit pour fermer. 
postes le rapport situé dans C:\\_OTMoveIt\MovedFiles. 

il te sera peut-être demandé de redémarrer le pc pour achever la suppression. 
si c'est le cas acceptes par "Yes".

marie-douce12 · Answer

File/Folder E:\films kat\winzip checksum.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04242008_184655

sKe69 · Answer

E:\ ---> à quoi correspond-t-il svp ? disk dur esclave , lecteur DVD ? ...

marie-douce12 · Answer

E:storage

sKe69 · Answer

Quand dans poste de travaille tu clik sur E\: où tombes tu ?

marie-douce12 · Answer

je tombe dans le storage...

sKe69 · Answer

OK ....
je voudrais que tu faces ce-ci :
Crées un point de restauration de ton PC :

Aller dans le Menu Démarrer puis dans Programmes, 
- Ensuite dans Accessoires et enfin dans Outils système, 
- Choisir Restauration du système, 
- Sélectionner Créer un point de restauration, 
- Cliquer sur Suivant, 
- Entrer un nom pour le point de restauration : ce nom doit être assez évocateur, 
- Cliquer sur Créer et le point de restauration se créé automatiquement.

préviens moi dès que cela est fait ...

marie-douce12 · Answer

voila c fait!

sKe69 · Answer

bien ... maintenant fait exactement ce qui suit ( cela risque d'être un peu long ...)

1-Restauration système :
--->Désactive ta restauration :
Clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer, OK 
Redémarre ton PC .
--->Réactive ta restauration :
Clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer, OK 
Redémarre ton PC .

2-Nettoyage :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" 
Clique sur le bouton "nettoyage de disque", OK 
tu le fais pour chacun de tes disques  ( je pense au E\:)

3-Vérifications des erreurs :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" 
"Vérifier maintenant", une boîte s'ouvre, cocher les cases 
réparer automatiquement les erreurs... 
rechercher et tenter une récupération... 
Démarrer, ok 
s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal 
tu le fais pour chacun de tes disques  ( je pense au E\:)

Une fois tout cela fait , relance un scan avec AntiVir et postes le dernier rapport obtenue ...

J'attends tout ces résultats demain ... Tchouss Marie   ;)

marie-douce12 · Answer

voila pour le scan antivir!!!bonne nuit!a demain;) Avira AntiVir Personal Report file date: 24 avril 2008 21:21 Scanning for 1236771 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ORDI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 16:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 15:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 15:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 15:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 17:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 20:08:58 ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 2008-04-22 04:12:45 ANTIVIR3.VDF : 7.0.3.210 113664 Bytes 2008-04-24 02:20:56 Engineversion : 8.1.0.32 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 16:58:21 AESCRIPT.DLL : 8.1.0.26 233850 Bytes 2008-04-23 04:12:57 AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-23 04:12:55 AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-07 22:34:44 AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-23 04:12:55 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-23 04:12:53 AEHEUR.DLL : 8.1.0.18 1167735 Bytes 2008-04-23 04:12:52 AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-23 04:12:49 AEGEN.DLL : 8.1.0.17 299380 Bytes 2008-04-23 04:12:48 AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-07 22:34:43 AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-23 04:12:46 AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-24 00:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 17:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 20:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-24 00:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 15:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-24 00:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 21:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 19:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 24 avril 2008 21:21 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'CTLCMgr.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'CTSched.exe' - '1' Module(s) have been scanned Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned Scan process 'StartFX.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'PSIService.exe' - '1' Module(s) have been scanned Scan process 'SweetIM.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 55 processes with 55 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Kat\Bureau\bureau\Sécurité et nettoyage\Navilog1.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.82 [NOTE] The file was moved to '488742b6.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' Begin scan in 'E:\' End of the scan: 24 avril 2008 21:57 Used time: 36:07 min The scan has been done completely. 11946 Scanning directories 317704 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 317703 Files not concerned 2593 Archives were scanned 3 Warnings 1 Notes our le scan antivir:a demain;)

sKe69 · Answer

salut,
tout est OK ... Enfin !

Supprime tout ce que AntiVir a en quarantaine .

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe 
Clique sur Recherche et laisse le scan se terminer (cela peut-être un peut long ) 
Clique sur Suppression pour finaliser. 
tu peux, si tu le souhaites, te servir des Options facultatives 

se petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . 
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolsclaener2 n'a pas supprimé . 

Puis enfin supprimes Toolscleaner2 ... 

Un bon coup de CCleaner (registre compris) .

Refait ce-ci :
1-Restauration système : 
--->Désactive ta restauration : 
Clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer, OK 
Redémarre ton PC . 
--->Réactive ta restauration : 
Clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer, OK 
Redémarre ton PC . 

2-Défragmentation 
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" 
--->"défragmenter maintenant", OK 
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK 
tu le fais pour chacun de tes disques .

une fois cela terminer :
3-Crées un nouveau point de restauration de ton PC : 

Aller dans le Menu Démarrer puis dans Programmes, 
- Ensuite dans Accessoires et enfin dans Outils système, 
- Choisir Restauration du système, 
- Sélectionner Créer un point de restauration, 
- Cliquer sur Suivant, 
- Entrer un nom pour le point de restauration : ce nom doit être assez évocateur, 
- Cliquer sur Créer et le point de restauration se créé automatiquement. 

Si tu n'a plus d'autres souci ... J'ESPERE BIEN que cette fois ci, c'est la bonne ...

Conseil : tu peut maintenant faire plusieurs sessions ... Mais chacun son PC se serai mieux , surtout si : je partage cet ordi avec quelqun qui va souvent télécharger sur les sites de torrents et que personne ne s'occupe vraiment des défences du PC ( mises à jours des anti-virus et autres , scan du PC ,ect...) . 

Je te dis bye et bonne continuation à toi ...   ;)

marie-douce12 · Answer

bon ca y est !!!!je te remercie infiniment de ta patience et vais tacher de faire tout en mon possible pour garder le tout propre et a jour!!!;)))marie-douce12

sKe69 · Answer

Tchouss Marie !!!

Fenetre pop up

60 réponses

Discussions similaires

Newsletters