Bonjour, Un petit message jaune est affiché en provenance de ma barre d'état. Il est intitulé: system performance monitor: warning. Il ouvre tout seul des fenêtres Internet explorer. Il me demande de cliquer sur la fenètre pour télécharger "spyware scan tool to remove spyware/adware applications", logiciels qui s'avèrent être payants. Mon ordinateur est pourtant équipé d'une part de ZoneAlarm, d'autre part d'Avast. J'y rajoute de + quelques coup de ccleaner. Comment me débarasser de ce truc là?

-----------------------[ Lop S&D 4.2.0-6 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Sylvain Lhuillier ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 06/05/2008 | 14:39:23,31 ] [ PC : SYLVAIN ] [ MAJ : 04-05-2008 | 14:40 ] -------------[ Listing des dossiers dans Application Data ]------------ [19/05/2004|20:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink [31/03/2004|17:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [31/03/2004|18:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help [31/03/2004|17:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [31/03/2004|17:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [31/03/2004|18:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Roxio [31/03/2004|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [22/04/2007|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [07/03/2008|22:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus [28/04/2005|14:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [03/04/2006|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother [31/03/2004|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [31/03/2004|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [06/04/2008|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG [11/01/2008|14:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater [22/01/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft [03/04/2006|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [18/01/2008|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [15/01/2005|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision [17/03/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [31/03/2004|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [02/09/2005|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6 [02/05/2007|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [04/04/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache [16/10/2005|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [31/03/2004|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio [03/04/2006|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [05/10/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [11/01/2008|14:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [02/05/2007|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [17/11/2007|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [23/05/2007|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip [29/09/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [31/03/2004|17:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [31/03/2004|17:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [18/12/2005|18:10] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Adobe [01/02/2006|13:43] C:\DOCUME~1\SYLVAI~1\APPLIC~1\AdobeUM [22/04/2007|19:22] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Apple Computer [07/03/2008|22:32] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Azureus [24/09/2006|14:36] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Brother [18/12/2005|18:29] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Creative [19/05/2004|20:35] C:\DOCUME~1\SYLVAI~1\APPLIC~1\CyberLink [09/01/2008|15:22] C:\DOCUME~1\SYLVAI~1\APPLIC~1\DAEMON Tools [31/03/2004|17:16] C:\DOCUME~1\SYLVAI~1\APPLIC~1\desktop.ini [02/02/2007|21:21] C:\DOCUME~1\SYLVAI~1\APPLIC~1\dm.ini [03/01/2007|17:30] C:\DOCUME~1\SYLVAI~1\APPLIC~1\dvdcss [06/04/2008|13:32] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Free Download Manager [16/10/2005|20:03] C:\DOCUME~1\SYLVAI~1\APPLIC~1\FUJIFILM [16/12/2007|20:14] C:\DOCUME~1\SYLVAI~1\APPLIC~1\GetRightToGo [31/03/2004|18:17] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Help [31/03/2004|17:24] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Identities [01/08/2007|14:03] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Leadertech [14/01/2006|16:45] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Macromedia [31/03/2004|17:16] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Microsoft [03/04/2006|20:05] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Microsoft Web Folders [07/10/2006|10:09] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Mozilla [02/09/2005|22:16] C:\DOCUME~1\SYLVAI~1\APPLIC~1\MSN6 [02/05/2007|18:32] C:\DOCUME~1\SYLVAI~1\APPLIC~1\NCH Swift Sound [03/10/2007|20:50] C:\DOCUME~1\SYLVAI~1\APPLIC~1\OpenOffice.org2 [20/03/2008|13:49] C:\DOCUME~1\SYLVAI~1\APPLIC~1\RayV.trc [24/06/2007|16:16] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Real [02/05/2007|18:33] C:\DOCUME~1\SYLVAI~1\APPLIC~1\RecordPad [31/03/2004|18:27] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Roxio [15/03/2007|19:30] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Screenshot Sender [16/01/2008|10:49] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Shareaza [04/03/2008|21:20] C:\DOCUME~1\SYLVAI~1\APPLIC~1\SopCast [14/03/2007|18:18] C:\DOCUME~1\SYLVAI~1\APPLIC~1\stickies [28/09/2007|20:56] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Sun [05/10/2005|20:40] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Symantec [15/01/2005|09:09] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Template [04/10/2007|17:11] C:\DOCUME~1\SYLVAI~1\APPLIC~1\Vista Start Menu [03/12/2006|19:49] C:\DOCUME~1\SYLVAI~1\APPLIC~1\vlc [19/05/2004|20:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink [31/03/2004|17:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [31/03/2004|18:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help [31/03/2004|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [31/03/2004|17:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [31/03/2004|18:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio

System performance monitor: warning ???

Réponse 41 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut,

bien on continue,

supprime correctement avast avec le lien ci-dessous:

https://www.avast.com/fr-fr/uninstall-utility

à la place tu télécharge antivir sur le lien ci-dessous:(le tutoriel est avec)

https://www.malekal.com/avira-free-security-antivirus-gratuit/

fais une analyse complète avec antivir.
A chaque fois que antivir va trouver un virus tu cocheras la case DELETEce qui veut dire supprimer enb français.
a la fin du scan un rapport t'es proposé en vois le moi .

Réponse 42 / 61

Médéstrac

Avira AntiVir Personal
Report file date: vendredi 23 mai 2008 18:06

Scanning for 1285666 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: SYLVAIN

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 16:04:38
ANTIVIR3.VDF : 7.0.4.84 148480 Bytes 23/05/2008 16:04:38
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 23/05/2008 16:04:44
AESCN.DLL : 8.1.0.18 119156 Bytes 23/05/2008 16:04:44
AERDL.DLL : 8.1.0.20 418165 Bytes 23/05/2008 16:04:44
AEPACK.DLL : 8.1.1.5 364918 Bytes 23/05/2008 16:04:44
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 23/05/2008 16:04:42
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 23/05/2008 16:04:42
AEHELP.DLL : 8.1.0.14 115063 Bytes 23/05/2008 16:04:40
AEGEN.DLL : 8.1.0.21 303477 Bytes 23/05/2008 16:04:40
AEEMU.DLL : 8.1.0.6 430451 Bytes 23/05/2008 16:04:40
AECORE.DLL : 8.1.0.29 168311 Bytes 23/05/2008 16:04:40
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 23 mai 2008 18:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'OctoshapeClient.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'VSMON.EXE' - '0' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned
Scan process 'STICKIES.EXE' - '1' Module(s) have been scanned
Scan process 'FINDFAST.EXE' - '1' Module(s) have been scanned
Scan process 'OSA.EXE' - '1' Module(s) have been scanned
Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
Scan process 'VistaStartMenu.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'BrccMCtl.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'ZLCLIENT.EXE' - '0' Module(s) have been scanned
Scan process 'QTTASK.EXE' - '1' Module(s) have been scanned
Scan process 'PPTD40NT.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SiSWLSvc.exe' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'BRSS01A.EXE' - '1' Module(s) have been scanned
Scan process 'BRSVC01A.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Paramètre incorrect.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\' <FDM72F4>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{6C94F74F-33A7-4360-B2DE-A3C1F54BC116}\RP856\A0267742.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{6C94F74F-33A7-4360-B2DE-A3C1F54BC116}\RP862\A0270515.dll
[DETECTION] Is the Trojan horse TR/Fakealert.13312
[NOTE] The file was deleted!
C:\System Volume Information\_restore{6C94F74F-33A7-4360-B2DE-A3C1F54BC116}\RP862\A0270517.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.lps.9
[NOTE] The file was deleted!
C:\System Volume Information\_restore{6C94F74F-33A7-4360-B2DE-A3C1F54BC116}\RP862\A0270518.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.lps.10
[NOTE] The file was deleted!
C:\System Volume Information\_restore{6C94F74F-33A7-4360-B2DE-A3C1F54BC116}\RP864\A0271995.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.lps.7
[NOTE] The file was deleted!
C:\Downloads\Software\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.90
[NOTE] The file was deleted!

End of the scan: vendredi 23 mai 2008 19:05
Used time: 59:01 min

The scan has been done completely.

10297 Scanning directories
554977 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
554971 Files not concerned
9460 Archives were scanned
4 Warnings
6 Notes

Réponse 43 / 61

ludsfa Messages postés 1287 Statut Membre 15

bien on continue,

Télécharge MalwareByte's Anti-Malware sur ton Bureau:
https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html
Installe-le en double-cliquant sur le fichier

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec :
http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

aide sur MBMA:http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

Réponse 44 / 61

Médéstrac

Malwarebytes' Anti-Malware 1.12
Database version: 782

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|H:\|I:\|J:\|)
Objects scanned: 187754
Time elapsed: 2 hour(s), 36 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c95fe080-8f5d-11d2-a20b-00aa003c157a} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\717305 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

Réponse 45 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut,

comment ce porte ton PC ?

Dis moi si tu supprime des virus parfois.

Maintenant repasse combofix encore une fois.

Réponse 46 / 61

Médéstrac

ComboFix 08-05-21.3 - Administrateur 2008-05-24 11:23:53.5 - [color=red][b]FAT32[/b][/color]x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.379 [GMT 2:00]
Endroit: C:\Documents and Settings\Sylvain Lhuillier\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-23 20:49 . 2008-05-23 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-23 20:45 . 2008-05-23 20:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 20:45 . 2008-05-23 20:45 <REP> d-------- C:\Documents and Settings\Sylvain Lhuillier\Application Data\Malwarebytes
2008-05-23 20:45 . 2008-05-23 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 20:45 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-23 20:45 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 18:00 . 2008-05-23 18:00 <REP> d-------- C:\Program Files\Avira
2008-05-23 18:00 . 2008-05-23 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-17 15:33 . 2008-05-17 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-17 15:27 . 2008-05-17 15:27 <REP> d-------- C:\Program Files\TmNationsForever
2008-05-08 11:27 . 2008-05-08 11:27 <REP> d-------- C:\Program Files\Paraben Corporation
2008-05-08 11:00 . 2008-05-08 11:00 <REP> d-------- C:\Program Files\ESTsoft
2008-05-08 11:00 . 2008-05-08 11:00 <REP> d-------- C:\Documents and Settings\Sylvain Lhuillier\Application Data\ESTsoft
2008-05-08 10:51 . 2008-05-08 10:51 <REP> d-------- C:\Program Files\7-Zip
2008-05-08 10:48 . 2008-05-08 10:48 <REP> d-------- C:\Program Files\ElcomSoft
2008-05-06 14:38 . 2008-05-06 14:38 <REP> d-------- C:\Lop SD
2008-05-05 22:12 . 2008-05-05 22:12 <REP> d-------- C:\Program Files\Navilog1
2008-05-05 12:20 . 2008-05-05 12:20 <REP> d-------- C:\_OTMoveIt
2008-05-01 06:53 . 2008-05-01 06:53 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 19:47 . 2008-04-30 20:10 2,724 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 19:46 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-30 19:46 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-30 19:46 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-30 19:46 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-30 19:46 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-04-30 19:46 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-30 19:46 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-29 13:15 . 2008-04-29 13:15 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-27 08:36 . 2008-04-27 08:36 <REP> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 17:34 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-26 17:34 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-21 16:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-06 20:58 3,014,656 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-04-04 08:25 26,017,453 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 13:13 2,949,120 ------w C:\WINDOWS\Internet Logs\xDB139.tmp
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-06 07:30 635,625 ----a-w C:\Documents and Settings\Sylvain Lhuillier\pays.zip
2006-04-04 16:41 10,833 ----a-w C:\Program Files\Uninst.isu
2005-05-06 08:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
1999-09-30 10:03 3,623 ----a-w C:\Program Files\ENGLISH.DAT
1999-09-30 10:03 267 ----a-w C:\Program Files\SCRIPT.DAT
1999-09-29 20:00 22,579 ----a-w C:\Program Files\demo00.dem
1999-09-29 11:51 1,692 ----a-w C:\Program Files\readme.txt
1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-06 15:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2005-06-09 18:12 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-18_22.31.57.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 20:25:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 09:18:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2008-01-21 16:12:58 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:30 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:54 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 13,312 2002-08-30 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 23:09:52 C:\WINDOWS\system32\ctfmon.exe

----a-w 20,480 2002-09-27 12:47:34 C:\WINDOWS\wt\updater\bak\wcmdmgrl.exe

----a-w 65,536 2003-05-01 16:44:50 C:\Program Files\Fichiers communs\Roxio Shared\System\bak\EngUtil.exe

----a-r 155,648 2003-10-14 08:22:30 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
----a-r 155,648 2003-10-14 08:22:30 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

----a-w 335,872 2004-02-24 19:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 319,488 2003-07-15 10:38:26 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\bak\RxMon.exe

----a-w 4,569,600 2003-06-17 12:24:28 C:\Program Files\Visage\PDF Printer\bak\vspdfprsrv.exe

----a-w 53,248 2002-02-04 20:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
------w 53,248 2002-02-04 20:32:10 C:\Program Files\REGSHAVE\REGSHAVE.EXE

----a-w 98,304 2006-10-21 09:30:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2007-02-16 08:54:04 C:\Program Files\QuickTime\qttask.exe

----a-w 57,393 2005-03-17 17:17:36 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe
----a-w 57,393 2005-03-17 17:17:36 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

----a-w 40,960 2005-03-17 17:30:52 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe
----a-w 40,960 2005-03-17 17:30:52 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

----a-w 49,152 2005-01-26 16:02:22 C:\Program Files\Brother\Brmfl05a\bak\BrStDvPt.exe

----a-w 933,888 2005-05-17 15:42:32 C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe

----a-w 81,920 2004-08-22 15:05:02 C:\Program Files\D-Tools\bak\daemon.exe

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48 622592]
"SetDefPrt2"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 18:31 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"1A:MacVisionTrayMonitor"="C:\Documents and Settings\Sylvain Lhuillier\Bureau\Installation\MacVision_v.8.206\TrayMonitor.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Sylvain Lhuillier\Menu D‚marrer\Programmes\D‚marrage\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 23:28:20 700416]
BibleWord.lnk - C:\Program Files\BibleWord\BibleWord.exe [2007-12-16 20:10:09 1154048]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-29 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-29 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 16:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-23 20:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 12:27 219520 C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 1999-08-04 00:00 127040 C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uyvivtv]
c:\documents and settings\sylvain lhuillier\local settings\application data\uyvivtv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voissa No Pubs]
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\Program Files\WeatherCast\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
C:\Program Files\WINSOS\WINSOS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntivirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\CreativesFiles\\Shareaza.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 06:59]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 17:46]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\.\Autorun\UBIAUTORUN.EXE .\cd2.ini

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-08 05:13:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-24 08:38:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 11:26:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
1A:MacVisionTrayMonitor = C:\Documents and Settings\Sylvain Lhuillier\Bureau\Installation\MacVision_v.8.206\TrayMonitor.exe??1?I6i???X?/?B??7??`??????????L?a?n?g?u?e?????????????????Xv??????????????????e?ltk?lt????????????????c?jtXv????????????lt????????\???H?ltp?lt????k?ltF|jtXv??????J?jt????P?jt????????t?1?(?????9~?????????? ?????l???? jtT???????t?1?? jt?????? ?????????T???@???????????H?lt? jt????? jt??;~????t?1?????????????t?1???????????????????????????9~?? ?t?1???????9~????????t?1?????*?9~????W?<~??9~??????9~??;~??????????;~???????????? ???X??????|?????????? ?t?1?N jt??;~????U?2v?W??????X???v+2v?W??????t?1??????W??????????????t?????>~??>~t?1?????t?1??w????????>~t?1?????????????P?>~????????????????????????????????????????????????????????????????????4?9~t?0??????????????7:~????????8????7:~=??[?&???????????=?[?&??(???(?????9~???~????`?????9~??9~????????x??[????????4???8???????W?<~??9~??????9~?H?[????x??[?H?[?H?[

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Temps d'accomplissement: 2008-05-24 11:26:47
ComboFix-quarantined-files.txt 2008-05-24 09:26:46
ComboFix3.txt 2008-05-12 15:42:10
ComboFix2.txt 2008-05-19 07:34:30

Pre-Run: 17,269,620,736 octets libres
Post-Run: 17,265,393,664 octets libres

217 --- E O F --- 2008-05-20 05:44:26

Réponse 47 / 61

Médéstrac

Mon ordi se porte bien. Je ne repère plus de gros problèmes bien visibles. Si je supprime des virus parfois? Non. Je ne recois aucune alerte de antivir ni rien qui ne m'encourage à supprimer quoi que ce soit. Ton travail est très efficace, merci bien!

Réponse 48 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut,

on vérifie une source,

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau :http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).
Double-cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note :
-Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
poste le rapport.

Réponse 49 / 61

Médéstrac

J'ai un petit problème avec ton fichier: quand je clique sur MSNFix.bat; je recois un message d'erreur me disant:
<<C:\MSNFix\incl\Process.exe n'est pas une application Win32 valide.>>

Réponse 50 / 61

ludsfa Messages postés 1287 Statut Membre 15

refais le mais avec ce lien:

http://sosvirus.changelog.fr/MSNFix.zip

supprime l'autre avant.

Réponse 51 / 61

ludsfa Messages postés 1287 Statut Membre 15

AS tu téléchargé d'autre crack depuis la désinfection?

Réponse 52 / 61

Médéstrac

MSNFix 1.717

C:\MSNFix
Fix exécuté le 2008-05-24 - 19:37:50.54 By Sylvain Lhuillier
mode normal

Non, ca fait un bon moment que je n'ai pas téléchargé de crack.

************************ Recherche les fichiers présents

... C:\WINDOWS\IFinst27.exe
... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\IFinst27.exe
.. OK ... C:\WINDOWS\system32\tmp.txt

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-05-24_194233.57.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Réponse 53 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut,

désactive ton antivirus

passe le script suivant avec combofix et envoie moi le rapport:

folder::
C:\Documents and Settings\Sylvain Lhuillier\Bureau\Installation\MacVision
C:\Program Files\Visage\PDF Printer\bak\vspdfprsrv.exe
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Alcohol 120\axcmd.exe
c:\documents and settings\sylvain lhuillier\local settings\application data\uyvivtv.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe

registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"=-
"SetDefPrt2"=-
"ControlCenter3"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uyvivtv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voissa No Pubs]

Réponse 54 / 61

Médéstrac

ComboFix 08-05-21.3 - Sylvain Lhuillier 2008-05-26 9:14:21.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.144 [GMT 2:00]
Endroit: C:\Documents and Settings\Sylvain Lhuillier\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sylvain Lhuillier\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Alcohol 120\axcmd.exe\
C:\Program Files\Visage\PDF Printer\bak\vspdfprsrv.exe\

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 19:35 . 2008-05-24 19:35 <REP> d-------- C:\MSNFix
2008-05-23 20:49 . 2008-05-23 20:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-23 20:45 . 2008-05-23 20:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 20:45 . 2008-05-23 20:45 <REP> d-------- C:\Documents and Settings\Sylvain Lhuillier\Application Data\Malwarebytes
2008-05-23 20:45 . 2008-05-23 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 20:45 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-23 20:45 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 18:00 . 2008-05-23 18:00 <REP> d-------- C:\Program Files\Avira
2008-05-23 18:00 . 2008-05-23 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-17 15:33 . 2008-05-17 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-17 15:27 . 2008-05-17 15:27 <REP> d-------- C:\Program Files\TmNationsForever
2008-05-08 11:27 . 2008-05-08 11:27 <REP> d-------- C:\Program Files\Paraben Corporation
2008-05-08 11:00 . 2008-05-08 11:00 <REP> d-------- C:\Program Files\ESTsoft
2008-05-08 11:00 . 2008-05-08 11:00 <REP> d-------- C:\Documents and Settings\Sylvain Lhuillier\Application Data\ESTsoft
2008-05-08 10:51 . 2008-05-08 10:51 <REP> d-------- C:\Program Files\7-Zip
2008-05-08 10:48 . 2008-05-08 10:48 <REP> d-------- C:\Program Files\ElcomSoft
2008-05-06 14:38 . 2008-05-06 14:38 <REP> d-------- C:\Lop SD
2008-05-05 22:12 . 2008-05-05 22:12 <REP> d-------- C:\Program Files\Navilog1
2008-05-05 12:20 . 2008-05-05 12:20 <REP> d-------- C:\_OTMoveIt
2008-05-01 06:53 . 2008-05-01 06:53 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 19:47 . 2008-04-30 20:10 2,724 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 19:47 . 2008-04-30 20:10 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-04-30 19:46 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-30 19:46 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-30 19:46 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-30 19:46 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-30 19:46 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-04-30 19:46 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-30 19:46 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-29 13:15 . 2008-04-29 13:15 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-27 08:36 . 2008-04-27 08:36 <REP> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 17:34 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-26 17:34 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-21 16:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-06 20:58 3,014,656 ------w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-04-04 08:25 26,017,453 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 13:13 2,949,120 ------w C:\WINDOWS\Internet Logs\xDB139.tmp
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-06 07:30 635,625 ----a-w C:\Documents and Settings\Sylvain Lhuillier\pays.zip
2006-04-04 16:41 10,833 ----a-w C:\Program Files\Uninst.isu
2005-05-06 08:24 774,144 ----a-w C:\Program Files\RngInterstitial.dll
1999-09-30 10:03 3,623 ----a-w C:\Program Files\ENGLISH.DAT
1999-09-30 10:03 267 ----a-w C:\Program Files\SCRIPT.DAT
1999-09-29 20:00 22,579 ----a-w C:\Program Files\demo00.dem
1999-09-29 11:51 1,692 ----a-w C:\Program Files\readme.txt
1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
2006-05-06 15:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2005-06-09 18:12 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-05-03 08:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 09:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-18_22.31.57.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 20:25:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-26 07:05:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2008-01-21 16:12:58 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:30 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:54 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 13,312 2002-08-30 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 23:09:52 C:\WINDOWS\system32\ctfmon.exe

----a-w 20,480 2002-09-27 12:47:34 C:\WINDOWS\wt\updater\bak\wcmdmgrl.exe

----a-w 65,536 2003-05-01 16:44:50 C:\Program Files\Fichiers communs\Roxio Shared\System\bak\EngUtil.exe

----a-r 155,648 2003-10-14 08:22:30 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
----a-r 155,648 2003-10-14 08:22:30 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

----a-w 335,872 2004-02-24 19:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 319,488 2003-07-15 10:38:26 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\bak\RxMon.exe

----a-w 4,569,600 2003-06-17 12:24:28 C:\Program Files\Visage\PDF Printer\bak\vspdfprsrv.exe

----a-w 53,248 2002-02-04 20:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
------w 53,248 2002-02-04 20:32:10 C:\Program Files\REGSHAVE\REGSHAVE.EXE

----a-w 98,304 2006-10-21 09:30:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2007-02-16 08:54:04 C:\Program Files\QuickTime\qttask.exe

----a-w 57,393 2005-03-17 17:17:36 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe
----a-w 57,393 2005-03-17 17:17:36 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

----a-w 40,960 2005-03-17 17:30:52 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe
----a-w 40,960 2005-03-17 17:30:52 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

----a-w 49,152 2005-01-26 16:02:22 C:\Program Files\Brother\Brmfl05a\bak\BrStDvPt.exe

----a-w 933,888 2005-05-17 15:42:32 C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe

----a-w 81,920 2004-08-22 15:05:02 C:\Program Files\D-Tools\bak\daemon.exe

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-08-23 13:37 1602560]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-04-15 08:31 1291264]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Sylvain Lhuillier\OctoshapeClient.exe" [2006-02-13 18:33 214648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-21 18:31 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"1A:MacVisionTrayMonitor"="C:\Documents and Settings\Sylvain Lhuillier\Bureau\Installation\MacVision_v.8.206\TrayMonitor.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Sylvain Lhuillier\Menu D‚marrer\Programmes\D‚marrage\
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 23:28:20 700416]
BibleWord.lnk - C:\Program Files\BibleWord\BibleWord.exe [2007-12-16 20:10:09 1154048]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-29 51984]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-29 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 16:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-23 20:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 12:27 219520 C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 1999-08-04 00:00 127040 C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uyvivtv]
c:\documents and settings\sylvain lhuillier\local settings\application data\uyvivtv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voissa No Pubs]
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\Program Files\WeatherCast\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
C:\Program Files\WINSOS\WINSOS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\CreativesFiles\\Shareaza.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 06:59]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 17:46]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f9b0bc-293a-11dc-a3e0-000c76b78220}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-08 05:13:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-25 20:38:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 09:17:53
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
1A:MacVisionTrayMonitor = C:\Documents and Settings\Sylvain Lhuillier\Bureau\Installation\MacVision_v.8.206\TrayMonitor.exe??1?I6i???X?/?B??7??`??????????L?a?n?g?u?e?????????????????Xv??????????????????e?ltk?lt????????????????c?jtXv????????????lt????????\???H?ltp?lt????k?ltF|jtXv??????J?jt????P?jt????????t?1?(?????9~?????????? ?????l???? jtT???????t?1?? jt?????? ?????????T???@???????????H?lt? jt????? jt??;~????t?1?????????????t?1???????????????????????????9~?? ?t?1???????9~????????t?1?????*?9~????W?<~??9~??????9~??;~??????????;~???????????? ???X??????|?????????? ?t?1?N jt??;~????U?2v?W??????X???v+2v?W??????t?1??????W??????????????t?????>~??>~t?1?????t?1??w????????>~t?1?????????????P?>~????????????????????????????????????????????????????????????????????4?9~t?0??????????????7:~????????8????7:~=??[?&???????????=?[?&??(???(?????9~???~????`?????9~??9~????????x??[????????4???8???????W?<~??9~??????9~?H?[????x??[?H?[?H?[

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Temps d'accomplissement: 2008-05-26 9:19:53
ComboFix-quarantined-files.txt 2008-05-26 07:19:50
ComboFix4.txt 2008-05-12 15:42:10
ComboFix3.txt 2008-05-19 07:34:30
ComboFix2.txt 2008-05-24 09:26:50

Pre-Run: 16,503,865,344 octets libres
Post-Run: 16,501,637,120 octets libres

224 --- E O F --- 2008-05-20 05:44:26

Réponse 55 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut,

peux tu me faire un nouvel hijackthis stp.

Réponse 56 / 61

Médéstrac

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32, on 2008-05-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Octoshape Streaming Services\Sylvain Lhuillier\OctoshapeClient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [1A:MacVisionTrayMonitor] C:\Documents and Settings\Sylvain Lhuillier\Bureau\Installation\MacVision_v.8.206\TrayMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Sylvain Lhuillier\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Startup: BibleWord.lnk = ?
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Réponse 57 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut médéstrac,

Comment va ton PC?

Télécharge ToolsCleaner sur ton bureau.

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

* Clique sur Recherche et laisse le scan agir ...
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Réponse 58 / 61

Médéstrac

Il va très bien merci.

-->- Recherche:

C:\Lop SD: trouvé !
C:\MsnFix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Menu Démarrer\Programmes\Lop S&D: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Recent\MSNFix.lnk: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Antivirus\HijackThis.lnk: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Antivirus\Lop S&D.lnk: trouvé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Antivirus\Navilog1.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Downloads\Clean.zip: trouvé !
C:\Downloads\Software\LopSD.exe: trouvé !
C:\Downloads\Software\OtMoveIt2.exe: trouvé !
C:\Downloads\Software\Navilog1.exe: trouvé !
C:\Downloads\Software\vundoFix.exe: trouvé !
C:\Downloads\Software\HJTInstall.exe: trouvé !
C:\Downloads\Software\SmitFraudfix: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Recent\MSNFix.lnk: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Antivirus\HijackThis.lnk: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Antivirus\Lop S&D.lnk: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Bureau\logiciels\Antivirus\Navilog1.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Downloads\Clean.zip: supprimé !
C:\Downloads\Software\LopSD.exe: supprimé !
C:\Downloads\Software\OtMoveIt2.exe: supprimé !
C:\Downloads\Software\Navilog1.exe: supprimé !
C:\Downloads\Software\vundoFix.exe: supprimé !
C:\Downloads\Software\HJTInstall.exe: supprimé !
C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Lop SD: supprimé !
C:\MsnFix: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Sylvain Lhuillier\Menu Démarrer\Programmes\Lop S&D: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\Downloads\Software\SmitFraudfix: supprimé !

Corbeille vidée!

Réponse 59 / 61

ludsfa Messages postés 1287 Statut Membre 15

salut médéstrac.

et bien on à finit.

voici un lien qui pourra te servir jette y un œil avant de télécharger un logiciel.

http://www.infos-du-net.com/forum/272222-7-logiciels-eviter

bon surf à toi .

tu peux désormais fermer ton topic.

Réponse 60 / 61

Médéstrac

OK et bien merci bien pour toute ton aide.

System performance monitor: warning ???

61 réponses

Votre réponse

Discussions similaires

Newsletters