Mon pc est trés trés lent. - Page 2

Résolu
Précédent
  • 1
  • 2
  1. lili79 Messages postés 131 Statut Membre 5
     
    Bonjour,
    Je suis en mode sans échec, comme demandé, et quand je clic sur l'icône de malwarebyte s anti malware
    rien ne se lance,et j'ai ce message d'erreur.
    @+lili79
    0
  2. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, bizarre ...

    Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt, poste le stp

    ++
    0
  3. lili79 Messages postés 131 Statut Membre 5
     
    Voici le rapport:

    ComboFix 08-05-01.1 - Gilles 2008-05-05 19:55:09.3 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Gilles\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\awtuRkHy.dll
    C:\WINDOWS\system32\geBspmjK.dll
    C:\WINDOWS\system32\KjmpsBeg.ini
    C:\WINDOWS\system32\KjmpsBeg.ini2
    C:\WINDOWS\system32\nnnnOEtS.dll
    C:\WINDOWS\system32\xxyWqQig.dll
    C:\WINDOWS\system32\yayxuvSK.dll
    C:\WINDOWS\system32\yayxxYoN.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-05 to 2008-05-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-05 18:31 . 2008-05-05 18:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-05 18:31 . 2008-05-05 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-04 21:50 . 2008-05-04 21:50 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\Malwarebytes
    2008-05-04 13:00 . 2008-05-04 20:46 <REP> d-------- C:\Program Files\Lopxp
    2008-05-04 12:44 . 2008-05-04 12:44 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-05-02 19:09 . 2008-05-04 00:15 <REP> d-------- C:\Program Files\Navilog1
    2008-05-02 16:30 . 2008-05-02 16:30 <REP> d-------- C:\WINDOWS\ERUNT
    2008-05-02 14:16 . 2008-05-02 14:16 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-05-01 15:10 . 2008-05-01 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-30 23:20 . 2008-05-01 15:10 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-30 23:20 . 2008-05-01 15:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-28 23:03 . 2008-04-28 23:03 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-28 22:21 . 2008-04-28 22:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-28 22:21 . 2008-04-28 22:21 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-28 20:40 . 2008-04-28 22:08 <REP> d-------- C:\Program Files\RegCleaner
    2008-04-28 20:38 . 2008-04-28 20:38 <REP> d-------- C:\Program Files\CCleaner
    2008-04-20 10:10 . 2008-04-20 10:10 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\AstroMenace
    2008-04-16 09:57 . 2008-04-16 09:57 <REP> d-------- C:\Program Files\Windows Live
    2008-04-16 09:57 . 2008-04-16 09:57 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-16 09:56 . 2008-04-16 09:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-10 20:19 . 2008-04-10 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Awem
    2008-04-08 22:10 . 2008-04-20 10:29 <REP> d-------- C:\Program Files\Pogo FR
    2008-04-08 18:27 . 2008-05-01 17:06 <REP> d-------- C:\Program Files\Bass Tournament Tycoon
    2008-04-07 18:52 . 2008-04-07 18:58 <REP> d-------- C:\Program Files\MumboJumbo

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-05 16:25 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-05-05 16:23 --------- d-----w C:\Program Files\Symantec
    2008-05-05 16:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-05-05 16:22 --------- d-----w C:\Program Files\Club-Internet
    2008-05-05 16:06 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-05-05 16:05 --------- d-----w C:\Program Files\Yahoo!
    2008-05-05 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-04 10:41 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-05-04 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-01 16:00 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
    2008-05-01 15:10 --------- d-----w C:\Program Files\GameHouse
    2008-05-01 15:06 --------- d-----w C:\Program Files\PopCap Games
    2008-05-01 15:06 --------- d-----w C:\Program Files\AV Vcs 4.0 DIAMOND
    2008-05-01 07:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-28 18:45 --------- d-----w C:\Program Files\Google
    2008-04-21 22:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-16 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-15 06:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-14 22:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-11 20:56 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Zylom
    2008-04-05 22:31 --------- d-----w C:\Documents and Settings\Gilles\Application Data\LimeWire
    2008-04-05 21:58 --------- d-----w C:\Program Files\eMule
    2008-04-03 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
    2008-04-02 11:31 --------- d-----w C:\Program Files\AskTBar
    2008-03-31 21:07 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-27 13:53 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-03-22 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-12 20:33 --------- d-----w C:\Documents and Settings\Vivi\Application Data\VadeRetro
    2008-03-12 14:01 --------- d-----w C:\Documents and Settings\Vivi\Application Data\Nero
    2008-03-11 19:03 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Nero
    2008-03-11 19:00 --------- d-----w C:\Program Files\Nero
    2008-03-11 18:42 --------- d-----w C:\Program Files\NewTech Infosystems
    2008-03-11 18:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-03-09 13:00 --------- d-----w C:\Documents and Settings\Vivi\Application Data\vlc
    2008-03-06 21:02 --------- d-----w C:\Documents and Settings\Gilles\Application Data\vlc
    2008-03-06 20:59 --------- d-----w C:\Program Files\VideoLAN
    2008-03-06 20:55 --------- d-----w C:\Program Files\JCA2000
    2008-03-06 20:48 --------- d-----w C:\Program Files\Winsos
    2008-03-06 20:47 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-06 20:40 --------- d-----w C:\Documents and Settings\Gilles\Application Data\VadeRetro
    2008-03-06 20:39 --------- d-----w C:\Program Files\Goto Software
    2008-03-06 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\VadeRetro
    2008-03-06 20:00 --------- d-----w C:\Program Files\Maxis
    2008-03-05 23:25 --------- d-----w C:\Documents and Settings\Vivi\Application Data\Skype
    2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2007-10-08 17:07 57,184 ----a-w C:\Documents and Settings\Gilles\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-06 09:21 14 ----a-w C:\Documents and Settings\Gilles\getfile.dat
    2007-04-05 09:12 14 ----a-w C:\Documents and Settings\Vivi\getfile.dat
    .

    ------- Sigcheck -------

    Cryptography Services Error !!
    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-02_12.08.04.98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spmsg.dll
    + 2005-10-12 23:15:24 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spmsg.dll
    - 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spuninst.exe
    + 2005-10-12 23:15:24 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spuninst.exe
    - 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\spcustom.dll
    + 2005-10-12 23:15:24 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\spcustom.dll
    - 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
    + 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
    - 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\updspapi.dll
    + 2005-10-12 23:15:44 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\updspapi.dll
    - 2008-05-02 10:02:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-05 17:58:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-29 03:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-05-02 14:30:58 8,003,584 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-05-02 14:30:58 118,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-04-29 03:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-05-02 14:30:57 8,003,584 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-05-02 14:30:57 118,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-02-18 14:21:08 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
    + 2008-02-18 14:21:08 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
    + 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
    + 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
    + 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
    + 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
    + 2006-12-19 07:30:26 81,920 ----a-w C:\WINDOWS\system32\IoctlSvc.exe
    + 2008-02-18 14:04:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    - 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
    + 2005-10-12 23:15:24 15,072 ------w C:\WINDOWS\system32\spmsg.dll
    + 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
    + 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
    + 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
    + 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
    "Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 12:59 44544]
    "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 17:46 295936]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
    "Spyware-Secure"="C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-08 16:33 282624]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 18:53 131072]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-05 05:00 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk
    backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gilles^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk.disabled]
    path=C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk.disabled
    backup=C:\WINDOWS\pss\Adobe Gamma.lnk.disabledStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gilles^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
    path=C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
    backup=C:\WINDOWS\pss\Club Internet.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Gilles^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk.disabled]
    path=C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk.disabled
    backup=C:\WINDOWS\pss\Club Internet.lnk.disabledStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-09-19 21:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    "SurfSideKick 3"=C:\Program Files\SurfSideKick 3\Ssk.exe
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "PECarlin"="C:\Program Files\PECarlin\PECarlin.exe"
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    "Livecom"="C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    "Error Safe"="C:\Program Files\Error Safe Free\ers.exe" /scan
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    "AXVenore"="C:\Program Files\AXVenore\AXVenore.exe"
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    "MsnMsgr"=~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    "SurfSideKick 3"=C:\Program Files\SurfSideKick 3\Ssk.exe
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    "nwiz"=nwiz.exe /install
    "NWEReboot"=
    "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    "EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    "AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    "<NO NAME>"=
    "vmtalk"=C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    "LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    "MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
    "LaunchApp"=Alaunch
    "eRecoveryService"=C:\Program Files\Acer\eRecovery\Monitor.exe
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
    "BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1663:UDP"= 1663:UDP:Windows Media Format SDK (iexplore.exe)
    "1662:UDP"= 1662:UDP:Windows Media Format SDK (iexplore.exe)
    "1704:UDP"= 1704:UDP:Windows Media Format SDK (iexplore.exe)

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-06 17:13:42 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-05 19:59:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 114

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-05 20:02:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-05 18:02:53
    ComboFix2.txt 2008-05-02 12:23:20

    Pre-Run: 56,474,836,992 octets libres
    Post-Run: 57,207,164,928 octets libres

    261 --- E O F --- 2008-04-13 17:58:02
    @+ lili79
    0
  4. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    supprime ces fichiers en gras, ainsi que les programmes du même nom !

    C:\Program Files\AXVenore
    C:\Program Files\SurfSideKick 3
    C:\Program Files\Macrogaming
    C:\Program Files\Error Safe Free
    C:\Program Files\PECarlin

    ensuite essaye à nouveau malwarebyte

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lili79 Messages postés 131 Statut Membre 5
     
    bonjour,
    Je n'ai trouvé qu'un seul programes cités :Macrogaming

    C:\Program Files\AXVenore
    C:\Program Files\SurfSideKick 3
    C:\Program Files\Macrogaming
    C:\Program Files\Error Safe Free
    C:\Program Files\PECarlin
    J'ai quand même tenté de relancer malwarebyte s anti malware
    et la même résultat, même code d'erreur.
    @+ lili79
    0
  7. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ok,

    télécharge OTMoveIt (de Old_Timer) sur ton Bureau :
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    C:\Program Files\AXVenore
    C:\Program Files\SurfSideKick 3
    C:\Program Files\Macrogaming
    C:\Program Files\Error Safe Free
    C:\Program Files\PECarlin


    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en gras ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    il te sera peut-être demander de redémarrer le pc pour achever la suppression.
    si c'est le cas accepte par Yes.

    ++
    0
  8. lili79 Messages postés 131 Statut Membre 5
     
    voici le rapport:

    File/Folder C:\Program Files\AXVenore not found.
    File/Folder C:\Program Files\SurfSideKick 3 not found.
    File/Folder C:\Program Files\Macrogaming not found.
    File/Folder C:\Program Files\Error Safe Free not found.
    File/Folder C:\Program Files\PECarlin not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05052008_212755

    ++lili79
    0
  9. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, fais ce qui est indiqué ici stp :

    http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

    ++
    0
  10. lili79 Messages postés 131 Statut Membre 5
     
    Bonjour, green day?
    Voici les rapports:
    dans l'ordre.
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 07:40:46 06/05/2008

    + Résultat de l'analyse:

    Rien à signaler.

    Fin du rapport

    BitDefender Online Scanner

    Scan report generated at: Tue, May 06, 2008 - 08:51:51

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

    Statistics

    Time
    01:05:47

    Files
    349902

    Folders
    10709

    Boot Sectors
    4

    Archives
    8500

    Packed Files
    23634

    Results

    Identified Viruses
    9

    Infected Files
    42

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    42

    Engines Info

    Virus Definitions
    1189793

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    16

    Archive plugins
    42

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    5

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\Documents and Settings\Gilles\Bureau\matos visio\SpywareSecure_trial_setup.exe=>(NSIS 2o)=>lzma_solid_nsis0007
    Detected with: Adware.SpywareSecure.D

    C:\Documents and Settings\Gilles\Bureau\matos visio\SpywareSecure_trial_setup.exe=>(NSIS 2o)=>lzma_solid_nsis0007
    Deleted

    C:\Documents and Settings\Gilles\Bureau\matos visio\SpywareSecure_trial_setup.exe=>(NSIS 2o)
    Update failed

    C:\Documents and Settings\Gilles\Bureau\Nero_8_SETUP.exe
    Infected with: Trojan.MulDrop.PYY

    C:\Documents and Settings\Gilles\Bureau\Nero_8_SETUP.exe
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
    Detected with: Adware.Navipromo.BYH

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002
    Detected with: Adware.Navipromo.BYH

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)
    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\%%%%%.exe.vir
    Infected with: Packer.Malware.NaN.A

    C:\QooBox\Quarantine\C\WINDOWS\system32\%%%%%.exe.vir
    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\%%%%%.exe.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\awtuRkHy.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\awtuRkHy.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\BattyRun.dll.vir
    Detected with: Adware.Batty.A

    C:\QooBox\Quarantine\C\WINDOWS\system32\BattyRun.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\byXPGwWN.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\byXPGwWN.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\khfGwTME.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\khfGwTME.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\ljJCvSki.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\ljJCvSki.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnOEtS.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnOEtS.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\opnkkifF.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\opnkkifF.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\opnnonMg.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\opnnonMg.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkHxUk.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkHxUk.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyWqQig.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyWqQig.dll.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\yayxxYoN.dll.vir
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\C\WINDOWS\system32\yayxxYoN.dll.vir
    Deleted

    C:\QooBox\Quarantine\catchme2008-05-05_195755,34.zip=>yayxuvSK.dll
    Infected with: Trojan.Vundo.EGG

    C:\QooBox\Quarantine\catchme2008-05-05_195755,34.zip=>yayxuvSK.dll
    Deleted

    C:\QooBox\Quarantine\catchme2008-05-05_195755,34.zip
    Updated

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP567\A0093878.exe=>(NSIS o)=>lzma_solid_nsis0002
    Detected with: Adware.Navipromo.BZL

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP567\A0093878.exe=>(NSIS o)=>lzma_solid_nsis0002
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP567\A0093878.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP584\A0102826.exe
    Detected with: Adware.Gamespyarcade.F

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP584\A0102826.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104288.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104288.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104290.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104290.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104293.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104293.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104294.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104294.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104295.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104295.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104297.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104297.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113406.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113406.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113428.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113428.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113430.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113430.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113431.exe
    Detected with: Adware.Trymedia.DAO

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113431.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123170.dll
    Detected with: Adware.Batty.A

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123170.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123172.exe
    Infected with: Packer.Malware.NaN.A

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123172.exe
    Disinfection failed

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123172.exe
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123175.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123175.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123176.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123176.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123177.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123177.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123178.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123178.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123179.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123179.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123180.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123180.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125246.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125246.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125247.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125247.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125248.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125248.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125249.dll
    Infected with: Trojan.Vundo.EGG

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125249.dll
    Deleted

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125855.exe
    Infected with: Trojan.MulDrop.PYY

    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125855.exe
    Deleted

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:53:19, on 06/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anti-Pub.lnk.disabled
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: yayxuvSK - C:\WINDOWS\
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O24 - Desktop Component 0: (no name) - https://www.microsoft.com/fr-fr/windows
    O24 - Desktop Component 1: (no name) - http://static.hugedomains.com/images/logo_huge_domains.gif
    O24 - Desktop Component 2: (no name) - http://vcheck.emule-project.net/en/templates/Appalachia/images/cellpic3.gif
    0
  11. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    dis moi où en sont tes soucis à présent ?

    ++
    0
  12. lili79 Messages postés 131 Statut Membre 5
     
    cela a l'air de marcher
    ques-ce que ca a donné , la lecture des rapports de ce matin?
    Il y a quelques choses qui me chiffone néanmoins, le fait que plus j'enléve des virus ou autre saloperies,j'ai
    l'impression que plus y'en a.
    Je rêve ou quoi?
    Merci des réponses.
    @+ lili79
    0
  13. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    il y en a pas plus, tes symptômes étaient "l'arbre qui cachait la forêt" !

    petite vérif :

    Télécharge SDFix sur ton bureau

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    Redémarre ton ordinateur en mode sans échec
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.
    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    ++
    0
  14. lili79 Messages postés 131 Statut Membre 5
     
    Bonjour ,
    Je n'ai pas dand le dossier sdfix, le fichier: RunThis.cmd
    Que faire?
    Merci @+ lili79
    0
  15. lili79 Messages postés 131 Statut Membre 5
     
    voici j'espère the last report:

    [b]SDFix: Version 1.180 [/b]
    Run by Gilles on 06/05/2008 at 19:26

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\Gilles\Bureau\SDFIXF~1\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-06 19:48:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 114

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
    "C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
    "C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
    "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\Gilles\Bureau\SDFIXF~1\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Thu 23 Jun 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Mon 1 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    [b]Finished![/b]

    Néanmoins, quels sont les consignes, à suivre, pour ne plus avoir et éviter touts ces désagréments?
    Merci et plus encore pour tout
    @+ lili79
    0
  16. lili79 Messages postés 131 Statut Membre 5
     
    tout est bien qui fini bien.
    Encore mille mercis à Greenday pour son aide précieuse, voire sa précieuse aide.
    (je vais signer le manifeste)
    @+lili79
    0
  17. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    très bien,

    Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    O20 - Winlogon Notify: yayxuvSK - C:\WINDOWS\

    Ensuite, installe un antivirus et un parefeu !

    voir ici pour les recommandation en sécurité !

    http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet

    https://sebsauvage.net/safehex.html

    @+
    0
Précédent
  • 1
  • 2