Desinfection échouee

Résolu
hmr81 Messages postés 25 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je viens d installer l antivirus Avira (j ai suivi les opignons positives a propos de ce logiciel).le problème c'est que il n arrive pas a desinfecter mon ordinateur d un certain trojan "TR vundo gen".je fais regulierement le scan de mon système et a chaque fois il le détecte,je le mets en quarantine pour qu il soit elimine apres le redemarage ,en vain.a part les messages d alerte frequentes me signalant ce trojan ,je coche refuser l acces ou mettre en quarantaine mais le message se repete .je ne sais pas quoi faire d autre . on dit ici que c un antivirus fiable ...

merci de me repondre
a +
Configuration: Windows XP
Firefox 2.0.0.7

10 réponses

  1. dou-l Messages postés 2871 Statut Membre 61
     
    slt

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    1
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    dommage que tu n'ai pas coller un rapport antivir dans ton post!

    _____________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    _______________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    ______________________
    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    ______________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "Killvund". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    1
    1. hmr81 Messages postés 25 Statut Membre
       
      Slt

      voici le rapport apres le scan de hijack:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:07:01, on 07/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\VIDAL\Communs\VIDAL.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
      R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {3432B41E-A143-49B9-964C-66C02D844C49} - C:\WINDOWS\system32\iifdcYSL.dll (file missing)
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {96DC3D11-8D8A-4D63-962D-66B4E5B45367} - C:\WINDOWS\system32\awttrPGv.dll (file missing)
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\pmnnLdCS.dll
      O2 - BHO: {4a5e2f46-f56e-9899-d054-462a1365278b} - {b8725631-a264-450d-9989-e65f64f2e5a4} - C:\WINDOWS\system32\pmllxhnx.dll (file missing)
      O2 - BHO: (no name) - {E5E29CD7-557C-45D8-B4DC-4245D3275917} - C:\WINDOWS\system32\opnklkHy.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
      O3 - Toolbar: qvdntlmw - {14108D7F-3AF9-436C-863C-8AD8921BDF02} - C:\WINDOWS\qvdntlmw.dll (file missing)
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
      O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSpyControl\ptask.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Administrateur.STANDARD.000\lsass.exe
      O4 - HKLM\..\Run: [6c2b927b] rundll32.exe "C:\WINDOWS\system32\aukifhrw.dll",b
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" /autorun
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Movies Extractor Scout - {009956DD-9AEA-458F-946A-2C9564E23205} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer = 192.168.2.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: pmnnLdCS - C:\WINDOWS\SYSTEM32\pmnnLdCS.dll
      O21 - SSODL: ComponentVolume - {3e9cda6f-5443-4727-8c98-4234e7f6db42} - C:\WINDOWS\Installer\{3e9cda6f-5443-4727-8c98-4234e7f6db42}\ComponentVolume.dll (file missing)
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
      O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\pmllxhnx.dll
    C:\WINDOWS\system32\iifdcYSL.dll
    C:\WINDOWS\qvdntlmw.dll
    C:\WINDOWS\system32\awttrPGv.dll
    C:\WINDOWS\system32\opnklkHy.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3432B41E-A143-49B9-964C-66C02D844C49}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DC3D11-8D8A-4D63-962D-66B4E5B45367}]
    -[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5E29CD7-557C-45D8-B4DC-4245D3275917}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{14108D7F-3AF9-436C-863C-8AD8921BDF02}"=-
    [HKEY_CLASSES_ROOT\clsid\{14108d7f-3af9-436c-863c-8ad8921bdf02}]
    [HKEY_CLASSES_ROOT\qvdntlmw.1]
    [HKEY_CLASSES_ROOT\qvdntlmw]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis et dis tes soucis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    1
    1. hmr81 Messages postés 25 Statut Membre
       
      Bonjour
      voici d abord le rapport de combofix et au dessous le rapport de hijackthis:


      ComboFix 08-05-07.1 - Administrateur 2008-05-08 14:43:42.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.825 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\killvund.exe
      Command switches used :: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\qvdntlmw.dll
      C:\WINDOWS\system32\awttrPGv.dll
      C:\WINDOWS\system32\iifdcYSL.dll
      C:\WINDOWS\system32\opnklkHy.dll
      C:\WINDOWS\system32\pmllxhnx.dll
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-08 00:51 . 2008-05-08 14:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
      2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
      2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
      2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
      2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
      2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
      2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
      2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
      2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
      2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
      2008-05-03 23:35 . 2008-05-08 01:53 <REP> d-------- C:\WINDOWS\system32\bkEur18
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
      2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
      2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
      2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
      2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage réseau
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
      2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\Modèles
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu Démarrer
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
      2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
      2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
      2008-04-22 04:16 . 2008-05-08 14:43 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
      2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-08 02:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
      2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
      2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
      2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
      2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
      2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
      2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
      2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
      2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
      2008-03-26 23:53 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited
      2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
      2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
      2008-03-25 19:02 --------- d-----w C:\Program Files\Java
      2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
      2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
      2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
      2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
      2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
      2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
      2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
      2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
      2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
      2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
      2008-03-08 18:27 --------- d-----w C:\Program Files\Cisco Systems
      2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.06.36.76 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-07 22:57:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-08 12:01:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      - 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
      C:\WINDOWS\system32\pmllxhnx.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "MalWarrior"="C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
      "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
      "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
      "bm"="C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" [ ]
      "ptask"="C:\Program Files\WinSpyControl\ptask.exe" [ ]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
      "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
      "6c2b927b"="C:\WINDOWS\system32\aukifhrw.dll" [ ]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
      "vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

      C:\Documents and Settings\Administrateur.STANDARD\Menu D‚marrer\Programmes\D‚marrage\
      QuickShelf.lnk - C:\Program Files\Microsoft R‚f‚rence\Bibliorom\QS96F.EXE [1996-01-31 152064]

      C:\Documents and Settings\Administrateur.STANDARD.000\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 18:22:30 479232]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 19:34:05 125624]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLogOff"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
      Source= file:///C:\WINDOWS\privacy_danger\index.htm
      FriendlyName= Privacy Protection

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Ares\\Ares.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
      S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
      S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
      S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
      S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
      \Shell\Auto\command - F:\printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
      \Shell\Auto\command - F:\setup.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
      \Shell\Auto\command - printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
      \Shell\AutoRun\command - EXPLORER.EXE
      \Shell\explore\Command - EXPLORER.EXE
      \Shell\open\Command - EXPLORER.EXE

      *Newly Created Service* - CATCHME
      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-08 14:46:33
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...


      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-08 14:50:07
      ComboFix-quarantined-files.txt 2008-05-08 12:49:00
      ComboFix2.txt 2008-05-07 23:07:23

      Pre-Run: 7,428,075,520 octets libres
      Post-Run: 7,415,410,688 octets libres

      211 --- E O F --- 2008-03-24 14:20:30


      maintenant le rapport de hijackthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:25:17, on 08/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\VIDAL\Communs\VIDAL.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
      R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O2 - BHO: {4a5e2f46-f56e-9899-d054-462a1365278b} - {b8725631-a264-450d-9989-e65f64f2e5a4} - C:\WINDOWS\system32\pmllxhnx.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
      O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSpyControl\ptask.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [6c2b927b] rundll32.exe "C:\WINDOWS\system32\aukifhrw.dll",b
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" /autorun
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Movies Extractor Scout - {009956DD-9AEA-458F-946A-2C9564E23205} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer = 192.168.2.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: ComponentVolume - {3e9cda6f-5443-4727-8c98-4234e7f6db42} - (no file)
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
      0
    2. hmr81 Messages postés 25 Statut Membre
       
      Le rapport de nettoyage de malwarebyte's:

      Malwarebytes' Anti-Malware 1.12
      Version de la base de données: 731

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 96333
      Temps écoulé: 1 hour(s), 24 minute(s), 17 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 18
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 8
      Fichier(s) infecté(s): 6

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{d1fcf9f3-4cf9-420c-8718-937352d780a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\qvdntlmw.bsvk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{14108d7f-3af9-436c-863c-8ad8921bdf02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{73ee9610-ad41-4f65-8a9a-c283f6a652f3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c9b36848-a808-469f-b8b5-2a2d3d541f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{13c5e854-911c-4d90-9fe3-8be6d093ca7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{99553917-bf6b-4cdc-8edf-3cd5aa1fdfb8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d9be845e-e284-4f5f-8673-2165762e4f24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarrior 2007_is1 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\qvdntlmw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\WinSpyControl\AVQuar (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\threats.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.

      pour le rapport de hijack this j ai oublie de le sauvgarder ( c bete) mais j ai suivi les etapes que tu m as indiqué avec ce programme.
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    ok

    tu as MalWarrior 2007 et winSpyControl qui sont des roques (espions! ) ne pas les utiliser!!!

    ______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)
    R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
    R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

    O2 - BHO: {4a5e2f46-f56e-9899-d054-462a1365278b} - {b8725631-a264-450d-9989-e65f64f2e5a4} - C:\WINDOWS\system32\pmllxhnx.dll (file missing)
    O3 - Toolbar: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)

    O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
    O3 - Toolbar: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [6c2b927b] rundll32.exe "C:\WINDOWS\system32\aukifhrw.dll",b
    O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" /autorun
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O21 - SSODL: ComponentVolume - {3e9cda6f-5443-4727-8c98-4234e7f6db42} - (no file)
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    __________________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

    3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    _________________
    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe
    C:\WINDOWS\system32\aukifhrw.dll
    C:\WINDOWS\system32\pmllxhnx.dll
    C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MalWarrior"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "6c2b927b"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _______________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ______________________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    _____________________

    Remets aussi un rapport Hijackthis et dis tes soucis
    1
    1. hmr81 Messages postés 25 Statut Membre
       
      Slt

      voici le rapport de scan de fraud fix ,apres le rapport de neittoyage.

      SmitFraudFix v2.320

      Rapport fait à 23:46:25,14, 08/05/2008
      Executé à partir de C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\VIDAL\Communs\VIDAL.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.STANDARD.000


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.STANDARD.000\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.000\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau


      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Carte Accton EN1207D-TX PCI Fast Ethernet - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.0.1

      Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.2.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin


      le rapport de desinfection de fraudfix

      SmitFraudFix v2.320

      Rapport fait à 0:02:57,56, 09/05/2008
      Executé à partir de C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer=192.168.0.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer=192.168.2.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
    2. hmr81 Messages postés 25 Statut Membre
       
      apres ,le nouveau rapport de combofix :
      ComboFix 08-05-08.1 - Administrateur 2008-05-09 0:24:28.3 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.754 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe
      C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" dm=http://winspycontrol.com ad=http://winspycontrol.com sd=http://ykeeper.winspycontrol.com
      C:\WINDOWS\system32\aukifhrw.dll
      C:\WINDOWS\system32\pmllxhnx.dll
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-08 23:46 . 2008-05-09 00:03 2,618 --a------ C:\WINDOWS\system32\tmp.reg
      2008-05-08 15:24 . 2008-05-08 15:24 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-08 00:51 . 2008-05-09 00:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
      2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
      2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
      2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
      2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
      2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
      2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
      2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
      2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
      2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
      2008-05-03 23:35 . 2008-05-08 01:53 <REP> d-------- C:\WINDOWS\system32\bkEur18
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
      2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
      2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
      2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
      2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage réseau
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
      2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\Modèles
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu Démarrer
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
      2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
      2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
      2008-04-22 04:16 . 2008-05-09 00:24 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
      2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-08 02:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
      2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
      2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
      2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
      2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
      2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
      2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
      2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
      2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
      2008-03-26 23:53 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited
      2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
      2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
      2008-03-25 19:02 --------- d-----w C:\Program Files\Java
      2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
      2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
      2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
      2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
      2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
      2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
      2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
      2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
      2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
      2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
      2008-03-08 18:27 --------- d-----w C:\Program Files\Cisco Systems
      2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.06.36.76 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-07 22:57:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-08 22:13:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      - 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
      "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
      "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
      "ptask"="C:\Program Files\WinSpyControl\ptask.exe" [ ]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
      "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
      "vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

      C:\Documents and Settings\Administrateur.STANDARD\Menu D‚marrer\Programmes\D‚marrage\
      QuickShelf.lnk - C:\Program Files\Microsoft R‚f‚rence\Bibliorom\QS96F.EXE [1996-01-31 152064]

      C:\Documents and Settings\Administrateur.STANDARD.000\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 18:22:30 479232]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 19:34:05 125624]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLogOff"= 1 (0x1)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Ares\\Ares.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
      S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
      S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
      S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
      S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
      \Shell\Auto\command - F:\printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
      \Shell\Auto\command - F:\setup.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
      \Shell\Auto\command - printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
      \Shell\AutoRun\command - EXPLORER.EXE
      \Shell\explore\Command - EXPLORER.EXE
      \Shell\open\Command - EXPLORER.EXE

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-09 00:27:05
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...


      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-09 0:30:41
      ComboFix-quarantined-files.txt 2008-05-08 22:29:32
      ComboFix2.txt 2008-05-07 23:07:23

      Pre-Run: 7,347,970,048 octets libres
      Post-Run: 7,336,398,848 octets libres

      200 --- E O F --- 2008-03-24 14:20:30
      0
    3. hmr81 Messages postés 25 Statut Membre
       
      Le rapport de malwarebyte's:

      Malwarebytes' Anti-Malware 1.12
      Version de la base de données: 731

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 96333
      Temps écoulé: 1 hour(s), 24 minute(s), 17 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 18
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 8
      Fichier(s) infecté(s): 6

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{d1fcf9f3-4cf9-420c-8718-937352d780a7} (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\qvdntlmw.bsvk (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{14108d7f-3af9-436c-863c-8ad8921bdf02} (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{73ee9610-ad41-4f65-8a9a-c283f6a652f3} (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{c9b36848-a808-469f-b8b5-2a2d3d541f87} (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{13c5e854-911c-4d90-9fe3-8be6d093ca7f} (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{99553917-bf6b-4cdc-8edf-3cd5aa1fdfb8} (Trojan.FakeAlert) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{d9be845e-e284-4f5f-8673-2165762e4f24} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> No action taken.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
      HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarrior 2007_is1 (Rogue.MalWarrior) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.
      HKEY_CLASSES_ROOT\qvdntlmw.1 (Trojan.FakeAlert) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\WinSpyControl (Rogue.WinSpyControl) -> No action taken.
      C:\WinSpyControl\AVQuar (Rogue.WinSpyControl) -> No action taken.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl (Rogue.WinSpyControl) -> No action taken.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> No action taken.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> No action taken.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> No action taken.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken.

      Fichier(s) infecté(s):
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe (Rogue.MalWarrior) -> No action taken.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\threats.log (Rogue.WinSpyControl) -> No action taken.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> No action taken.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> No action taken.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> No action taken.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> No action taken.
      0
    4. hmr81 Messages postés 25 Statut Membre
       
      est le rapport de desinfection de malwarebyte :

      Malwarebytes' Anti-Malware 1.12
      Version de la base de données: 731

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 96333
      Temps écoulé: 1 hour(s), 24 minute(s), 17 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 18
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 8
      Fichier(s) infecté(s): 6

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{d1fcf9f3-4cf9-420c-8718-937352d780a7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\qvdntlmw.bsvk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{14108d7f-3af9-436c-863c-8ad8921bdf02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{73ee9610-ad41-4f65-8a9a-c283f6a652f3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c9b36848-a808-469f-b8b5-2a2d3d541f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{13c5e854-911c-4d90-9fe3-8be6d093ca7f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{99553917-bf6b-4cdc-8edf-3cd5aa1fdfb8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d9be845e-e284-4f5f-8673-2165762e4f24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Adsl Software Limited (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarrior 2007_is1 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\qvdntlmw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\WinSpyControl\AVQuar (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007 (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\threats.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.id (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini (Rogue.MalWarrior) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat (Rogue.MalWarrior) -> Quarantined and deleted successfully.

      j ai oublie de sauvegarder le rapport de hijackthis,mais j ai suivi les etapes que tu m as indique avec ce logiciel
      0
    5. hmr81 Messages postés 25 Statut Membre
       
      j ai fais un autre scan hijackthis que voici:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 04:39:27, on 09/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\SweetIM\Messenger\SweetIM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\VIDAL\Communs\VIDAL.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
      O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSpyControl\ptask.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Bluetooth Manager.lnk = ?
      O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Movies Extractor Scout - {009956DD-9AEA-458F-946A-2C9564E23205} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6483BE4B-E18A-49C6-922D-951DDB1B7AFC}: NameServer = 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{EE5F1066-162F-4825-B0B3-31DEC617C3F8}: NameServer = 192.168.2.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il faut faire la suite que j'avais indiquée!!!!

    ______________________
    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    ______________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "Killvund". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    _____________________

    puis
    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ______________________

    colle ensuite un rapport antivir et un nouveau hijackhtis en le renommant cette fois
    0
    1. hmr81 Messages postés 25 Statut Membre
       
      C le rapport de:
      [05/08/2008, 0:25:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\VirtumundoBeGone.exe" )
      [05/08/2008, 0:26:05] - User choose NOT to continue. Exiting...

      [05/08/2008, 0:28:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\VirtumundoBeGone.exe" )
      [05/08/2008, 0:28:19] - Detected System Information:
      [05/08/2008, 0:28:19] - Windows Version: 5.1.2600, Service Pack 2
      [05/08/2008, 0:28:19] - Current Username: Administrateur (Admin)
      [05/08/2008, 0:28:19] - Windows is in NORMAL mode.
      [05/08/2008, 0:28:20] - Searching for Browser Helper Objects:
      [05/08/2008, 0:28:20] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
      [05/08/2008, 0:28:20] - BHO 2: {3432B41E-A143-49B9-964C-66C02D844C49} ()
      [05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\iifdcYSL
      [05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\iifdcYSL, continuing.
      [05/08/2008, 0:28:20] - BHO 3: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
      [05/08/2008, 0:28:20] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/08/2008, 0:28:20] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
      [05/08/2008, 0:28:20] - BHO 6: {96DC3D11-8D8A-4D63-962D-66B4E5B45367} ()
      [05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\awttrPGv
      [05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\awttrPGv, continuing.
      [05/08/2008, 0:28:20] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [05/08/2008, 0:28:20] - BHO 8: {B3102264-D09D-4322-B625-503FBF18DD7E} ()
      [05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\pmnnLdCS
      [05/08/2008, 0:28:20] - Found: HKLM\...\Winlogon\Notify\pmnnLdCS - This is probably Virtumundo.
      [05/08/2008, 0:28:20] - Assigning {B3102264-D09D-4322-B625-503FBF18DD7E} MSEvents Object
      [05/08/2008, 0:28:20] - BHO list has been changed! Starting over...
      [05/08/2008, 0:28:20] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
      [05/08/2008, 0:28:20] - BHO 2: {3432B41E-A143-49B9-964C-66C02D844C49} ()
      [05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\iifdcYSL
      [05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\iifdcYSL, continuing.
      [05/08/2008, 0:28:20] - BHO 3: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
      [05/08/2008, 0:28:20] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/08/2008, 0:28:20] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
      [05/08/2008, 0:28:20] - BHO 6: {96DC3D11-8D8A-4D63-962D-66B4E5B45367} ()
      [05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\awttrPGv
      [05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\awttrPGv, continuing.
      [05/08/2008, 0:28:20] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [05/08/2008, 0:28:20] - BHO 8: {B3102264-D09D-4322-B625-503FBF18DD7E} (MSEvents Object)
      [05/08/2008, 0:28:20] - ALERT: Found MSEvents Object!
      [05/08/2008, 0:28:20] - BHO 9: {b8725631-a264-450d-9989-e65f64f2e5a4} ()
      [05/08/2008, 0:28:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:20] - Checking for HKLM\...\Winlogon\Notify\pmllxhnx
      [05/08/2008, 0:28:20] - Key not found: HKLM\...\Winlogon\Notify\pmllxhnx, continuing.
      [05/08/2008, 0:28:20] - BHO 10: {E5E29CD7-557C-45D8-B4DC-4245D3275917} ()
      [05/08/2008, 0:28:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:21] - Checking for HKLM\...\Winlogon\Notify\opnklkHy
      [05/08/2008, 0:28:21] - Key not found: HKLM\...\Winlogon\Notify\opnklkHy, continuing.
      [05/08/2008, 0:28:21] - Finished Searching Browser Helper Objects
      [05/08/2008, 0:28:21] - *** Detected MSEvents Object
      [05/08/2008, 0:28:21] - Trying to remove MSEvents Object...
      [05/08/2008, 0:28:22] - Terminating Process: IEXPLORE.EXE
      [05/08/2008, 0:28:22] - Terminating Process: RUNDLL32.EXE
      [05/08/2008, 0:28:22] - Disabling Automatic Shell Restart
      [05/08/2008, 0:28:22] - Terminating Process: EXPLORER.EXE
      [05/08/2008, 0:28:22] - Suspending the NT Session Manager System Service
      [05/08/2008, 0:28:23] - Terminating Windows NT Logon/Logoff Manager
      [05/08/2008, 0:28:23] - Re-enabling Automatic Shell Restart
      [05/08/2008, 0:28:23] - File to disable: C:\WINDOWS\system32\pmnnLdCS.dll
      [05/08/2008, 0:28:23] - Renaming C:\WINDOWS\system32\pmnnLdCS.dll -> C:\WINDOWS\system32\pmnnLdCS.dll.vir
      [05/08/2008, 0:28:24] - File successfully renamed!
      [05/08/2008, 0:28:24] - Removing HKLM\...\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}
      [05/08/2008, 0:28:24] - Removing HKCR\CLSID\{B3102264-D09D-4322-B625-503FBF18DD7E}
      [05/08/2008, 0:28:24] - Adding Kill Bit for ActiveX for GUID: {B3102264-D09D-4322-B625-503FBF18DD7E}
      [05/08/2008, 0:28:24] - Deleting ATLEvents/MSEvents Registry entries
      [05/08/2008, 0:28:24] - Removing HKLM\...\Winlogon\Notify\pmnnLdCS
      [05/08/2008, 0:28:24] - Searching for Browser Helper Objects:
      [05/08/2008, 0:28:24] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
      [05/08/2008, 0:28:24] - BHO 2: {3432B41E-A143-49B9-964C-66C02D844C49} ()
      [05/08/2008, 0:28:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:24] - Checking for HKLM\...\Winlogon\Notify\iifdcYSL
      [05/08/2008, 0:28:24] - Key not found: HKLM\...\Winlogon\Notify\iifdcYSL, continuing.
      [05/08/2008, 0:28:24] - BHO 3: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (Megaupload Toolbar)
      [05/08/2008, 0:28:24] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/08/2008, 0:28:24] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
      [05/08/2008, 0:28:24] - BHO 6: {96DC3D11-8D8A-4D63-962D-66B4E5B45367} ()
      [05/08/2008, 0:28:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:25] - Checking for HKLM\...\Winlogon\Notify\awttrPGv
      [05/08/2008, 0:28:25] - Key not found: HKLM\...\Winlogon\Notify\awttrPGv, continuing.
      [05/08/2008, 0:28:25] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [05/08/2008, 0:28:25] - BHO 8: {b8725631-a264-450d-9989-e65f64f2e5a4} ()
      [05/08/2008, 0:28:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:25] - Checking for HKLM\...\Winlogon\Notify\pmllxhnx
      [05/08/2008, 0:28:25] - Key not found: HKLM\...\Winlogon\Notify\pmllxhnx, continuing.
      [05/08/2008, 0:28:25] - BHO 9: {E5E29CD7-557C-45D8-B4DC-4245D3275917} ()
      [05/08/2008, 0:28:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/08/2008, 0:28:26] - Checking for HKLM\...\Winlogon\Notify\opnklkHy
      [05/08/2008, 0:28:27] - Key not found: HKLM\...\Winlogon\Notify\opnklkHy, continuing.
      [05/08/2008, 0:28:27] - Finished Searching Browser Helper Objects
      [05/08/2008, 0:28:27] - Finishing up...
      [05/08/2008, 0:28:27] - A restart is needed.
      [05/08/2008, 0:28:51] - Attempting to Restart via STOP error (Blue Screen!)

      * Le rapport de combofix:
      ComboFix 08-05-01.3 - Administrateur 2008-05-08 0:52:18.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.755 [GMT 2:00]
      Endroit: D:\Amine\killvundo.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon
      C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\domains.txt
      C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\log.txt
      C:\Program Files\Helper
      C:\Program Files\network monitor
      C:\Program Files\outlook
      C:\Temp\1cb
      C:\Temp\1cb\syscheck.log
      C:\WINDOWS\autorun.inf
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\Fonts\'
      C:\WINDOWS\Installer\{3e9cda6f-5443-4727-8c98-4234e7f6db42}\ComponentVolume.dll
      C:\WINDOWS\privacy_danger
      C:\WINDOWS\privacy_danger\images\capt.gif
      C:\WINDOWS\privacy_danger\images\danger.jpg
      C:\WINDOWS\privacy_danger\images\down.gif
      C:\WINDOWS\privacy_danger\images\spacer.gif
      C:\WINDOWS\privacy_danger\index.htm
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\rs.txt
      C:\WINDOWS\svchost.ini
      C:\WINDOWS\system32\bszip.dll
      C:\WINDOWS\system32\cmd.com
      C:\WINDOWS\system32\LSYcdfii.ini
      C:\WINDOWS\system32\LSYcdfii.ini2
      C:\WINDOWS\system32\netstat.com
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\ping.com
      C:\WINDOWS\system32\regedit.com
      C:\WINDOWS\system32\setting.ini
      C:\WINDOWS\system32\taskkill.com
      C:\WINDOWS\system32\tasklist.com
      C:\WINDOWS\system32\tracert.com
      C:\WINDOWS\system32\vGPrttwa.ini
      C:\WINDOWS\system32\vGPrttwa.ini2
      C:\WINDOWS\system32\wrhfikua.ini
      C:\WINDOWS\system32\xirjbjpy.ini
      C:\WINDOWS\system32\yHklknpo.ini
      C:\WINDOWS\system32\yHklknpo.ini2

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_CMDSERVICE
      -------\Legacy_NETWORK_MONITOR
      -------\Service_Network Monitor


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-08 00:51 . 2008-05-08 00:51 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
      2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
      2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
      2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
      2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
      2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
      2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
      2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
      2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
      2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\bkEur18
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
      2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
      2008-05-03 23:34 . 2008-05-03 23:34 43,520 --a------ C:\WINDOWS\system32\pmnnLdCS.dll.vir
      2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
      2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
      2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage r‚seau
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
      2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\ModŠles
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu D‚marrer
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
      2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
      2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
      2008-04-22 04:16 . 2008-05-08 00:52 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
      2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-07 01:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
      2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
      2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
      2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
      2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
      2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
      2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
      2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
      2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
      2008-03-26 23:53 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited
      2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
      2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
      2008-03-25 19:02 --------- d-----w C:\Program Files\Java
      2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
      2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
      2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
      2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
      2008-03-08 18:27 --------- d-----w C:\Program Files\Cisco Systems
      2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3432B41E-A143-49B9-964C-66C02D844C49}]
      C:\WINDOWS\system32\iifdcYSL.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DC3D11-8D8A-4D63-962D-66B4E5B45367}]
      C:\WINDOWS\system32\awttrPGv.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8725631-a264-450d-9989-e65f64f2e5a4}]
      C:\WINDOWS\system32\pmllxhnx.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5E29CD7-557C-45D8-B4DC-4245D3275917}]
      C:\WINDOWS\system32\opnklkHy.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{14108D7F-3AF9-436C-863C-8AD8921BDF02}"= "C:\WINDOWS\qvdntlmw.dll" [ ]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{14108d7f-3af9-436c-863c-8ad8921bdf02}]
      [HKEY_CLASSES_ROOT\qvdntlmw.1]
      [HKEY_CLASSES_ROOT\TypeLib\{C9B36848-A808-469F-B8B5-2A2D3D541F87}]
      [HKEY_CLASSES_ROOT\qvdntlmw]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
      "MalWarrior"="C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe" [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
      "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
      "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
      "bm"="C:\Program Files\Fichiers communs\WinSpyControl\bm.exe" [ ]
      "ptask"="C:\Program Files\WinSpyControl\ptask.exe" [ ]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
      "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
      "6c2b927b"="C:\WINDOWS\system32\aukifhrw.dll" [ ]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
      "vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLogOff"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
      Source= file:///C:\WINDOWS\privacy_danger\index.htm
      FriendlyName= Privacy Protection

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Ares\\Ares.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
      S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
      S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
      S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
      S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
      \Shell\Auto\command - F:\printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
      \Shell\Auto\command - F:\setup.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
      \Shell\Auto\command - printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
      \Shell\AutoRun\command - EXPLORER.EXE
      \Shell\explore\Command - EXPLORER.EXE
      \Shell\open\Command - EXPLORER.EXE

      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-08 00:58:30
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 344

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
      C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-08 1:07:22 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-07 23:07:13

      Pre-Run: 7,437,053,952 octets libres
      Post-Run: 7,471,939,584 octets libres

      244 --- E O F --- 2008-03-24 14:20:30


      j ai fais le scan avec vundofix mais il n a rien trouvé..
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    cela devrait etre les derniere manip!!!

    ____________

    mets a jour inernet explorer comme déjà mentionné
    ____________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Program Files\WinSpyControl\ptask.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ptask"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ___________________

    verifie que antivir ne trouve rien!

    si rien dans antivir c'est bon!

    ______________

    pour protéger gratos ton ordi

    https://www.commentcamarche.net/telecharger/ 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MALWARTEBYTES ANTIMALWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/ 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    ---------

    aller sur le net avec firefox ou opera ou safari et non internet explorer qui est plus touché par les infections
    0
    1. hmr81 Messages postés 25 Statut Membre
       
      bonjour

      c le rapport de combofix:

      ComboFix 08-05-08.1 - Administrateur 2008-05-09 14:36:24.4 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.830 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Administrateur.STANDARD.000\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\Program Files\WinSpyControl\ptask.exe
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-09 00:38 . 2008-05-09 00:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-09 00:38 . 2008-05-09 00:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
      2008-05-09 00:38 . 2008-05-09 00:38 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Malwarebytes
      2008-05-09 00:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-05-09 00:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-08 23:46 . 2008-05-09 00:03 2,618 --a------ C:\WINDOWS\system32\tmp.reg
      2008-05-08 15:24 . 2008-05-08 15:24 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-08 00:51 . 2008-05-09 00:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
      2008-05-07 19:11 . 2008-05-07 19:11 <REP> d-------- C:\VundoFix Backups
      2008-05-07 19:03 . 2008-05-08 00:27 <REP> d-------- C:\HijackThis
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Program Files\Avira
      2008-05-04 16:22 . 2008-05-04 16:22 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
      2008-05-04 13:51 . 2008-05-06 03:31 109,738 --a------ C:\WINDOWS\BM6f18a1e7.xml
      2008-05-04 02:29 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot Shield
      2008-05-04 01:39 . 2008-05-04 01:39 <REP> d-------- C:\Program Files\ultrasurf
      2008-05-04 01:34 . 2008-05-04 01:34 33 --a------ C:\WINDOWS\system32\6c2b80f5
      2008-05-03 23:38 . 2008-05-03 23:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
      2008-05-03 23:36 . 2008-05-04 11:35 <REP> d--hs---- C:\WINDOWS\Lg
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\WINDOWS\system32\mm3
      2008-05-03 23:35 . 2008-05-04 11:12 <REP> d-------- C:\WINDOWS\system32\gt1
      2008-05-03 23:35 . 2008-05-08 01:53 <REP> d-------- C:\WINDOWS\system32\bkEur18
      2008-05-03 23:35 . 2008-05-03 23:35 <REP> d-------- C:\Temp\maxsv15
      2008-05-03 23:35 . 2008-05-08 00:52 <REP> d-------- C:\Temp
      2008-05-03 00:49 . 2008-05-04 02:29 <REP> d-------- C:\Program Files\Hotspot_Shield
      2008-05-03 00:26 . 2008-05-03 00:26 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Yahoo!
      2008-05-03 00:26 . 2008-05-03 00:28 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\MEGAUPLOADTOOLBAR
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Grisoft
      2008-04-22 04:18 . 2008-04-22 04:18 <REP> d-------- C:\Documents and Settings\Amine\Application Data\Creative
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage réseau
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d--h----- C:\Documents and Settings\Amine\Voisinage d'impression
      2008-04-22 04:16 . 2007-09-02 23:42 <REP> d--h----- C:\Documents and Settings\Amine\Modèles
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Mes documents
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> dr------- C:\Documents and Settings\Amine\Menu Démarrer
      2008-04-22 04:16 . 2007-06-19 00:09 <REP> d-------- C:\Documents and Settings\Amine\Favoris
      2008-04-22 04:16 . 2007-10-26 00:29 <REP> d-------- C:\Documents and Settings\Amine\Bureau
      2008-04-22 04:16 . 2008-04-22 04:16 <REP> d-------- C:\Documents and Settings\Amine
      2008-04-22 04:16 . 2008-05-09 00:24 1,024 --ah----- C:\Documents and Settings\Amine\NTUser.dat.LOG
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
      2008-04-18 13:42 . 2008-04-18 13:42 <REP> d-------- C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\Yahoo!
      2008-04-18 13:39 . 2008-04-18 13:39 <REP> d-------- C:\Program Files\Yahoo!

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-09 12:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
      2008-05-04 12:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
      2008-05-03 21:41 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\LimeWire
      2008-04-25 12:59 --------- d-----w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\U3
      2008-04-18 11:40 --------- d-----w C:\Program Files\DivX
      2008-04-05 16:02 --------- d-----w C:\Program Files\LimeWire
      2008-04-05 15:06 --------- d-----w C:\Program Files\SweetIM
      2008-04-05 15:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
      2008-04-04 20:47 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
      2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
      2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
      2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
      2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
      2008-03-31 19:21 16,952 ----a-w C:\Documents and Settings\Administrateur.STANDARD.000\Application Data\GDIPFONTCACHEV1.DAT
      2008-03-26 16:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
      2008-03-26 13:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
      2008-03-25 19:02 --------- d-----w C:\Program Files\Java
      2008-03-25 02:32 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\PC Suite
      2008-03-23 13:02 --------- d-----w C:\Program Files\Free Hide Folder
      2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
      2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
      2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
      2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
      2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
      2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
      2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
      2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
      2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
      2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
      2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
      2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
      2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
      2008-03-12 13:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-03-12 13:57 --------- d-----w C:\Program Files\Windows Live
      2008-03-12 13:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
      2008-03-02 14:13 155,995 ----a-w C:\WINDOWS\java\Packages\3PV7LBFR.ZIP
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-08_ 1.06.36.76 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-05-07 22:57:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-05-09 12:22:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      - 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]
      "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-08-03 12:46 196608]
      "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 11:04 245760]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 00:04 185632]
      "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
      "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-04 17:19 262401]
      "vdlDeamon"="C:\Program Files\VIDAL\Communs\VIDAL.exe" [2005-10-05 11:15 975872]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:54 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-04 11:54 68856]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:37 44544]

      C:\Documents and Settings\Administrateur.STANDARD\Menu D‚marrer\Programmes\D‚marrage\
      QuickShelf.lnk - C:\Program Files\Microsoft R‚f‚rence\Bibliorom\QS96F.EXE [1996-01-31 152064]

      C:\Documents and Settings\Administrateur.STANDARD.000\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

      C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
      Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-12-24 18:22:30 479232]
      Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-17 19:34:05 125624]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLogOff"= 1 (0x1)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Ares\\Ares.exe"=
      "D:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\CC3.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "D:\\Program Files\\Close Combat\\Close Combat III\\Server\\Server.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
      S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-10-12 12:22]
      S3 HssTrayService;Hotspot Shield Tray Service;C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
      S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 20:49]
      S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
      S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 03:00]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{325025c4-5f10-11dc-9bd7-001320329ce3}]
      \Shell\Auto\command - F:\printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3358fa3b-5485-11dc-9ba2-001320329ce3}]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4be2d11f-5938-11dc-9bae-001320329ce3}]
      \Shell\Auto\command - F:\setup.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c423627-3482-11dc-9b83-001320329ce3}]
      \Shell\Auto\command - printer.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e790ffd4-a389-11dc-9c5e-001320329ce3}]
      \Shell\AutoRun\command - EXPLORER.EXE
      \Shell\explore\Command - EXPLORER.EXE
      \Shell\open\Command - EXPLORER.EXE

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-09 14:39:28
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...


      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-09 14:42:53
      ComboFix-quarantined-files.txt 2008-05-09 12:41:45
      ComboFix2.txt 2008-05-08 22:30:42
      ComboFix3.txt 2008-05-07 23:07:23

      Pre-Run: 7,280,005,120 octets libres
      Post-Run: 7,268,401,152 octets libres

      200 --- E O F --- 2008-03-24 14:20:30
      0
    2. hmr81 Messages postés 25 Statut Membre
       
      Avira a encore detecte un troyan ,voici le rapport:

      Avira AntiVir Personal
      Report file date: vendredi 9 mai 2008 14:45

      Scanning for 1256657 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: STANDARD

      Version information:
      BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
      AVSCAN.EXE : 8.1.2.12 311553 Bytes 04/05/2008 15:19:40
      AVSCAN.DLL : 8.1.1.0 53505 Bytes 04/05/2008 15:19:40
      LUKE.DLL : 8.1.2.9 151809 Bytes 04/05/2008 15:19:41
      LUKERES.DLL : 8.1.2.1 12033 Bytes 04/05/2008 15:19:41
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:19:41
      ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 14:00:03
      ANTIVIR3.VDF : 7.0.4.17 72192 Bytes 08/05/2008 14:26:46
      Engineversion : 8.1.0.39
      AEVDF.DLL : 8.1.0.5 102772 Bytes 04/05/2008 15:19:42
      AESCRIPT.DLL : 8.1.0.28 233851 Bytes 04/05/2008 15:19:42
      AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 14:27:23
      AERDL.DLL : 8.1.0.20 418165 Bytes 04/05/2008 15:19:42
      AEPACK.DLL : 8.1.1.4 364918 Bytes 04/05/2008 15:19:42
      AEOFFICE.DLL : 8.1.0.18 192890 Bytes 04/05/2008 15:19:42
      AEHEUR.DLL : 8.1.0.21 1196407 Bytes 04/05/2008 15:19:42
      AEHELP.DLL : 8.1.0.14 115063 Bytes 04/05/2008 15:19:41
      AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 14:27:20
      AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 14:27:11
      AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 14:26:57
      AVWINLL.DLL : 1.0.0.7 14593 Bytes 04/05/2008 15:19:40
      AVPREF.DLL : 8.0.0.1 25857 Bytes 04/05/2008 15:19:40
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
      AVREG.DLL : 8.0.0.0 30977 Bytes 04/05/2008 15:19:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 04/05/2008 15:19:40
      AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 04/05/2008 15:19:40
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 04/05/2008 15:19:41
      SMTPLIB.DLL : 1.2.0.19 28929 Bytes 04/05/2008 15:19:41
      NETNT.DLL : 8.0.0.1 7937 Bytes 04/05/2008 15:19:41
      RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 04/05/2008 15:19:34
      RCTEXT.DLL : 8.0.32.0 86273 Bytes 04/05/2008 15:19:34

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: C:, D:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: vendredi 9 mai 2008 14:45

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'VIDAL.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
      Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
      Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      28 processes with 28 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '30' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\System Volume Information\_restore{68F6092E-A582-48DB-945C-288631DBACD3}\RP2\A0000108.exe
      [DETECTION] Is the Trojan horse TR/Dldr.VB.edw.2
      [NOTE] The file was moved to '48544cbb.qua'!
      Begin scan in 'D:\'


      End of the scan: vendredi 9 mai 2008 15:22
      Used time: 36:17 min

      The scan has been done completely.

      6801 Scanning directories
      225470 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      225469 Files not concerned
      1671 Archives were scanned
      1 Warnings
      1 Notes
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok rien de grave. Il est dans ta restauration. Pour le virer désactive la restauration système puis redémarre ton ordi puis réactive là . (démarrer puis tous les programmes puis accessoire puis outils système puis restauration puis clique sur paramètre situé dans la partie gauche) . Voilà tu peux mettre résolu
    0
    1. hmr81 Messages postés 25 Statut Membre
       
      d accord merci beaucoup pour ton aide et pour ta patience,c tres sympa
      0
  9. hmr81 Messages postés 25 Statut Membre
     
    ok je crois que mon poste n est plus infecte je te remercie
    0
  10. hmr81 Messages postés 25 Statut Membre
     
    c resolu merci beaucoup
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui tu peux mettre résolu!
    0