Trojandownloader.xs

Résolu
myke35 Messages postés 9 Statut Membre -  
 krauzzer -
Bonjour,
comme c'est le cas pour beaucoup de personnes je suis infecté par un trojandownloader.xs
toutes mes demarches (avast,spybot,ccleaner,avg,et adware) m'ont permis d'eliminer un bon nombre d'intrus mais je n'arrive pas a trouver l'emplacement de ce trojandownloader.
j'ai survolé quelques post et donc comme il est demandé a chaque fois voici le rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:55, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0A9C8F15-C2C7-43F5-8D4B-BDF717C3E20D} - (no file)
O2 - BHO: (no name) - {11FB4CBA-6BB0-4715-B38A-B9F7CF301E66} - (no file)
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1E6983D4-E885-43A7-8F22-E7186274E775} - C:\WINDOWS\system32\rqRJBTMg.dll (file missing)
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - (no file)
O2 - BHO: browser optimizer superiorads - {43FC67B6-4C25-4afd-AE7A-9EF3E4587026} - (no file)
O2 - BHO: (no name) - {47CE5F32-CA8D-4C59-931E-2972EAE1DCE6} - (no file)
O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: dcads - {6dbbc929-9020-3302-fbe4-9b49a68d8700} - C:\WINDOWS\system32\nsuD3.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - (no file)
O2 - BHO: (no name) - {733716E1-76D2-4003-AC39-845281C0EF85} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F4AF5D0-5D05-4BD1-9AF6-50DB3DA03128} - (no file)
O2 - BHO: (no name) - {8D671FEB-6F97-450F-9A4D-40775809DD0C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A2290739-AF94-489F-AF32-2917B2EE8386} - (no file)
O2 - BHO: (no name) - {A3F7F001-4548-4306-95FC-E1FD3B9A3023} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AFDD1C95-4BBF-4944-B149-B1FF7F252902} - (no file)
O2 - BHO: (no name) - {B78B65B0-D465-4A7F-BAF2-8FD048E234F5} - C:\WINDOWS\system32\xxyxWOiF.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Tooltipizer - {C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A} - C:\WINDOWS\system32\dcadssuggest.dll
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\ljJYRhIB.dll (file missing)
O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-2.dll
O2 - BHO: (no name) - {D7D6BB4D-1160-4A2F-8608-86A6ED8DB2E1} - (no file)
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ciuaqxqr] C:\WINDOWS\system32\jgvcreze.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Pack Securite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtre Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Pack Securite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 14195 bytes

merci beaucoup pour votre aide
Configuration: Windows XP
Firefox 2.0.0.14

21 réponses

  • 1
  • 2
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour et bienvenue sur CCM

    en effet très infecté

    pour commencer relance hijack et coche ceci

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: (no name) - {0A9C8F15-C2C7-43F5-8D4B-BDF717C3E20D} - (no file)
    O2 - BHO: (no name) - {11FB4CBA-6BB0-4715-B38A-B9F7CF301E66} - (no file)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: (no name) - {1E6983D4-E885-43A7-8F22-E7186274E775} - C:\WINDOWS\system32\rqRJBTMg.dll (file missing)
    O2 - BHO: (no name) - {47CE5F32-CA8D-4C59-931E-2972EAE1DCE6} - (no file)
    O2 - BHO: (no name) - {733716E1-76D2-4003-AC39-845281C0EF85} - (no file)
    O2 - BHO: (no name) - {7F4AF5D0-5D05-4BD1-9AF6-50DB3DA03128} - (no file)
    O2 - BHO: (no name) - {8D671FEB-6F97-450F-9A4D-40775809DD0C} - (no file)
    O2 - BHO: (no name) - {A2290739-AF94-489F-AF32-2917B2EE8386} - (no file)
    O2 - BHO: (no name) - {A3F7F001-4548-4306-95FC-E1FD3B9A3023} - (no file)
    O2 - BHO: (no name) - {AFDD1C95-4BBF-4944-B149-B1FF7F252902} - (no file)
    O2 - BHO: (no name) - {B78B65B0-D465-4A7F-BAF2-8FD048E234F5} - C:\WINDOWS\system32\xxyxWOiF.dll (file missing)
    O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\ljJYRhIB.dll (file missing)
    O2 - BHO: (no name) - {D7D6BB4D-1160-4A2F-8608-86A6ED8DB2E1} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    ensuite tu clique sur fix checked

    ensuite

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

    =================================

    ensuite

    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    ==================================================

    ensuite
    Télécharge VirtumundoBeGone sur ton bureau .
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => double-clic sur VirtumundoBeGone.exe
    => Suis les instructions à l'écran
    => Quand le scan est terminé, enregistre le rapport.
    => Copie/Colle le ici

    ===============================================

    ensuite

    Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!
    => déconnecte toi d'internet et ferme toutes tes applications.
    => désactive tes protections (antivirus, parefeu,antispyware)
    => Double-clic sur combofix,
    => Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    => Attends que combofix ait terminé, un rapport sera créé.
    => réactive ton parefeu, ton antivirus, la garde de ton antispyware
    => copie/colle le rapport C:\ComboFix.txt

    poste tou les rapports
    @+
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    vire avast car tu as déjà F SECURE

    ____________

    relance hijakchtis , fais DO A SYSTEM SCAN ONLY ET fix ces lignes

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: (no name) - {0A9C8F15-C2C7-43F5-8D4B-BDF717C3E20D} - (no file)
    O2 - BHO: (no name) - {11FB4CBA-6BB0-4715-B38A-B9F7CF301E66} - (no file)
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - (no file)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: (no name) - {1E6983D4-E885-43A7-8F22-E7186274E775} - C:\WINDOWS\system32\rqRJBTMg.dll (file missing)
    O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - (no file)
    O2 - BHO: browser optimizer superiorads - {43FC67B6-4C25-4afd-AE7A-9EF3E4587026} - (no file)
    O2 - BHO: (no name) - {47CE5F32-CA8D-4C59-931E-2972EAE1DCE6} - (no file)
    O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - (no file)
    O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
    O2 - BHO: dcads - {6dbbc929-9020-3302-fbe4-9b49a68d8700} - C:\WINDOWS\system32\nsuD3.dll
    O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - (no file)
    O2 - BHO: (no name) - {733716E1-76D2-4003-AC39-845281C0EF85} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7F4AF5D0-5D05-4BD1-9AF6-50DB3DA03128} - (no file)
    O2 - BHO: (no name) - {8D671FEB-6F97-450F-9A4D-40775809DD0C} - (no file)
    O2 - BHO: (no name) - {A2290739-AF94-489F-AF32-2917B2EE8386} - (no file)
    O2 - BHO: (no name) - {A3F7F001-4548-4306-95FC-E1FD3B9A3023} - (no file)
    O2 - BHO: (no name) - {AFDD1C95-4BBF-4944-B149-B1FF7F252902} - (no file)
    O2 - BHO: (no name) - {B78B65B0-D465-4A7F-BAF2-8FD048E234F5} - C:\WINDOWS\system32\xxyxWOiF.dll (file missing)
    O2 - BHO: Tooltipizer - {C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A} - C:\WINDOWS\system32\dcadssuggest.dll
    O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\ljJYRhIB.dll (file missing)
    O2 - BHO: (no name) - {D7D6BB4D-1160-4A2F-8608-86A6ED8DB2E1} - (no file)
    O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [ciuaqxqr] C:\WINDOWS\system32\jgvcreze.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4} - http://scripts.dlv4.com/binaries/egauth4/egauth4_1052_FR_XP.cab

    ___________________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    C:\WINDOWS\system32\myss_sb.dll
    C:\WINDOWS\system32\nsuD3.dll
    C:\WINDOWS\system32\dcadssuggest.dll
    C:\WINDOWS\system32\mysidesearch_sidebar.dll
    C:\WINDOWS\system32\jgvcreze.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ______________________

    vire ce qui est dans moved files en allant dans POSTE DE TRAVAIL puis C puis OTMOVIT
    ________________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    ___________________

    colle un scan en ligne avec:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html
    __________________

    recolle un rapport hijackhtis et dis tes soucis actuels
    0
  3. myke35 Messages postés 9 Statut Membre
     
    merci a vous deux ep44 et jlpjlp de me repondre aussi rapidement

    après avoir suivi les indications de ep44 voici les rapports:

    [b]SDFix: Version 1.181 [/b]
    Run by HP_Propri‚taire on 09/05/2008 at 16:02

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\HP_PRO~1\Bureau\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\smp\msrc.exe - Deleted
    C:\Program Files\wunauclt.zip - Deleted
    C:\Program Files\wunauclt.tbe - Deleted
    C:\Documents and Settings\HP_Propri‚taire\services.exe - Deleted
    C:\WINDOWS\spwoqbmv.exe - Deleted
    C:\WINDOWS\system32\akttzn.exe - Deleted
    C:\WINDOWS\system32\anticipator.dll - Deleted
    C:\WINDOWS\system32\awtoolb.dll - Deleted
    C:\WINDOWS\system32\bdn.com - Deleted
    C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
    C:\WINDOWS\system32\dpcproxy.exe - Deleted
    C:\WINDOWS\system32\emesx.dll - Deleted
    C:\WINDOWS\system32\hoproxy.dll - Deleted
    C:\WINDOWS\system32\hxiwlgpm.dat - Deleted
    C:\WINDOWS\system32\hxiwlgpm.exe - Deleted
    C:\WINDOWS\system32\medup012.dll - Deleted
    C:\WINDOWS\system32\msgp.exe - Deleted
    C:\WINDOWS\system32\msnbho.dll - Deleted
    C:\WINDOWS\system32\mssecu.exe - Deleted
    C:\WINDOWS\system32\msvchost.exe - Deleted
    C:\WINDOWS\system32\mtr2.exe - Deleted
    C:\WINDOWS\system32\mwin32.exe - Deleted
    C:\WINDOWS\system32\netode.exe - Deleted
    C:\WINDOWS\system32\newsd32.exe - Deleted
    C:\WINDOWS\system32\ps1.exe - Deleted
    C:\WINDOWS\system32\psof1.exe - Deleted
    C:\WINDOWS\system32\psoft1.exe - Deleted
    C:\WINDOWS\system32\regc64.dll - Deleted
    C:\WINDOWS\system32\regm64.dll - Deleted
    C:\WINDOWS\system32\Rundl1.exe - Deleted
    C:\WINDOWS\system32\sncntr.exe - Deleted
    C:\WINDOWS\system32\ssurf022.dll - Deleted
    C:\WINDOWS\system32\ssvchost.com - Deleted
    C:\WINDOWS\system32\ssvchost.exe - Deleted
    C:\WINDOWS\system32\sysreq.exe - Deleted
    C:\WINDOWS\system32\taack.dat - Deleted
    C:\WINDOWS\system32\taack.exe - Deleted
    C:\WINDOWS\system32\temp#01.exe - Deleted
    C:\WINDOWS\system32\thun.dll - Deleted
    C:\WINDOWS\system32\thun32.dll - Deleted
    C:\WINDOWS\system32\VBIEWER.OCX - Deleted
    C:\WINDOWS\system32\vbsys2.dll - Deleted
    C:\WINDOWS\system32\vcatchpi.dll - Deleted
    C:\WINDOWS\system32\winlogonpc.exe - Deleted
    C:\WINDOWS\system32\winsystem.exe - Deleted
    C:\WINDOWS\system32\WINWGPX.EXE - Deleted
    C:\WINDOWS\xbaqktfv.exe - Deleted

    Folder C:\WINDOWS\system32\smp - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-09 16:29:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
    "khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
    "khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
    "khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
    "khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
    "khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temporary Internet Files\\Content.IE5\\DJJLZT3K\\incredimail_install[1].exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temporary Internet Files\\Content.IE5\\DJJLZT3K\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
    "C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe:*:Disabled:Cym2005"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:Bluetooth Application"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
    "K:\\jeux\\base\\bin\\Settlers6.exe"="K:\\jeux\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Bƒtisseurs d'Empire"
    "K:\\JEUX\\DAW\\W40kWA.exe"="K:\\JEUX\\DAW\\W40kWA.exe:*:Enabled:W40kWA"
    "K:\\jeux\\supreme commender\\Supreme Commander\\bin\\SupremeCommander.exe"="K:\\jeux\\supreme commender\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
    "K:\\jeux\\supreme commender\\GPGNet\\GPG.Multiplayer.Client.exe"="K:\\jeux\\supreme commender\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
    "K:\\jeux\\star wars corruption\\swfoc.exe"="K:\\jeux\\star wars corruption\\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
    "C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\HP_PRO~1\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Mon 14 Aug 2006 218 A.SHR --- "C:\BOOT.BAK"
    Thu 13 Sep 2007 20,992 ...H. --- "C:\WINWORD\~WRL0001.tmp"
    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Fri 1 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 5 Feb 2001 34,331 ...H. --- "C:\swsetup\Monitors\HP_vs17x\INSTALL.EXE"
    Wed 22 Jun 2005 21,668 A..H. --- "C:\swsetup\Monitors\HP_vs17x\SETMON.EXE"
    Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 3 Oct 2006 50,280 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
    Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT65.tmp"
    Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT12.tmp"
    Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\U3\temp\Launchpad Removal.exe"

    [b]Finished![/b]

    ======================================

    [05/09/2008, 17:12:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Propriétaire\Bureau\VirtumundoBeGone.exe" )
    [05/09/2008, 17:12:20] - Detected System Information:
    [05/09/2008, 17:12:20] - Windows Version: 5.1.2600, Service Pack 2
    [05/09/2008, 17:12:20] - Current Username: HP_Propriétaire (Admin)
    [05/09/2008, 17:12:20] - Windows is in NORMAL mode.
    [05/09/2008, 17:12:20] - Searching for Browser Helper Objects:
    [05/09/2008, 17:12:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/09/2008, 17:12:20] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [05/09/2008, 17:12:20] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/09/2008, 17:12:20] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [05/09/2008, 17:12:20] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [05/09/2008, 17:12:20] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [05/09/2008, 17:12:20] - BHO 7: {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} (BrowsingTool)
    [05/09/2008, 17:12:20] - Finished Searching Browser Helper Objects
    [05/09/2008, 17:12:20] - Finishing up...
    [05/09/2008, 17:12:20] - Nothing found! Exiting...

    ==============================

    VundoFix V7.0.3

    Scan started at 16:42:58 09/05/2008

    Listing files found while scanning....

    No infected files were found.

    -----------------------------------------------------------------------------------------------------------------------------

    et voici pour finir le rapport de combofix que j'ai renommé killgable ( conseil de jlpjlp)

    pushd "C:\327882R2FWJFW\"

    =============================================

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\HP_Propri‚taire\Application Data
    cfldr=327882R2FWJFW
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=HELENEETMIKE
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\HP_Propri‚taire
    kmd=CF13182.exe
    LOGONSERVER=\\HELENEETMIKE
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
    PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0604
    ProgramFiles=C:\Program Files
    PROMPT=$
    QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    SESSIONNAME=Console
    sfxname=C:\Documents and Settings\HP_Propri‚taire\Bureau\killbagle.exe
    SonicCentral=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
    system=C:\WINDOWS\system32
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
    USERDOMAIN=HELENEETMIKE
    USERNAME=HP_Propri‚taire
    USERPROFILE=C:\Documents and Settings\HP_Propri‚taire
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI

    =============================================

    if not defined sfxname goto END

    Nircmd win close ititle "ComboFix"

    If [] == [] Set "SfxCmd="

    if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort

    if exist "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log"
    SteelWerX Extended Configuration Access Control Lists
    Written by Bobbi Flekman 2006 (C)
    Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful

    copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF13182.exe"
    1 fichier(s) copi‚(s).

    if not exist "C:\WINDOWS\system32\CF13182.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF13182.exe"

    For /F "tokens=*" %g in ("C:\Documents and Settings\HP_Propri‚taire\Bureau\killbagle.exe") do @(
    set "FileName=%~ng"
    set "FilePath=%~dpg"
    )

    Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || (
    nircmd infobox "You cannot rename ComboFix as killbagle~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
    goto END
    )

    DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00

    FindStr.exe -LIXC:"killbagle" dirname00 1>nul && call :NameChk

    FindStr.exe -LIXC:"killbagle" dirname03 1>nul 2>&1 && goto AbortB

    if exist "\killbagle\*.cfexe" goto :eof

    If exist dirname0? del /Q dirname0?

    If exist "\killbagle" DIR /AD "\killbagle" 1>nul && (
    rd /s/q "\killbagle"
    If exist "\killbagle" (
    PV -kf findstr.exe *.cfexe
    rd /s/q "\killbagle"
    )
    If exist "\killbagle" (
    handle "C:\killbagle" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
    for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
    del /q temp00
    rd /s/q "\killbagle"
    )
    )

    If exist "\killbagle" rd /s/q "\killbagle"

    If exist "\killbagle" goto :eof

    VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) ||

    CD ..

    Set "comspec=C:\WINDOWS\system32\CF13182.exe"

    (
    echo.md "\killbagle"
    echo.Move /y "\327882R2FWJFW\*" "\killbagle"
    echo.RD /S/Q "\327882R2FWJFW"
    echo.Start "." /d"C:\killbagle" "C:\WINDOWS\system32\CF13182.exe" /k c.bat
    echo.pv -kf cmd.exe
    ) 1>Start_.cmd

    NirCmd exec hide "C:\WINDOWS\system32\CF13182.exe" /f:off /d /c call Start_.cmd

    NirCmd execmd del "\327882R2FWJFW\prep.cmd"

    EXIT

    ==========================================

    merci beaucoup pour le temps que vous passez à m'aider à resoudre mon probleme

    merci infiniment , myke

    0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    re

    ceci n'est pas le rapport de combofix

    regarde dans C: tu dois avoir un fichier texte nommé maintenant killgable
    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. myke35 Messages postés 9 Statut Membre
     
    ok voici le rapport de combofix ( enfin j'espere que c'est le bon)

    ComboFix 08-05-08.1 - HP_Propriétaire 2008-05-09 22:50:24.3 - NTFSx86
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\killbagle.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf
    .
    ---- Previous Run -------
    .
    C:\Program Files\ContextTool
    C:\Program Files\ContextTool\ContextHelper.dat
    C:\Program Files\ContextTool\pcre3.dll
    C:\Program Files\ContextTool\uninstall.exe
    C:\Program Files\Dcads Advanced Toolbar
    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\uninstall.exe
    C:\WINDOWS\Fonts\-
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\adssite-remove.exe
    C:\WINDOWS\system32\bfogrcfu.ini
    C:\WINDOWS\system32\CJTBIkkj.ini
    C:\WINDOWS\system32\CJTBIkkj.ini2
    C:\WINDOWS\system32\dcads-remove.exe
    C:\WINDOWS\system32\dcads_sidebar.dll
    C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
    C:\WINDOWS\system32\dqjxvaec.ini
    C:\WINDOWS\system32\FiOWxyxx.ini
    C:\WINDOWS\system32\FiOWxyxx.ini2
    C:\WINDOWS\system32\friojqbm.ini
    C:\WINDOWS\system32\gaxfnvud.ini
    C:\WINDOWS\system32\gMTBJRqr.ini
    C:\WINDOWS\system32\gMTBJRqr.ini2
    C:\WINDOWS\system32\gzmrot-uninst.exe
    C:\WINDOWS\system32\IijkQqru.ini
    C:\WINDOWS\system32\IijkQqru.ini2
    C:\WINDOWS\system32\IOqtsBeg.ini
    C:\WINDOWS\system32\IOqtsBeg.ini2
    C:\WINDOWS\system32\iwnhotgr.ini
    C:\WINDOWS\system32\kjtljc.dat
    C:\WINDOWS\system32\kjtljc_nav.dat
    C:\WINDOWS\system32\kjtljc_navps.dat
    C:\WINDOWS\system32\Kkknqtwa.ini
    C:\WINDOWS\system32\Kkknqtwa.ini2
    C:\WINDOWS\system32\mhdxeaix.ini
    C:\WINDOWS\system32\olowqoku.ini
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pnjjahdl.ini
    C:\WINDOWS\system32\qubegeav.ini
    C:\WINDOWS\system32\tacpilmuzb.dat
    C:\WINDOWS\system32\tacpilmuzb.exe
    C:\WINDOWS\system32\tacpilmuzb_nav.dat
    C:\WINDOWS\system32\tacpilmuzb_navps.dat
    C:\WINDOWS\system32\ufgneurpf.dat
    C:\WINDOWS\system32\ufgneurpf_nav.dat
    C:\WINDOWS\system32\ufgneurpf_navps.dat
    C:\WINDOWS\system32\vbmncgtf.ini
    C:\WINDOWS\system32\yhmsyrjr.ini
    C:\WINDOWS\tmlpcert2007

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FOPF

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-09 19:27 . 2008-05-09 19:27 <REP> d-------- C:\Program Files\Neuf
    2008-05-09 19:02 . 2008-05-09 19:01 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    2008-05-09 16:42 . 2008-05-09 16:42 <REP> d-------- C:\VundoFix Backups
    2008-05-09 15:54 . 2008-05-09 15:55 <REP> d-------- C:\WINDOWS\ERUNT
    2008-05-08 23:51 . 2008-05-09 09:46 <REP> d-------- C:\fixwareout
    2008-05-08 23:48 . 2008-05-08 23:48 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-08 19:12 . 2008-05-08 19:27 <REP> d-------- C:\Program Files\Everest Poker
    2008-05-06 20:24 . 2008-05-06 20:22 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-05-06 20:24 . 2008-05-06 20:24 2,562 --a------ C:\WINDOWS\unins000.dat
    2008-05-06 19:15 . 2008-05-06 19:15 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-05-06 11:46 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-05-06 11:46 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-05-06 11:46 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-05-06 11:46 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-05-06 11:46 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-05-06 11:46 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-05-06 11:46 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-05-06 11:46 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-05-06 11:46 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-05-06 11:36 . 2008-05-06 11:49 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-05-06 11:29 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2008-05-06 10:57 . 2008-05-06 10:57 102,400 --a------ C:\WINDOWS\system32\evwvsvcj.0xe
    2008-05-03 20:11 . 2008-05-03 20:11 294 ---hs---- C:\WINDOWS\system32\pggjwvpu.ini
    2008-05-03 18:47 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-05-03 18:46 . 2008-05-03 18:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-05-03 18:12 . 2008-05-03 18:12 84 --a------ C:\WINDOWS\system32\ikhcore.cfg
    2008-05-03 17:56 . 2008-05-03 18:51 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-03 17:55 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-05-03 17:54 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-05-03 17:54 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-05-03 17:54 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-05-01 23:29 . 2008-05-09 22:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fcjslsxi
    2008-05-01 16:38 . 2008-05-01 16:38 <REP> d-------- C:\Program Files\LucasArts
    2008-04-29 11:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-27 17:53 . 2008-04-27 17:53 <REP> d-------- C:\Program Files\RADIO_USA
    2008-04-27 10:08 . 2008-04-29 08:44 <REP> d-------- C:\Program Files\Conduit
    2008-04-15 10:19 . 2008-05-02 11:04 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-09 17:56 --------- d-----w C:\Program Files\Pack Securite
    2008-05-09 17:47 --------- d-----w C:\Program Files\Lavasoft
    2008-05-09 16:50 --------- d-----w C:\Program Files\FBrowsingAdvisor
    2008-05-09 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-09 16:08 --------- d-----w C:\Program Files\eMule
    2008-05-09 15:13 --------- d-----w C:\Program Files\BrowsingTool
    2008-05-09 15:04 --------- d-----w C:\Program Files\Macrogaming
    2008-05-08 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-08 08:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-06 15:04 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
    2008-05-06 15:04 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
    2008-05-06 15:04 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
    2008-05-06 15:04 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
    2008-05-06 15:04 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
    2008-05-06 15:04 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
    2008-05-06 15:04 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
    2008-05-06 15:04 217,088 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    2008-05-06 15:04 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
    2008-05-02 21:46 84,729 ----a-w C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-05-02 11:55 102,400 ----a-w C:\WINDOWS\DUMP5f46.tmp
    2008-04-29 09:29 --------- d-----w C:\Program Files\Java
    2008-04-27 08:28 --------- d-----w C:\Program Files\LimeWire
    2008-04-17 12:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-04-05 12:27 --------- d-----w C:\Program Files\Services en ligne
    2008-04-05 12:27 --------- d-----w C:\Program Files\directx
    2008-04-05 06:50 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2008-04-02 07:30 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-04-02 07:23 --------- d-----w C:\Program Files\Logitech
    2008-04-02 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-15 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Media Center Programs
    2008-03-15 06:45 40,730 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-02-16 09:31 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2008-02-16 09:31 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2008-02-16 09:31 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-02-11 17:40 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde
    2006-08-27 14:19 56,239 ----a-w C:\Program Files\svchosts.tbe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-09_17.41.05.79 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-09 15:29:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-09 20:55:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2005-08-22 13:05:02 70,224 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
    + 2005-06-07 09:21:46 70,224 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
    - 2005-08-22 13:04:58 33,840 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
    + 2005-06-07 09:21:26 33,840 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]
    2007-12-30 22:48 1019904 --a------ C:\Program Files\BrowsingTool\BrowsingTool-2.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 06:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 15:34 249856]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 00:22 180269]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2005-05-09 09:05 118833]
    "F-Secure TNB"="C:\Program Files\Pack Securite\TNB\TNBUtil.exe" [2005-06-02 15:05 700416]
    "News Service"="C:\Program Files\Pack Securite\FSGUI\ispnews.exe" [2005-05-31 14:45 356352]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
    C:\WINDOWS\system32\sprt_ads.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "K:\\JEUX\\DAW\\W40kWA.exe"=
    "C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Pack Securite\\backweb\\361343\\Program\\fspex.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-06-07 11:21]
    R2 BackWeb Plug-in - 361343;Pack Securite;C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE [2008-05-09 19:02]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 17:14]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSgk.sys [2008-05-09 20:07]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2004-12-17 11:34]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\AutoRun\command - L:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49d7140f-cb5e-11dc-aba6-0016ec81d102}]
    \Shell\AutoRun\command - L:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{978936fe-fa85-11dc-abdf-0016ec81d102}]
    \Shell\AutoRun\command - L:\EmDesk.exe
    \Shell\EmDesk\command - L:\EmDesk.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-27 20:45:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-27 17:05:17 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-04-27 17:05:17 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-04-27 18:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-05-09 07:09:43 C:\WINDOWS\Tasks\Scheduled scanning task.job"
    - C:\PROGRA~1\PACKSE~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PACKSE~1\ANTI-V~1\report.txt
    "2008-05-09 20:20:13 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

    encore merci
    0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
    C:\WINDOWS\system32\evwvsvcj.0xe
    C:\WINDOWS\system32\pggjwvpu.ini
    C:\Documents and Settings\All Users\Application Data\fcjslsxi
    C:\WINDOWS\system32\myss_sb_uninstall.exe
    EmptyTemp

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de redémarrer le pc pour achever la suppression.

    ensuite refais un nouveau hijack stp

    @

    0
  8. myke35 Messages postés 9 Statut Membre
     
    merci ep44

    voici le rapprt de OTMoveIT

    C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe moved successfully.
    C:\WINDOWS\system32\evwvsvcj.0xe moved successfully.
    C:\WINDOWS\system32\pggjwvpu.ini moved successfully.
    C:\Documents and Settings\All Users\Application Data\fcjslsxi moved successfully.
    C:\WINDOWS\system32\myss_sb_uninstall.exe moved successfully.
    < EmptyTemp >
    File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_584.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\sqlite_4TjBqdiJX4OqG9z scheduled to be deleted on reboot.
    Temp folders emptied.
    IE temp folders emptied.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05112008_074730

    Files moved on Reboot...
    C:\WINDOWS\temp\CLML_AGENT_LOG1.txt moved successfully.
    File C:\WINDOWS\temp\Perflib_Perfdata_584.dat not found!
    File C:\WINDOWS\temp\sqlite_4TjBqdiJX4OqG9z not found!

    =========================================
    et voici le sacan de hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:01, on 2008-05-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\PROGRA~1\PACKSE~1\ANTI-S~1\fsaw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: BrowsingTool - {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} - C:\Program Files\BrowsingTool\BrowsingTool-2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Pack Securite\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Pack Securite.lnk = C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Pack Securite\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - BackWeb Technologies Inc. - C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]



    Puis "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ensuite avec OTMoveIt tu refais la même manip mais cette fois-ci qu'avec
    C:\program files\browsingtool\browsingtool-2.dll

    ensuite

    Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    --------------------------

    ensuite

    * Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    https://www.malekal.com/tutoriel-ccleaner/

    ensuite fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    plus un nouveau hijack stp

    @+
    0
  10. myke35 Messages postés 9 Statut Membre
     
    voici les rapports

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 722

    Type de recherche: Examen complet (C:\|D:\|K:\|)
    Eléments examinés: 113077
    Temps écoulé: 3 hour(s), 16 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 44
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{baebd083-d541-4883-8e15-8915b15cb7de} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c49a1a65-4627-4f28-abe9-e4fb2b558f05} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adslice.slice (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adslice.slice.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50a1aa3b-80e3-15cf-0f1a-83a98ad98fe9} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7f68785e-4894-7bb2-5fde-cc3eee2ebc82} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e698e657-649e-5d40-752d-9a3b78ea832a} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{fe3af205-54df-b146-1f0e-c9262829ed18} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingtool.browserwatcher (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingtool.browserwatcher.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0daee015-a728-c212-9b8f-298391b8328e} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingtool.precachebrowserhost.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{aaf21892-e4d8-e8ed-e36a-3a91e3b2db29} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingtool.pornpro_bho (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingtool.pornpro_bho.1 (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{84d39d08-a551-a4e5-c8d1-3327573d4640} (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{2ed7cd5f-aee2-4b09-82f4-c96eb7c02c87} (Adware.Rightonadz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rotator.gizmo2 (Adware.Rightonadz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rotator.gizmo2.1 (Adware.Rightonadz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eff4851a-2e0c-4d2f-b916-862955b8e721} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f94bab71-2806-45f1-bb49-3c2a128085f7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c474eb48-ccfe-40c5-8325-8e36c08370e7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fc1e1ac3-3303-4bc5-913c-735d8b393fad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d95c697f-d985-4ab1-92b5-40df04bbe322} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingtool (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\BrowsingTool (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BrowsingTool.DLL (AdWare.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\wxdbpfvo.bmva (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Application Data\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080509-152904-820.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000121.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\05112008_074730\WINDOWS\system32\evwvsvcj.0xe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\05112008_074730\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\05112008_135712\program files\browsingtool\BrowsingTool-2.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Thumbs.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool\BrowsingTool.dat (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool\pcre3.dll (AdWare.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingTool\uninstall.exe (AdWare.Agent) -> Quarantined and deleted successfully.

    ======================================================================

    BitDefender Online Scanner

    Scan report generated at: Sun, May 11, 2008 - 19:47:39

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time

    01:09:11

    Files

    379440

    Folders

    7940

    Boot Sectors

    3

    Archives

    15489

    Packed Files

    42102

    Results

    Identified Viruses

    11

    Infected Files

    20

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    28

    Engines Info

    Virus Definitions

    1191202

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    42

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asm.exe

    Detected with: Adware.Altnet.U

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asm.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)

    Update failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asmps.dll

    Detected with: Application.Altnetbde.D

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asmps.dll

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asmps.dll

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)

    Update failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDB5772.exe=>(Quarantine-2)

    Detected with: Application.Altnetbde.N

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDB5772.exe=>(Quarantine-2)

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDB5772.exe=>(Quarantine-2)

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FF17D59.exe=>(Quarantine-2)

    Detected with: Adware.Toolbar.Mywebsearch.O

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FF17D59.exe=>(Quarantine-2)

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FFF254A.dll=>(Quarantine-2)

    Detected with: Application.Instafinder.A

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FFF254A.dll=>(Quarantine-2)

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FFF254A.dll=>(Quarantine-2)

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F6344E.dll=>(Quarantine-2)

    Detected with: Adware.Winad.CN

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F6344E.dll=>(Quarantine-2)

    Deleted

    C:\Program Files\Everest Poker\Everest Poker.exe

    Detected with: Adware.Casino.EB

    C:\Program Files\Everest Poker\Everest Poker.exe

    Deleted

    C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

    Detected with: Adware.Fotomoto.Gen

    C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

    Disinfection failed

    C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

    Deleted

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080509-152904-496.dll

    Detected with: Adware.Fotomoto.Gen

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080509-152904-496.dll

    Disinfection failed

    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080509-152904-496.dll

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006

    Detected with: Adware.Navipromo.GO

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Infected with: Trojan.Generic.220150

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.Navipromo.GO

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)

    Update failed

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001307.exe=>(Quarantine-2)

    Detected with: Application.Altnetbde.N

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001307.exe=>(Quarantine-2)

    Disinfection failed

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001307.exe=>(Quarantine-2)

    Deleted

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001308.exe=>(Quarantine-2)

    Detected with: Adware.Toolbar.Mywebsearch.O

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001308.exe=>(Quarantine-2)

    Deleted

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001309.dll=>(Quarantine-2)

    Detected with: Application.Instafinder.A

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001309.dll=>(Quarantine-2)

    Disinfection failed

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001309.dll=>(Quarantine-2)

    Deleted

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001310.dll=>(Quarantine-2)

    Detected with: Adware.Winad.CN

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001310.dll=>(Quarantine-2)

    Deleted

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001311.exe

    Detected with: Adware.Casino.EB

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001311.exe

    Deleted

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001312.dll

    Detected with: Adware.Fotomoto.Gen

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001312.dll

    Disinfection failed

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001312.dll

    Deleted

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001313.dll

    Detected with: Adware.Fotomoto.Gen

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001313.dll

    Disinfection failed

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001313.dll

    Deleted

    C:\WINDOWS\system32\xgabtjo.exe

    Infected with: Trojan.Skintrim.TC

    C:\WINDOWS\system32\xgabtjo.exe

    Deleted

    voici le lien: file:///C:/Documents%20and%20Settings/HP_Propri%C3%A9taire/Bureau/scan.html

    ========================================================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:58, on 2008-05-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\PROGRA~1\PACKSE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Pack Securite\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Pack Securite.lnk = C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Pack Securite\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - BackWeb Technologies Inc. - C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
    0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir il nous reste une ligne à voir

    Télécharge sur le bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    => Double clic sur SmitfraudFix.zip
    => Extraire tout
    => Double clic sur SmitfraudFix
    => Double Clic sur SmitfraudFix.cmd
    => Choisir Option 1
    => poste le rapport
    @+
    0
  12. myke35
     
    bonsoir,

    SmitFraudFix v2.320

    Rapport fait à 23:21:04.68, 2008-05-11
    Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\PROGRA~1\PACKSE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\Tasks\At?.job PRESENT !
    C:\WINDOWS\Tasks\At??.job PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
    "SubscribedURL"=""
    "FriendlyName"="Privacy Protection"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 15.243.128.51
    DNS Server Search Order: 15.243.160.51

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    * Redémarre l'ordinateur en mode sans échec
    (tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/

    * Double clique sur smitfraudfix.cmd

    * Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    * Redémarre en mode normal et poste le rapport ici

    N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
    Attention que l'option 2 de l'outil supprime le fond d'écran !

    reposte un nouveau rapport hijackthis à l'issu stp
    0
  14. myke35 Messages postés 9 Statut Membre
     
    bonjour ep44

    voici le rapport de smitfraudix mais je n'ai pas eut la question pour corriger les fichiers infectés, dois je recommencer?

    SmitFraudFix v2.320

    Rapport fait à 11:00:25.07, 2008-05-12
    Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\Tasks\At?.job supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{43651A13-702E-4D59-A954-165DBD5FAC4D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    =============================================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40, on 2008-05-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\PACKSE~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Pack Securite\FSGUI\ispnews.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Pack Securite.lnk = C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Pack Securite\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - BackWeb Technologies Inc. - C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    relance hijack et coche ceci
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    ensuite clique sur fix checked

    ensuite rédémarre ton pc et dit moi si tu as encore des soucis
    @+
    0
  16. myke35 Messages postés 9 Statut Membre
     
    merci pour tout mon pc fonctionne tres bien maintenant je te remercie vraiment pour ton aide tres precieuse.

    sur tous les logiciels que j'ai telechargé lesquels je doit garder et lesquels je peux supprimer?

    j'ai spybot et AVG anti spyware lequel est le mieux des deux, dois je en garder qu'un ou les deux?

    merci beaucoup pour tout ce temps passé à me repondre et à m'aider ( en plein long week end...)

    merci, sincerement myke
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Encore deux manips si tu veux bien

    fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ensuite pous spybot et abg tu peux garder les deux sans soucis ;-)

    après le rapport de bitdefender une dernière manip pour évite de te réinfecter
    @+
    0
  18. myke35 Messages postés 9 Statut Membre
     
    voici le rapport de bitdefender

    BitDefender Online Scanner

    Scan report generated at: Mon, May 12, 2008 - 18:41:55

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;

    Statistics

    Time

    01:20:28

    Files

    411362

    Folders

    8907

    Boot Sectors

    3

    Archives

    15537

    Packed Files

    42303

    Results

    Identified Viruses

    5

    Infected Files

    6

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    6

    Engines Info

    Virus Definitions

    1191344

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    42

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asm.exe

    Detected with: Adware.Altnet.U

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asm.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)

    Update failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asmps.dll

    Detected with: Application.Altnetbde.D

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asmps.dll

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)=>asmps.dll

    Deleted

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A440198.cab=>(Quarantine-2)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006

    Detected with: Adware.Navipromo.GO

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Infected with: Trojan.Generic.220150

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.Navipromo.GO

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)

    Update failed

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001314.exe

    Infected with: Trojan.Skintrim.TC

    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0001314.exe

    Deleted
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    très bien pour finir

    Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

    Double clique sur ToolsCleaner2.exe >
    puis Recherche
    et sur Suppression
    Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

    CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
    Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

    Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite

    Dénonce ton infection pour faire condamner les auteurs

    Vous avez été victime d'une infection, et vous avez été aidé par un site comme CommentCaMarche.net ou autre pour vous faire désinfecter, alors ce paragraphe s'adresse à vous !

    Nous vous invitons à créer un message pour faire avancer les choses sur le site Malware-Complaints, plus vous serez nombreux à dénoncer votre infection, et plus nous aurons de chance de voir les choses bouger !

    * Voir les règles du forum
    * Après s'être enregistré à l'aide du bouton en haut se nommant Register, choisissez votre situation :
    **Si vous avez plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
    **Si vous avez moins, clique sur : "I Agree to these terms and am under 13 years of age"
    *Vous avez alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..), il vous suffit d'ajouter votre voix !
    *Si le malware dont vous avez été victime n'apparait pas dans la liste, ou si vous ne savez pas par quoi vous avez été infecté(e), créez un message dans le sujet Autres infections conforme aux règles du forum (âge, ville, département etc..)
    *Indiquez aussi le nom du Forum qui vous a aidé à vous désinfecter

    Voilà, bye et bonne chance pour la suite
    0
  20. myke35 Messages postés 9 Statut Membre
     
    merci beaucoup pour ton aide precieuse

    merci infiniment, myke
    0
  21. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ;-) bye
    0
  • 1
  • 2