Infections multiples Résolu

Question

Bonjour,

voici mon problème: il y a quelque temps mon pc ramait, je ne pouvait plus aller sur internet avec firefox, alors j'ai pris les choses en main pour essayer. Apparement j'ai réussi une petite partie car je peut venir à vous avec firefox mais depuis tout de suite;
Voila j'ai des alertes de avg, de avast et bitdefender pour des malware , trojans, chevaux de troie mais le plus grave c'est que avg m'as trouvé en mode sans echec des hacker ou hijacker un truc comme ca.
 Le test que j'ai fait en mode sans echec a duré environ 3h et j'en avait des lignes de logiciel malveillant , trojan cheval de troie, malware ... enfin la totale!!!!
Je viens donc à vous pour savoir si quelqu'un pourrai m'aider à vérifier mon pc et en me guidant à travers les différents processus à effectuer pour nettoyer tout ca car je ne pense pas avoir tout nettoyé comme il faut. Je pense avoir fait la base du travail qui me permet de vous écrire sans trop de mal car hier il m'était tout simplement impossible de surfer; l'ordi freezai tout le temps ...

 En vous remerciant d'avance pour votre aide qui me sera précieuse pour moi ainsi que pour mon pc..qui vous remercie d'avance aussi!!!!

papyber · Accepted Answer

la première des choses à faire serait peut être de demander un rapport hijack this
et éventuellement puisque scan avec AVG le rapport obtenu? non? cela aiderait peut être à déterminer l'infection!!!supprimer tout ses anti ne sert à rien dans l'immédiat!! le principal c'est le diagnostic et le nettoyage!! la protection vient ensuite!!!
alors tu postes un rapport Hijack this et ensuite tu fais ceci
télécharge GenProc de Lazzzy et Narco4 sur ton Bureau
 http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 

dé zippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

Utilisateur anonyme · Answer

Salut quels sont tous tes logiciel de sécurité ?

toxic-sweet · Answer

Installe skypot search and destroy, fait le scan et détrui ce kil trouve, seule solution durgence rapide. Tien moi au jus après ca .

copilotepanizzi71 · Answer

d'accord c'est parti

copilotepanizzi71 · Answer

voila j'ai tout téléchargé installé mis a jour mais pas d'analyse

copilotepanizzi71 · Answer

bonjour papyber
 j'ai déja tout désinstallé mais ou trouver hijackthis?
merci

papyber · Answer

poste ton rapport hijack this
https://forum.pcastuces.com/tutoriel_hijackthis_v_2002___tutoriel-f31s8.htm 
et Gen Proc

copilotepanizzi71 · Answer

voici mon rapport 
impossible de désinstaller avast
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:59, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips	bBes1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: cpmsky browser optimizer - {4c4a6d3f-b686-1d4b-6a4b-b0243ed4d768} - C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips	bBes1.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32
sh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips	bBes1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

copilotepanizzi71 · Answer

ça y est j'ai réussi a désinstaller avast en mode sans échec    
merci beaucoup
maintenant en logiciel de protection j'ai:
antivir
Malwarebyte's Antimalware

c'est tout!

copilotepanizzi71 · Answer

autre chose, quand j'ai redémarré mon pc a l'instant ça m'a inscrit:
C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e.dll
    Module spécifié introuvable

copilotepanizzi71 · Answer

Je vais peut-etre paraitre idiot mais je sais pas comment on fait
il me semble que j'avais essayé mais que je ne pouvais pas y accéder
 attend je vais voir si j'y arrive et je te tiens au courant

papyber · Answer

Télécharge MSNFix.zip (de !aur3n7 et Regis59) sur le Bureau :
http://sosvirus.changelog.fr/MSNFix.zip

un tutoriel pour l'utiliser
http://sosvirus.changelog.fr/

Conseil : il faut toujours télécharger avant utilisation pour profiter des dernières mises à jour.

Remarque 1: Il est possible que l'antivirus détecte un virus au téléchargement, il s'agit de Process.exe. 
Process.exe est un programme légitime mais potentiellement dangereux, et il est normal qu'un antivirus/antispyware digne de ce nom le détecte.
Remarque 2: MSNFix peut parfois rencontrer des problèmes avec les sessions comportant des caractères spéciaux. Si un message d'erreur s'affiche il conviendra donc de déplacer le dossier complet à la racine du disque dur (généralement c:\) 

Décompresse-le (clic droit : Extraire ici).

Ouvre MSNFix et double clique sur le fichier MSNFix.bat (MSNFix)
Choisis l'option R 
valide avec Entrée

L'analyse démarre, pendant ce temps, ne lancer aucune application afin de ne pas perturber son fonctionnement.
Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
Le rapport est enregistré par défaut dans le dossier MSNFix et se présente sous la forme date_heure.txt.
Recommande à tes contacts d'appliquer la même procédure MSNFix, pour freiner la propagation et indique si l'éradication est réussie. S'ils ont le moindre souci, ils viennent sur le forum et postent leur rapport pour lecture et conseils...

lance hijack this pour un scan et coche ces lignes si encore présentes
O2 - BHO: cpmsky browser optimizer - {4c4a6d3f-b686-1d4b-6a4b-b0243ed4d768} - C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll (file missing)  
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll   
 R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips	bBes1.dll    
 O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll   
 O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)    
 O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips	bBes1.dll  
 O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll    
 O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll   
 O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips	bBes1.dll    
 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe   
 O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A    
 O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe    
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime    
 O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe    
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
  O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
 O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
 O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx    
ferme toutes tes applications y compris internet et clique sur fix checked

1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur 
lance malwarebyte et scanne tout ton Pc
lance antivir et fais de même
redémarre normalement
poste les rapports obtenus

copilotepanizzi71 · Answer

Alors voilà encore un problème, je suis désolé mais je pense qu'on va avoir du boulot!!!

J'ai été dans panneau de configuration, ensuite centre de sécurité, enfin pare-feu windows.

 Et voilà ce que ça me dit:" Les paramètres du pare-feu Windows ne peuvent pas être affichés car le service associé n'est pas en cours d'exécution.
 Voulez-vous démarrer le service Pare-feu Windows / Partage de connexions?"

 Je clique sur "oui" et ça me dit: "Windows ne peut pas démarrer le service Pare-feu Windows / Partage de connexions"

 Voilà!!!

papyber · Answer

moi ce que j'en dis!!!
il faut déjà commencer par désinfecter ce PC!!! la protection viendra ensuite!!

copilotepanizzi71 · Answer

ok je me déconnecte et je fais tout ca
 sinon pour toi papyber j'ai fait msnfix et j'ai déjà erradiqué ce problème
merci

papyber · Answer

tu me posteras le rapport obtenu par MSNFix, c'est utile de le connaître...

papyber · Answer

SVP merci d'envoyer le fichier [b] C:\DOCUME~1\david\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
fais ceci stp afin d'aider à la lutte contre ces saletés!!

où en es tu? as tu fait ce que je te demandais?
si tu as des soucis avec antivir, supprime le et réinstalle le 
un tuto pour l'utiliser
http://www.libellules.ch/tuto_antivir.php

copilotepanizzi71 · Answer

oui j'ai supprimé tout ce qui était coché

copilotepanizzi71 · Answer

ca y est j'ai supprimé toute la quarantaine!!
un grand merci a vous tous

papyber · Answer

c'est plutôt pas mal
recherche et supprime par ajout suppression de programmes
RegistrySmart
on va vérifier que toutes ces infections sont complètement éradiquées
Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Clique sur Navilog1.zip pour télécharger Navilog1
Choisis Enregistrer

et enregistre-le sur ton Bureau.

Ensuite double clique sur Navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le Bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(Ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

copilotepanizzi71 · Answer

j'ai effectué toutes les démarches citées ci-dessus en sans échec et mon pc ne rame plus
 maintenant il faut que refasse un check up rapide pour voir si tout est érradiqué 
merci merci merci

copilotepanizzi71 · Answer

je dois m'absenter quelques heures ma femme a accouché
je laisse faire navilog et quand je rentre env 20h je me remet sur ce dossier
encore un grand merci pour votre aide et a tout a l'heure

copilotepanizzi71 · Answer

Search Navipromo version 3.5.7 commencé le 12/05/2008 à 13:59:34,35

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "david" 

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\david\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\david\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\david\menud+~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\david\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

bbjxgezhou.dat trouvé !

* Dans "C:\Documents and Settings\david\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 12/05/2008 à 14:01:36,39 ***

copilotepanizzi71 · Answer

Clean Navipromo version 3.5.7 commencé le 12/05/2008 à 23:48:39,46

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "david" 

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage executé en mode sans échec

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\david\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\david\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\david\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\david\menud+~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\david\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *

bbjxgezhou.dat trouvé !
Copie bbjxgezhou.dat réalisée avec succès !
bbjxgezhou.dat supprimé !


* Dans "C:\Documents and Settings\david\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 12/05/2008 à 23:50:08,56 ***

copilotepanizzi71 · Answer

voici un nouveau hijackthis après le nettoyage navilog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:11, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32
sh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

copilotepanizzi71 · Answer

voila il est un peu tard mais j'ai fais ce que vous m'avez dit
en attente...

copilotepanizzi71 · Answer

et un hijackthis après bfu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:36, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32
sh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

copilotepanizzi71 · Answer

voila j'attend votre rapport après ces executions
merci!!

papyber · Answer

As tu scanné ton PC  avec Antivir? quel est le résultat? poste son rapport!

Télécharge BTFix de bibi26
http://cluster1.easy-hebergement.net/
Dé zippe l'archive sur ton Bureau (clic droit/extraire…)
Ouvre le dossier BTFix 
Double clique sur BTFix.exe
Clique sur Rechercher
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
Ouvre BTFix.
Clique sur Nettoyer
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

suis ce tuto et poste le rapport obtenu en mode sans échec
https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

copilotepanizzi71 · Answer

re bonjour a tous
 merci pour vos félicitations c'est un beau garcon!!!  je suis très heureux,
 Voila j'ai déja effectué une analyse antivir mais en mode sans echec il n'y a que comme ca que ca fonctionne apparement!
sinon ok je vais essayer btfix de suite et je poste mon rapport

copilotepanizzi71 · Answer

voici le rapport btfix
BTFix 1.098 (par bibi26) - 13/05/2008 20:08:51 - Analyse
Lancé depuis C:\Documents and Settings\david\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

 - C:\WINDOWS\system32\cpmsky-uninst.exe
 - C:\WINDOWS\system32\WhoisCL.exe

---> Analyse terminée le 13/05/2008 20:08:52

copilotepanizzi71 · Answer

et après nettoyage
BTFix 1.098 (par bibi26) - 13/05/2008 20:10:27 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\david\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

 - Fichiers temporaires effacés
 - C:\WINDOWS\system32\cpmsky-uninst.exe
 - C:\WINDOWS\system32\WhoisCL.exe

---> Nettoyage terminé le 13/05/2008 20:10:30

copilotepanizzi71 · Answer

Avira AntiVir Personal Report file date: lundi 12 mai 2008 12:24 Scanning for 1260844 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: david Computer name: PROPRI-T953BYFZ Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:09:58 ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:09:58 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:10:10 AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:10:08 AERDL.DLL : 8.1.0.20 418165 Bytes 12/05/2008 10:10:08 AEPACK.DLL : 8.1.1.4 364918 Bytes 12/05/2008 10:10:08 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 12/05/2008 10:10:06 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:10:06 AEHELP.DLL : 8.1.0.14 115063 Bytes 12/05/2008 10:10:02 AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:10:02 AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:10:00 AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:10:00 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 12 mai 2008 12:24 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avnotify.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 15 processes with 15 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '39' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\david\Local Settings\Temp em2AF.tmp.exe [DETECTION] Contains detection pattern of the dropper DR/Agent.ahl.2 [NOTE] The file was deleted! C:\Documents and Settings\david\Local Settings\Temp\mit2B6.tmp.cab [0] Archive type: CAB (Microsoft) --> MirarSetup_V54_876933_IESC_AFF_ATD_noMDNS_RPT_RPSVC.exe [DETECTION] Is the Trojan horse TR/Mirar.A [NOTE] The file was deleted! C:\Documents and Settings\david\Local Settings\Temp\mit2B6.tmp [0] Archive type: CAB (Microsoft) --> MirarSetup_V54_876933_IESC_AFF_ATD_noMDNS_RPT_RPSVC.exe [DETECTION] Is the Trojan horse TR/Mirar.A [NOTE] The file was deleted! C:\Documents and Settings\david\Local Settings\Temp\upd2C6.tmp.exe [DETECTION] Contains detection pattern of the dropper DR/Agent.ahl.2 [NOTE] The file was deleted! C:\Program Files\Softwin\BitDefender Professional Edition\Infected\RFactor-RELOADED-www-torrentfive-com-Crack.exe [0] Archive type: RSRC --> Object [DETECTION] Contains detection pattern of the dropper DR/TTC.E --> Object [DETECTION] Contains detection pattern of the dropper DR/Agent.buu [NOTE] The file was deleted! C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0074998.exe [DETECTION] Contains detection pattern of the worm WORM/Fontra.C [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0074999.exe [DETECTION] Is the Trojan horse TR/Dldr.VB.dck [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076261.exe [DETECTION] Is the Trojan horse TR/Mirar.A [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076262.exe [DETECTION] Is the Trojan horse TR/Mirar.A [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076284.exe [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.28 [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP193\A0080641.dll [DETECTION] Contains suspicious code HEUR/Crypted [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '485827de.qua'! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP193\A0080643.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP198\A0081951.dll [DETECTION] Is the Trojan horse TR/BHO.bqz [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP198\A0081960.exe [0] Archive type: RSRC --> Object [DETECTION] Contains detection pattern of the dropper DR/TTC.E --> Object [DETECTION] Contains detection pattern of the dropper DR/Agent.buu [NOTE] The file was deleted! C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP198\A0081961.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [NOTE] The file was deleted! C:\FOUND.042\FILE0018.CHK [DETECTION] Contains suspicious code HEUR/Crypted [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48742827.qua'! End of the scan: lundi 12 mai 2008 13:22 Used time: 57:36 min The scan has been done completely. 6803 Scanning directories 305601 Files were scanned 17 viruses and/or unwanted programs were found 2 Files were classified as suspicious: 15 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 305584 Files not concerned 7104 Archives were scanned 1 Warnings 17 Notes Avira AntiVir Personal Report file date: lundi 12 mai 2008 12:22 Scanning for 1260844 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: david Computer name: PROPRI-T953BYFZ Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:09:58 ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:09:58 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:10:10 AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:10:08 AERDL.DLL : 8.1.0.20 418165 Bytes 12/05/2008 10:10:08 AEPACK.DLL : 8.1.1.4 364918 Bytes 12/05/2008 10:10:08 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 12/05/2008 10:10:06 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:10:06 AEHELP.DLL : 8.1.0.14 115063 Bytes 12/05/2008 10:10:02 AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:10:02 AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:10:00 AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:10:00 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 12 mai 2008 12:22 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '39' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32 sf235.dll [DETECTION] Is the Trojan horse TR/BHO.bqz [NOTE] The file was moved to '488e1b0c.qua'! End of the scan: lundi 12 mai 2008 12:23 Used time: 01:03 min The scan has been canceled! 3 Scanning directories 1881 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 1880 Files not concerned 2 Archives were scanned 1 Warnings 1 Notes Avira AntiVir Personal Report file date: lundi 12 mai 2008 13:31 Scanning for 1260844 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: david Computer name: PROPRI-T953BYFZ Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:09:58 ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:09:58 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:10:10 AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:10:08 AERDL.DLL : 8.1.0.20 418165 Bytes 12/05/2008 10:10:08 AEPACK.DLL : 8.1.1.4 364918 Bytes 12/05/2008 10:10:08 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 12/05/2008 10:10:06 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:10:06 AEHELP.DLL : 8.1.0.14 115063 Bytes 12/05/2008 10:10:02 AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:10:02 AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:10:00 AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:10:00 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12 Configuration settings for the scan: Jobname..........................: ShlExt Configuration file...............: C:\DOCUME~1\david\LOCALS~1\Temp\971dd18b.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: off Scan registry....................: off Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 12 mai 2008 13:31 Starting the file scan: Begin scan in 'C:\Documents and Settings\david\Bureau\GenProc.zip' End of the scan: lundi 12 mai 2008 13:31 Used time: 00:03 min The scan has been done completely. 0 Scanning directories 61 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 61 Files not concerned 1 Archives were scanned 0 Warnings 0 Notes

papyber · Answer

poste un nouveau rapport hijack this

copilotepanizzi71 · Answer

ok c'est parti

copilotepanizzi71 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:18, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32
sh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

papyber · Answer

supprime ceci car infecté
C:\Program Files\Softwin\BitDefender Professional Edition\Infected\RFactor-RELOADED-www-torrentfive-com-Crack.exe 
 
Télécharge ComboFix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tutoriel officiel de ComboFix, afin de l’utiliser correctement
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.
Voir ici comment désactiver tes protections
 https://forum.pcastuces.com/default.asp
Double clique sur ComboFix.exe (ComboFix)
Tape 1 puis tape sur Entrée 
A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. 
Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre... 
Lorsque l'analyse sera terminée, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

copilotepanizzi71 · Answer

ComboFix 08-05-12.1 - david 2008-05-13 22:13:35.1 - [color=red][b]FAT32[/b][/color]x86 Endroit: C:\Documents and Settings\david\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\david\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers pf.sys C:\WINDOWS\system32 sh33A.dll C:\WINDOWS\system32 sy248.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_NWSAPAGENT -------\Service_6to4 -------\Service_NPF -------\Service_NwSapAgent ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))))))) . 2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-05-13 19:22 . 2008-05-13 19:22 d--hs---- C:\FOUND.000 2008-05-13 00:05 . 2008-05-13 00:05 d-------- C:\WINDOWS\system32\bfubackups 2008-05-12 13:58 . 2008-05-12 13:58 d-------- C:\Program Files\Navilog1 2008-05-12 12:08 . 2008-05-12 12:08 d-------- C:\Program Files\Avira 2008-05-12 10:02 . 2008-05-12 10:02 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-12 10:02 . 2008-05-12 10:02 d-------- C:\Documents and Settings\david\Application Data\Malwarebytes 2008-05-12 10:02 . 2008-05-12 10:02 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-12 10:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-12 10:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-12 10:01 . 2008-05-12 10:01 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-11 23:22 . 2008-05-11 23:22 d-------- C:\Program Files\AVG 2008-05-11 23:22 . 2008-05-11 23:22 d-------- C:\Documents and Settings\david\Application Data\AVGTOOLBAR 2008-05-11 20:21 . 2008-05-11 20:41 1,698 --a------ C:\logfile 2008-05-11 12:07 . 2008-05-11 12:07 d-------- C:\ConvertTemp 2008-05-11 09:43 . 2008-05-11 09:43 d-------- C:\Program Files\Panda Security 2008-05-09 22:12 . 2008-05-09 22:12 d-------- C:\Program Files\Lavasoft 2008-05-09 22:12 . 2008-05-09 22:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 21:32 . 2008-05-08 21:32 d-------- C:\WINDOWS\McAfee.com 2008-05-08 21:09 . 2008-05-08 21:09 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-08 20:44 . 2008-05-08 20:44 759 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-05-08 19:35 . 2008-05-08 19:35 d-------- C:\!KillBox 2008-05-06 21:35 . 2008-05-06 21:35 d-------- C:\Documents and Settings\david\Application Data\fltk.org 2008-05-06 09:04 . 2008-05-06 09:04 244 --ah----- C:\sqmnoopt03.sqm 2008-05-06 09:04 . 2008-05-06 09:04 232 --ah----- C:\sqmdata03.sqm 2008-05-03 20:14 . 2008-05-03 20:14 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-27 15:31 . 2008-04-27 15:31 d-------- C:\PC_Play&Learn 2008-04-27 15:25 . 2008-04-27 15:40 111,103 --a------ C:\WINDOWS\Run32A60.mch 2008-04-27 15:24 . 2008-04-27 15:24 d-------- C:\WINDOWS\A6W_DATA 2008-04-27 15:24 . 2008-04-27 15:26 35 --a------ C:\WINDOWS\A6W.INI 2008-04-21 13:10 . 2008-04-21 13:10 244 --ah----- C:\sqmnoopt02.sqm 2008-04-21 13:10 . 2008-04-21 13:10 232 --ah----- C:\sqmdata02.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 07:50 102,664 ----a-w C:\WINDOWS\system32\drivers mcomm.sys 2008-04-04 12:51 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll 2008-03-23 11:05 --------- d-----w C:\Program Files\eRightSoft 2008-03-21 18:44 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-21 18:44 --------- d-----w C:\Program Files\Windows Live 2008-03-21 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-21 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin 2008-03-21 07:38 --------- d-----w C:\Program Files\Pinnacle 2008-03-21 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin 2008-03-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-03-21 07:34 --------- d-----w C:\Program Files\AIST 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-16 19:55 --------- d-----w C:\Program Files\ATP 2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-22 17:10 744 ----a-w C:\Documents and Settings\david\Application Data\filterclsid.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 20:12 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 14:26 299008] "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "BDSwitchAgent"="C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe" [ ] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-16 15:51 7569408] "nwiz"="nwiz.exe" [2006-04-16 15:51 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-16 15:51 86016] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}"="C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.dvsd"= dvc.dll "VIDC.IV41"= ir41_32.dll "msacm.avis"= ff_acm.acm "vidc.yv12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\WINDOWS\System32\lexpps.exe"= "C:\Program Files\SecondLife\SecondLife.exe"= "C:\WINDOWS\System32\dpnsvr.exe"= "C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-08-06 14:47] R3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46] S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-03-17 13:41] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 Microtech DNS client;Microtech DNS client;C:\Program Files\MDNS Client\MDNSclient.exe [2002-05-21 20:09] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 20:14] S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 08:08] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] S3 Vsp;Vsp;C:\WINDOWS\System32\drivers\Vsp.sys [2003-05-27 16:45] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-13 19:58:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

papyber · Answer

Rappel : une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. 
Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre... 
Sélectionne le texte suivant (Ctrl+A):
Folder::
C:\Program Files\Macrogaming
File::
C:\WINDOWS\Run32A60.mch
C:\WINDOWS\system32\{77e34c9a-26d­5-913c-52b2-98deb79def6e}.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SweetIM"="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}"=-

Copie le texte sélectionné (CTRL+C).
Ouvre le Bloc-notes (Démarrer/Tous les programmes/Accessoires/Bloc-notes).
Colle le texte copié dans ce Bloc-notes (CTRL+V).
Sauvegarde ce fichier sur ton Bureau sous le nom de CFScript.txt (CFScript)
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Comme l'image le montre, fait glisser CFScript.txt sur ComboFix.exe(ComboFix)
Une fenêtre à fond bleu va s'ouvrir: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Laisse ComboFix travailler
Patiente le temps de l'analyse. Le Bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le nettoyage n'est pas terminé.
Un rapport va s'afficher: poste son contenu. 
Si le fichier ne s'ouvre pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
poste le rapport obtenu et un rapport hijack this
et dis moi comment se comporte le PC?

copilotepanizzi71 · Answer

ComboFix 08-05-12.1 - david 2008-05-15 19:51:26.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.476 [GMT 2:00] Endroit: C:\Documents and Settings\david\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\david\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\Run32A60.mch C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Macrogaming C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml C:\Program Files\Macrogaming\SweetIM\conf\logger.xml C:\Program Files\Macrogaming\SweetIM\conf\messages.xml C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\emoticons_shortcut.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_Audibles.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_Emoticons.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_SoundFX.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_SpecialFX.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_Winks.xml C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\user_config.xml C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C5.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CA.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D3.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D5.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FD.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010100.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010105.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010106.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010816.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010819.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081B.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010842.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010861.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010868.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086E.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088E.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010890.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010891.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010892.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010894.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A0.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A8.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AB.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AD.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AE.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B7.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C0.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C2.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C4.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C5.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C6.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C8.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108CC.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D1.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108E8.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020062.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020076.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020080.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A3.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020111.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020119.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020132.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020144.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020146.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020147.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020157.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020160.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020166.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A0.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A9.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AC.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AE.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B0.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201C7.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201CD.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D6.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201DC.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201E4.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201E5.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201EF.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201F8.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002020D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002E.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003003B.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030045.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004B.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030065.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030066.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003006C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040066.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040067.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040069.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006B.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006E.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040083.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B7.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400C3.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400D9.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007D.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060137.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008000B.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008000C.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\00080016.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\01030046.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\01030047.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050007.dat C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat C:\Program Files\Macrogaming\SweetIM\default.xml C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll C:\Program Files\Macrogaming\SweetIM\mgArchive.dll C:\Program Files\Macrogaming\SweetIM\mgcommon.dll C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll C:\Program Files\Macrogaming\SweetIM\mgconfig.dll C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll C:\Program Files\Macrogaming\SweetIM\mghooking.dll C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll C:\Program Files\Macrogaming\SweetIM\mglogger.dll C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll C:\Program Files\Macrogaming\SweetIM\msvcp71.dll C:\Program Files\Macrogaming\SweetIM\msvcr71.dll C:\Program Files\Macrogaming\SweetIM esources\images\AudibleButton.png C:\Program Files\Macrogaming\SweetIM esources\images\DisplayPicturesButton.png C:\Program Files\Macrogaming\SweetIM esources\images\EmoticonButton.png C:\Program Files\Macrogaming\SweetIM esources\images\NudgeButton.png C:\Program Files\Macrogaming\SweetIM esources\images\SoundFxButton.png C:\Program Files\Macrogaming\SweetIM esources\images\WinksButton.png C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp C:\Program Files\Macrogaming\SweetIMBarForIE oolbar.crc C:\Program Files\Macrogaming\SweetIMBarForIE oolbar.xml C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt C:\WINDOWS\Run32A60.mch . ---- Previous Run ------- . C:\WINDOWS\system32\drivers pf.sys C:\WINDOWS\system32 sh33A.dll C:\WINDOWS\system32 sy248.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_NWSAPAGENT -------\Service_6to4 -------\Service_NPF -------\Service_NwSapAgent ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))))))) . 2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-05-15 11:57 . 2008-05-15 11:57 d--hs---- C:\FOUND.001 2008-05-13 19:22 . 2008-05-13 19:22 d--hs---- C:\FOUND.000 2008-05-13 00:05 . 2008-05-13 00:05 d-------- C:\WINDOWS\system32\bfubackups 2008-05-12 13:58 . 2008-05-12 13:58 d-------- C:\Program Files\Navilog1 2008-05-12 12:08 . 2008-05-12 12:08 d-------- C:\Program Files\Avira 2008-05-12 10:02 . 2008-05-12 10:02 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-12 10:02 . 2008-05-12 10:02 d-------- C:\Documents and Settings\david\Application Data\Malwarebytes 2008-05-12 10:02 . 2008-05-12 10:02 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-12 10:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-12 10:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-12 10:01 . 2008-05-12 10:01 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-11 23:22 . 2008-05-11 23:22 d-------- C:\Program Files\AVG 2008-05-11 23:22 . 2008-05-11 23:22 d-------- C:\Documents and Settings\david\Application Data\AVGTOOLBAR 2008-05-11 20:21 . 2008-05-13 23:04 3,338 --a------ C:\logfile 2008-05-11 12:07 . 2008-05-11 12:07 d-------- C:\ConvertTemp 2008-05-11 09:43 . 2008-05-11 09:43 d-------- C:\Program Files\Panda Security 2008-05-09 22:12 . 2008-05-09 22:12 d-------- C:\Program Files\Lavasoft 2008-05-09 22:12 . 2008-05-09 22:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 21:32 . 2008-05-08 21:32 d-------- C:\WINDOWS\McAfee.com 2008-05-08 21:09 . 2008-05-08 21:09 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-08 20:44 . 2008-05-08 20:44 759 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-05-08 19:35 . 2008-05-08 19:35 d-------- C:\!KillBox 2008-05-06 21:35 . 2008-05-06 21:35 d-------- C:\Documents and Settings\david\Application Data\fltk.org 2008-05-06 09:04 . 2008-05-06 09:04 244 --ah----- C:\sqmnoopt03.sqm 2008-05-06 09:04 . 2008-05-06 09:04 232 --ah----- C:\sqmdata03.sqm 2008-05-03 20:14 . 2008-05-03 20:14 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-27 15:31 . 2008-04-27 15:31 d-------- C:\PC_Play&Learn 2008-04-27 15:24 . 2008-04-27 15:24 d-------- C:\WINDOWS\A6W_DATA 2008-04-27 15:24 . 2008-04-27 15:26 35 --a------ C:\WINDOWS\A6W.INI 2008-04-21 13:10 . 2008-04-21 13:10 244 --ah----- C:\sqmnoopt02.sqm 2008-04-21 13:10 . 2008-04-21 13:10 232 --ah----- C:\sqmdata02.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 07:50 102,664 ----a-w C:\WINDOWS\system32\drivers mcomm.sys 2008-04-04 12:51 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-23 11:05 --------- d-----w C:\Program Files\eRightSoft 2008-03-21 18:44 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-21 18:44 --------- d-----w C:\Program Files\Windows Live 2008-03-21 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-21 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin 2008-03-21 07:38 --------- d-----w C:\Program Files\Pinnacle 2008-03-21 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin 2008-03-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-03-21 07:34 --------- d-----w C:\Program Files\AIST 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-16 19:55 --------- d-----w C:\Program Files\ATP 2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-22 17:10 744 ----a-w C:\Documents and Settings\david\Application Data\filterclsid.dat . ((((((((((((((((((((((((((((( snapshot@2008-05-13_22.19.00.65 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-13 20:16:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-15 17:54:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-25 04:50:26 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll + 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll - 2004-03-01 18:52:16 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:46 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:48 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:50 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:56 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-03-25 04:50:58 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll - 2004-08-19 23:09:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2004-08-19 23:09:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2004-08-19 23:09:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2004-03-01 18:52:16 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2004-08-19 23:09:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2004-08-19 23:09:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2004-08-19 23:09:34 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2004-08-19 23:09:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2004-08-19 23:09:34 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2004-08-19 23:09:34 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2004-08-19 23:09:34 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2004-08-19 23:09:34 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2004-08-19 23:09:34 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2004-08-19 23:09:34 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 20:12 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 14:26 299008] "Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "BDSwitchAgent"="C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe" [ ] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-16 15:51 7569408] "nwiz"="nwiz.exe" [2006-04-16 15:51 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-16 15:51 86016] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.dvsd"= dvc.dll "VIDC.IV41"= ir41_32.dll "msacm.avis"= ff_acm.acm "vidc.yv12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\WINDOWS\System32\lexpps.exe"= "C:\Program Files\SecondLife\SecondLife.exe"= "C:\WINDOWS\System32\dpnsvr.exe"= "C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-08-06 14:47] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00] R3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46] S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-03-17 13:41] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 Microtech DNS client;Microtech DNS client;C:\Program Files\MDNS Client\MDNSclient.exe [2002-05-21 20:09] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 20:14] S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 08:08] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] S3 Vsp;Vsp;C:\WINDOWS\System32\drivers\Vsp.sys [2003-05-27 16:45] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-15 17:58:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:00, on 2008-05-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Lexmark Fax Solutions\fm3032.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WANADOO\TaskBarIcon.exe C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32 wprovau.dll O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

copilotepanizzi71 · Answer

rebonjour papyber,
 voici donc les rapports en question.  
 Apparement mon pc se comporte pas mal et à l'air de beaucoup moins "ramer". merci 

En attente de ta réponse.......

copilotepanizzi71 · Answer

je viens de trouver ça en regardant dans C:\ mes dossiers partagés

Je ne sais pas du tout ce que ça peut etre!!!

PCLECHAL "paramètres de configuration"

[PLM]
e6ba355c7579a7ca34f214c46d1a8144=0b38bcf9ecc4cc43980a023d55aa305f0e313dcb3e7ecf0d808f2abcd9d7a6e6af6831735a2086ca67b6a8f44a4cdd652876bb33637f14e4c7c5478c4e62ce0d3605a58e
08742c1bd570399590645109e0b40958=e9f80f04e2c5f39d9ad77ffa4cdca63b1e8b080ea38f5e86ecd7eb0f75be7bf21e8b080ea38f5e8641e6044b8c6f084a1e8b080ea38f5e8608d61d25fd11fd191ea6f9b4

papyber · Answer

fais le examiner par virus total
https://www.virustotal.com/gui/

copilotepanizzi71 · Answer

re merci papyber c'est bon y a rien de grave pour ce fichier.je l'ai bien envoyé sur l'antivirus en ligne.

sinon depuis que je t'ai dit qu'il ramait moins, il me met des erreurs critiques a chaque démarrage souvent pour la carte graphique que je n'arrive pas a mettre a jour!! et aujourd'hui c'est "IRQL-NOT LESS-OR-EQUAL"
stop :0x0000000A, 0x00000004 , 0x00000002  0x00000001 0x804dbe9b

voici j'espere que c'est pas grave mais sinon pour les hijackthis et navlog c'est bon? t'as rien remarqué d'autre de grave?

papyber · Answer

rends-toi sur ESET Online Scanner Link 
https://www.eset.com/
Coche la case YES, I accept the Terms Of Use 
Clique sur le bouton Start 
Clique maintenant sur Install button 
Clique a nouveau sur Start 

Les mises à jours du Scan en ligne vont se faire. 
Ne coche pas Remove found threats 
Clique sur Scan button 

Le Scan va démarrer, sois patient. 

Quand le Scan sera terminé, clique sur Details tab 

Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back

copilotepanizzi71 · Answer

voici le résultat 
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3106 (20080516)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=b7c30a33a147664c9253f599bda73612
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-05-18 08:10:38
# local_time=2008-05-18 10:10:38 (+0100, Paris, Madrid (heure d'été))
# country="France"
# osver=5.1.2600 NT Service Pack 2
# scanned=315944
# found=4
# scan_time=9994
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0075000.exe	Win32/Adware.Webhancer.390 application	37D387740E3A7B37FDCBCDD596E4CE07
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0075011.DLL	Win32/Adware.Webhancer.390 application	D33A030B2FD065B04B76B3CC63DD40A3
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0076093.exe	probably a variant of Win32/Adware.Webhancer.A application	5169BBE9ED545F47A3E6057260C6F103
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076280.dll	a variant of Win32/Adware.Mirar application	7E4120EEDC53E39050567A4344C857A3


 aussi je te refais un rapport hijackthis ainsi que l'antivirus ça a sonné tout a l'heure

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22, on 2008-05-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

papyber · Answer

c'est tout bon, c'est ta restauration système et la quarantaine de combofix...
on va faire ainsi
Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le Scan se terminer.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste-moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer

des soucis encore?

si tout va bien supprime tout ce qu'on a utilisé et qui ne l'a pas été par Tools Cleaner2, car ce ne sera plus utile désormais
conserve néanmoins Ccleaner ou
Télécharge : - Ccleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et effectue le nettoyage tous les jours avant de couper le PC

installe ce logiciel très utile et Scanne ton PC avec une fois par semaine au moins...
MalwareByte
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Installe-le
Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.
Sélectionne ton (tes) disques durs.
Lancer l'examen
Clique sur Enregistrer le rapport et choisis ton Bureau

tu peux le coupler avec celui-ci
Spybot Search and Destroy
https://www.safer-networking.org/?page=download

défragmente

pense à bien te protéger, j'ai découvert ce lien qui est plutôt pas mal à ce sujet

https://forum.pcastuces.com/default.asp


la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...
 
 
et bon surf

copilotepanizzi71 · Answer

bonsoir 
un grand merci a vous tous et surtout a papyber de m'avoir aidé sur ce sujet.

je n'ai plus de soucis dorénavent!!!  

merci
merci!!!!!!!!!!!!!!!!!!!!!

Infections multiples

48 réponses

Votre réponse

Discussions similaires

Newsletters