Virus cafards mangent l'écran - Page 2

Précédent
  • 1
  • 2
  1. Utilisateur anonyme
     
    t as passé combofix ?? t as le rapport ??
    0
  2. saga
     
    J'ai repassé ComboFix, et en faite ça marche, ça l'air d'être redevenu "potable", ça buggé la 1ère parce que je n'avais pas enlevé mon antivirus à cause du blocage. Dois-je passer clean maintenant? Je met le rapport de combo fix :

    ComboFix 08-06-01.6 - 2008-06-03 15:39:46.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.626 [GMT 2:00]
    Endroit: G:\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\popcorn Terms.html
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\aceKRqss.ini2
    C:\WINDOWS\system32\BLRCfMoq.ini
    C:\WINDOWS\system32\BLRCfMoq.ini2
    C:\WINDOWS\system32\byXQJbYS.dll
    C:\WINDOWS\system32\cfx32.ocx
    C:\WINDOWS\system32\drivers\saG41.sys
    C:\WINDOWS\system32\NVuBeMoq.ini
    C:\WINDOWS\system32\NVuBeMoq.ini2
    C:\WINDOWS\system32\pVybcccf.ini2
    C:\WINDOWS\system32\qoMfCRLB.dll
    C:\WINDOWS\system32\WinCtrl32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE
    -------\Legacy_SAG41
    -------\Service_saG41

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\JACQUOT1\Application Data\Malwarebytes
    2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-02 17:51 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-02 17:51 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-02 17:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-06-02 17:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-06-02 17:40 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-06-02 17:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-06-02 17:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-06-02 17:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-06-02 17:22 . 2008-06-02 17:31 <REP> d-------- C:\WINDOWS\LastGood(2)
    2008-06-01 22:31 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-06-01 22:30 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-06-01 22:29 . 2004-08-05 14:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
    2008-06-01 22:29 . 2004-08-05 14:00 281,600 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
    2008-06-01 22:29 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
    2008-06-01 22:29 . 2004-08-05 14:00 96,768 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
    2008-06-01 22:29 . 2004-08-05 14:00 77,824 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
    2008-06-01 22:29 . 2004-08-05 14:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
    2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
    2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
    2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
    2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-06-01 21:33 . 2008-06-01 22:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-06-01 21:33 . 2008-06-01 22:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-06-01 21:32 . 2008-06-01 21:32 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
    2008-06-01 21:27 . 2008-06-01 21:27 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-06-01 21:27 . 2008-06-02 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-06-01 21:27 . 2008-06-03 15:50 3,603,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-01 21:27 . 2008-06-03 15:50 511,264 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-06-01 21:27 . 2008-06-03 15:44 50,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-06-01 21:27 . 2008-06-03 15:44 48,932 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-06-01 21:24 . 2008-06-01 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-06-01 18:51 . 2008-06-01 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-06-01 11:26 . 2008-06-01 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-01 11:25 . 2008-06-01 11:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-31 20:00 . 2008-05-31 20:00 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-31 19:55 . 2008-05-31 19:47 23,167,480 --a------ C:\avast_avast_4.8.1201_francais_anglais_11113.exe
    2008-05-31 19:48 . 2008-06-01 21:32 28,899 --a------ C:\WINDOWS\setupapi.old
    2008-05-31 19:24 . 2008-06-01 11:28 <REP> d-------- C:\Program Files\Lavasoft
    2008-05-31 16:56 . 2008-05-31 16:57 <REP> d-------- C:\sUBs
    2008-05-31 12:24 . 2008-05-31 12:24 <REP> d-------- C:\Program Files\Sun
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-05-31 11:48 . 2006-07-06 22:03 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-05-31 11:48 . 2008-06-02 19:18 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-05-31 11:29 . 2008-06-02 17:22 14,848 --a------ C:\WINDOWS\system32\WinCtrl32(2)(2).dll
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-03 08:16 . 2008-05-03 08:16 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-03 13:50 --------- d-----w C:\Program Files\Wanadoo
    2008-06-02 18:01 3,458 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-06-02 16:59 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    2008-06-02 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-01 17:36 --------- d-----w C:\Program Files\Yahoo!
    2008-06-01 17:36 --------- d-----w C:\Program Files\XoftSpySE
    2008-06-01 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-01 09:27 --------- d-----w C:\Documents and Settings\JACQUOT1\Application Data\Lavasoft
    2008-05-31 20:03 --------- d-----w C:\Program Files\Realtek AC97
    2008-05-31 10:24 --------- d-----w C:\Program Files\Java
    2008-05-03 06:15 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2007-11-18 15:30 23,504 ----a-w C:\Documents and Settings\JACQUOT1\Application Data\GDIPFONTCACHEV1.DAT
    2007-02-11 06:07 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2006-12-04 22:25 4,318 ----a-w C:\Documents and Settings\JACQUOT1\gotgo.exe
    2006-10-09 19:17 29,784 ----a-w C:\Program Files\ Terms.html
    1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2006-07-28 19:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD01187-8BF9-43E3-BBCF-10092B14DEF1}]
    C:\WINDOWS\system32\qoMeBuVN.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 12:05 68856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 13:18 282624]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-03 08:11 69632]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-03 08:11 185896]
    "PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "System Anti-Virus Server"="C:\WINDOWS\system32\system.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hpV06.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipU28.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV74.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqV28.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqV52.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY41.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB06.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pwD17.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE62.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\taG62.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH38.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msrr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S0 kqV52;kqV52;C:\WINDOWS\system32\Drivers\kqV52.sys []
    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S3 hpV06;hpV06;C:\WINDOWS\System32\drivers\hpV06.sys []
    S3 ipU28;ipU28;C:\WINDOWS\System32\drivers\ipU28.sys []
    S3 jqV28;jqV28;C:\WINDOWS\System32\drivers\jqV28.sys []
    S3 jswmidin;jswmidin;C:\DOCUME~1\JACQUOT1\LOCALS~1\Temp\jswmidin.sys []
    S3 lsY41;lsY41;C:\WINDOWS\System32\drivers\lsY41.sys []
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
    S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
    S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-20 16:27]
    S3 pwD17;pwD17;C:\WINDOWS\System32\drivers\pwD17.sys []
    S3 qxE62;qxE62;C:\WINDOWS\System32\drivers\qxE62.sys []
    S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-06-04 14:01]
    S3 taG62;taG62;C:\WINDOWS\System32\drivers\taG62.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd4a092e-b207-11dc-9b15-001109f84a84}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Portail-Pharma-salon-cleUSB.pdf

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2006-10-16 19:28:13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-03 15:49:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-03 15:53:35 - machine was rebooted [JACQUOT1]
    ComboFix-quarantined-files.txt 2008-06-03 13:53:28
    ComboFix2.txt 2008-05-31 14:56:53

    Pre-Run: 17,750,618,112 octets libres
    Post-Run: 17,968,070,656 octets libres

    240 --- E O F --- 2008-06-03 01:00:22
    0
  3. Utilisateur anonyme
     
    ok refais un scan hijackthis et poste le rapport stp
    0
  4. saga
     
    Voila le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:13:12, on 03/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    G:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {EDD01187-8BF9-43E3-BBCF-10092B14DEF1} - C:\WINDOWS\system32\qoMeBuVN.dll (file missing)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\RunServices: [System Anti-Virus Server] C:\WINDOWS\system32\system.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\system.exe
    C:\WINDOWS\system32\WinCtrl32(2)(2).dll
    C:\WINDOWS\system32\lsdelete.exe
    C:\WINDOWS\LastGood(2)
    C:\Documents and Settings\JACQUOT1\gotgo.exe
    C:\WINDOWS\system32\qoMeBuVN.dll

    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD01187-8BF9-43E3-BBCF-10092B14DEF1}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "System Anti-Virus Server"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  7. saga
     
    Voici le rapproy combofix :

    ComboFix 08-06-01.6 - 2008-06-03 17:01:11.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.635 [GMT 2:00]
    Endroit: C:\Documents and Settings\JACQUOT1\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\JACQUOT1\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Documents and Settings\JACQUOT1\gotgo.exe
    C:\WINDOWS\LastGood(2)
    C:\WINDOWS\system32\lsdelete.exe
    C:\WINDOWS\system32\qoMeBuVN.dll
    C:\WINDOWS\system32\system.exe
    C:\WINDOWS\system32\WinCtrl32(2)(2).dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\JACQUOT1\gotgo.exe
    C:\WINDOWS\system32\lsdelete.exe
    C:\WINDOWS\system32\WinCtrl32(2)(2).dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-03 15:53 . 2008-06-03 15:53 <REP> d-------- C:\Documents and Settings\InvitÚ
    2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\JACQUOT1\Application Data\Malwarebytes
    2008-06-02 17:51 . 2008-06-02 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-02 17:51 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-02 17:51 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-02 17:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-06-02 17:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-06-02 17:40 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-06-02 17:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-06-02 17:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-06-02 17:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-06-02 17:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-06-02 17:22 . 2008-06-02 17:31 <REP> d-------- C:\WINDOWS\LastGood(2)
    2008-06-01 22:31 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-06-01 22:30 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-06-01 22:29 . 2004-08-05 14:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
    2008-06-01 22:29 . 2004-08-05 14:00 281,600 --a--c--- C:\WINDOWS\system32\dllcache\certwiz.ocx
    2008-06-01 22:29 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
    2008-06-01 22:29 . 2004-08-05 14:00 96,768 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
    2008-06-01 22:29 . 2004-08-05 14:00 77,824 --a--c--- C:\WINDOWS\system32\dllcache\cnfgprts.ocx
    2008-06-01 22:29 . 2004-08-05 14:00 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
    2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
    2008-06-01 22:29 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
    2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
    2008-06-01 22:29 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-06-01 22:28 . 2008-06-01 22:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-06-01 21:33 . 2008-06-01 22:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-06-01 21:33 . 2008-06-01 22:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-06-01 21:32 . 2008-06-01 21:32 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
    2008-06-01 21:27 . 2008-06-01 21:27 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-06-01 21:27 . 2008-06-02 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-06-01 21:27 . 2008-06-03 17:12 3,691,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-01 21:27 . 2008-06-03 17:11 513,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-06-01 21:27 . 2008-06-03 15:44 50,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-06-01 21:27 . 2008-06-03 15:44 48,932 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-06-01 21:24 . 2008-06-01 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-06-01 18:51 . 2008-06-01 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-06-01 11:26 . 2008-06-01 11:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-01 11:25 . 2008-06-01 11:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-31 20:00 . 2008-05-31 20:00 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-31 19:55 . 2008-05-31 19:47 23,167,480 --a------ C:\avast_avast_4.8.1201_francais_anglais_11113.exe
    2008-05-31 19:48 . 2008-06-01 21:32 28,899 --a------ C:\WINDOWS\setupapi.old
    2008-05-31 19:24 . 2008-06-01 11:28 <REP> d-------- C:\Program Files\Lavasoft
    2008-05-31 16:56 . 2008-05-31 16:57 <REP> d-------- C:\sUBs
    2008-05-31 12:24 . 2008-05-31 12:24 <REP> d-------- C:\Program Files\Sun
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-05-31 11:48 . 2006-07-06 22:03 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-05-31 11:48 . 2006-07-06 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-05-31 11:48 . 2008-06-02 19:18 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-05-03 08:16 . 2008-05-03 08:16 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-03 14:56 --------- d-----w C:\Program Files\Wanadoo
    2008-06-02 18:01 3,458 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-06-02 16:59 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    2008-06-02 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-01 17:36 --------- d-----w C:\Program Files\Yahoo!
    2008-06-01 17:36 --------- d-----w C:\Program Files\XoftSpySE
    2008-06-01 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-01 09:27 --------- d-----w C:\Documents and Settings\JACQUOT1\Application Data\Lavasoft
    2008-05-31 20:03 --------- d-----w C:\Program Files\Realtek AC97
    2008-05-31 10:24 --------- d-----w C:\Program Files\Java
    2008-05-03 06:15 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2007-11-18 15:30 23,504 ----a-w C:\Documents and Settings\JACQUOT1\Application Data\GDIPFONTCACHEV1.DAT
    2007-02-11 06:07 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2006-10-09 19:17 29,784 ----a-w C:\Program Files\ Terms.html
    1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2006-07-28 19:53 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-03_15.52.14.90 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-03 13:48:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-03 14:55:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDD01187-8BF9-43E3-BBCF-10092B14DEF1}]
    C:\WINDOWS\system32\qoMeBuVN.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 12:05 68856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 13:18 282624]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-03 08:11 69632]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-03 08:11 185896]
    "PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2005-07-22 09:00 81920 C:\WINDOWS\SOUNDMAN.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hpV06.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipU28.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jpV74.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jqV28.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kqV52.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsY41.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB06.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pwD17.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE62.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\taG62.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ubH38.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msrr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.3\\cnc3game.dat"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S0 kqV52;kqV52;C:\WINDOWS\system32\Drivers\kqV52.sys []
    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S3 hpV06;hpV06;C:\WINDOWS\System32\drivers\hpV06.sys []
    S3 ipU28;ipU28;C:\WINDOWS\System32\drivers\ipU28.sys []
    S3 jqV28;jqV28;C:\WINDOWS\System32\drivers\jqV28.sys []
    S3 jswmidin;jswmidin;C:\DOCUME~1\JACQUOT1\LOCALS~1\Temp\jswmidin.sys []
    S3 lsY41;lsY41;C:\WINDOWS\System32\drivers\lsY41.sys []
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
    S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\SophosMEMSWEEP.SYS []
    S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-20 16:27]
    S3 pwD17;pwD17;C:\WINDOWS\System32\drivers\pwD17.sys []
    S3 qxE62;qxE62;C:\WINDOWS\System32\drivers\qxE62.sys []
    S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-06-04 14:01]
    S3 taG62;taG62;C:\WINDOWS\System32\drivers\taG62.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd4a092e-b207-11dc-9b15-001109f84a84}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Portail-Pharma-salon-cleUSB.pdf

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-10-16 19:28:13 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-03 17:11:28
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-03 17:13:40
    ComboFix-quarantined-files.txt 2008-06-03 15:13:32
    ComboFix2.txt 2008-06-03 13:53:37
    ComboFix3.txt 2008-05-31 14:56:53

    Pre-Run: 17,933,586,432 octets libres
    Post-Run: 17,929,228,288 octets libres

    227 --- E O F --- 2008-06-03 01:00:22

    Voila le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:18:38, on 03/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\explorer.exe
    G:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {EDD01187-8BF9-43E3-BBCF-10092B14DEF1} - C:\WINDOWS\system32\qoMeBuVN.dll (file missing)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    0
  8. Utilisateur anonyme
     
    ok on termine

    réouvre hijackthis
    fais scan only
    coche ces lignes :

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - {EDD01187-8BF9-43E3-BBCF-10092B14DEF1} - C:\WINDOWS\system32\qoMeBuVN.dll (file missing)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

    tu les coches et tu clic sur fix checked

    ensuite ta version d internet explorer n est pas a jours telecharge et instal cette version :

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ensuite :

    telecharge Ccleaner :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    instal le sans la barre yahoo

    fais lancer le nettoyage

    repete l opération jusqu a ce qu il trouve rien

    ensuite fais registre

    fais chercher les erreures

    ensuite fais corriger les erreures

    repete l opération jusqu a ce qu il trouve rien

    pour completer le nettoyage tu peux faire ça :

    Télecharge et instal AVG anti spyware:

    http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

    instal le et met le a jours

    ensuite lance le scan et supprime

    et pour finir :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    A découvrir : Estopa, Rosario Flores, La oreja de van gogh.. Bonne écoute
    0
  9. saga
     
    Voila le rapport toolscleaner :

    -->- Recherche:

    C:\Rustbfix: trouvé !
    C:\!Killbox: trouvé !
    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudFix.zip: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudfix: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudFix.zip: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\vundoFix.exe: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudfix: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitfraudFix\SmitFraudfix: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitfraudFix\SmitfraudFix\SmitFraudFix.zip: trouvé !
    C:\Documents and Settings\JACQUOT1\Bureau\SmitfraudFix\SmitFraudfix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudFix.zip: supprimé !
    C:\Documents and Settings\JACQUOT1\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudFix.zip: supprimé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\vundoFix.exe: supprimé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitfraudFix\SmitfraudFix\SmitFraudFix.zip: supprimé !
    C:\Rustbfix: supprimé !
    C:\!Killbox: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\JACQUOT1\Bureau\SmitFraudfix: supprimé !
    C:\Documents and Settings\JACQUOT1\Bureau\anti virus\SmitFraudfix: supprimé !
    0
  10. Utilisateur anonyme
     
    voila tous est clean

    comment va le pc ??

    Si tu es satisfait de mon intervention

    et que tu n as plus de probleme

    change le statut du sujet en résolu stp

    pour cela va en haut sur ta premiere question et la tu as le choix
    0
  11. saga
     
    Alors, il y a juste le fond d'écran qui est resté mais à part ça tout va bien, tout à l'air d'être revenu à la normale.

    Je te remercie pour ton aide, ça m'a été super utile en + avec une efficacité et une rapidité exemplaire, je ne pensais pas que ça irait aussi vite.
    0
  12. Utilisateur anonyme
     
    pour le fond d ecran : a toi de le changer

    ciao @++
    0
Précédent
  • 1
  • 2