Fond d'écran bleu Warning spyware

Résolu
tiju33 -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,

Voilà j'ai un soucis depuis hier :
En effet mon fond d'écran à été changé pour un message d'alerte spyware sur fond bleu, des messages et des pages internet s'affichent toujours par rapport à des prétendus spywares et je n'ai plus accès au gestionnaire de tâches :/

J'ai cherché un ti peu comment résoudre ce problème mais n'y connaissant rien je m'en remets à vous les spécialistes de la bonne santé des ordis qui nous sont si souvent d'une aide précieuse ^^

Voici mon rapport HijackThis, en espérant que ce ne soit pas trop le bazar dans mon pc :p

Merci d'avance !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:22, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\444.470
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\portsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tiju\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransVente] C:\PROGRA~1\TRANSV~1\TransVente.exe 1
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 14076 bytes
Configuration: Windows XP
Firefox 2.0.0.14

23 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    ok y a du monde chez toi lol

    important fais ceci :

    Télécharge cet outil de SiRi:

    http://siri.urz.free.fr/RHosts.php

    Double cliquer dessus pour l'exécuter

    et cliquer sur " Restore original Hosts
    "

    ensuite :

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    1
  2. Utilisateur anonyme
     
    Bonsoir,

    --# Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.
    A découvrir : Estopa, Rosario Flores, La oreja de van gogh.. Bonne écoute
    0
    1. tiju33
       
      Voici mon rapport SmitFraudFix :

      SmitFraudFix v2.323

      Rapport fait à 1:08:36,34, 10/06/2008
      Executé à partir de C:\Documents and Settings\Tiju\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\iftuyszv.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\WINDOWS\444.470
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\portsv.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\ATK0100\HControl.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\SPYWAREfighter\spftray.exe
      C:\APPS\SMP\SmpSys.exe
      C:\Program Files\SPYWAREfighter\spfprc.exe
      C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\WINDOWS\ATK0100\ATKOSD.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\aMSN\bin\wish.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      Fichier hosts corrompu !

      127.0.0.1 www.legal-at-spybot.info
      127.0.0.1 legal-at-spybot.info

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\accesss.exe PRESENT !
      C:\WINDOWS\astctl32.ocx PRESENT !
      C:\WINDOWS\avpcc.dll PRESENT !
      C:\WINDOWS\clrssn.exe PRESENT !
      C:\WINDOWS\cpan.dll PRESENT !
      C:\WINDOWS\default.htm PRESENT !
      C:\WINDOWS\iexplorer.exe PRESENT !
      C:\WINDOWS\loader.exe PRESENT !
      C:\WINDOWS\mtwirl32.dll PRESENT !
      C:\WINDOWS\notepad32.exe PRESENT !
      C:\WINDOWS\olehelp.exe PRESENT !
      C:\WINDOWS\systeem.exe PRESENT !
      C:\WINDOWS\systemcritical.exe PRESENT !
      C:\WINDOWS\time.exe PRESENT !
      C:\WINDOWS\users32.exe PRESENT !
      C:\WINDOWS\waol.exe PRESENT !
      C:\WINDOWS\win32e.exe PRESENT !
      C:\WINDOWS\win64.exe PRESENT !
      C:\WINDOWS\winajbm.dll PRESENT !
      C:\WINDOWS\window.exe PRESENT !
      C:\WINDOWS\winmgnt.exe PRESENT !
      C:\WINDOWS\x.exe PRESENT !
      C:\WINDOWS\xplugin.dll PRESENT !
      C:\WINDOWS\xxxvideo.hta PRESENT !
      C:\WINDOWS\y.exe PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tiju


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tiju\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tiju\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{284B108A-9268-44B1-8E44-17E862E0BD79}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{284B108A-9268-44B1-8E44-17E862E0BD79}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{284B108A-9268-44B1-8E44-17E862E0BD79}: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  3. tiju33
     
    voilà ! :

    SmitFraudFix v2.323

    Rapport fait à 1:32:38,62, 10/06/2008
    Executé à partir de C:\Documents and Settings\Tiju\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\accesss.exe supprimé
    C:\WINDOWS\astctl32.ocx supprimé
    C:\WINDOWS\avpcc.dll supprimé
    C:\WINDOWS\clrssn.exe supprimé
    C:\WINDOWS\cpan.dll supprimé
    C:\WINDOWS\default.htm supprimé
    C:\WINDOWS\iexplorer.exe supprimé
    C:\WINDOWS\loader.exe supprimé
    C:\WINDOWS\mtwirl32.dll supprimé
    C:\WINDOWS\notepad32.exe supprimé
    C:\WINDOWS\olehelp.exe supprimé
    C:\WINDOWS\systeem.exe supprimé
    C:\WINDOWS\systemcritical.exe supprimé
    C:\WINDOWS\time.exe supprimé
    C:\WINDOWS\users32.exe supprimé
    C:\WINDOWS\waol.exe supprimé
    C:\WINDOWS\win32e.exe supprimé
    C:\WINDOWS\win64.exe supprimé
    C:\WINDOWS\winajbm.dll supprimé
    C:\WINDOWS\window.exe supprimé
    C:\WINDOWS\winmgnt.exe supprimé
    C:\WINDOWS\x.exe supprimé
    C:\WINDOWS\xplugin.dll supprimé
    C:\WINDOWS\xxxvideo.hta supprimé
    C:\WINDOWS\y.exe supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{284B108A-9268-44B1-8E44-17E862E0BD79}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Reboot

    C:\WINDOWS\default.htm supprimé
    C:\WINDOWS\iexplorer.exe supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  4. tiju33
     
    eh oui ya pas mal de bazar, je le maltraite mon pauvre ordi ^^
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    un jours il se vengera lol

    Telecharge malwarebytes

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    ps : les rapport sont aussi rangé dans l onglet rapport/log
    0
  7. tiju33
     
    J'ai récup mon fond d'écran et tout semble à nouveau normal :)
    Merci énormément :) :) :)

    Voici le rapport avant redemmarrage :

    Malwarebytes' Anti-Malware 1.15
    Version de la base de données: 844

    03:36:38 10/06/2008
    mbam-log-6-10-2008 (03-36-38).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 186445
    Temps écoulé: 1 hour(s), 45 minute(s), 4 second(s)

    Processus mémoire infecté(s): 3
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 27
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 64

    Processus mémoire infecté(s):
    C:\WINDOWS\444.470 (Trojan.DownLoader) -> Unloaded process successfully.
    C:\WINDOWS\portsv.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\iftuyszv.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\444.470 (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\WINDOWS\portsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iftuyszv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tiju\Local Settings\Temporary Internet Files\Content.IE5\5CFCH9FQ\syswcc32[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tiju\Local Settings\Temporary Internet Files\Content.IE5\P5G71RNY\mmonHJ[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\444.0 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\lfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\OBE1\imapIP95.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vntiho06\vntiho061083.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    0
  8. Utilisateur anonyme
     
    il doit te rester des merdes

    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    ensuite refais un scan hijackthis et post le rapport stp

    la suite demain bonne nuit
    0
  9. tiju33
     
    Oki voici le rapport et merci pour ton aide précieuse !
    Bonne nuit à demain ++

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:51:06, on 10/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\aMSN\bin\wish.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Tiju\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TransVente] C:\PROGRA~1\TRANSV~1\TransVente.exe 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  10. Utilisateur anonyme
     
    salut bien dormi ??

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  11. tiju33
     
    Salut ! Oui bien dormi merci ^^
    Bon j'ai fait ce que tu m'as demandé et voici le rapport :

    ComboFix 08-06-09.7 - Tiju 2008-06-10 12:29:46.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.519 [GMT 2:00]
    Endroit: C:\Documents and Settings\Tiju\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\3DStudio Max v6.0.torrent
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\3DStudio Max v6.0.zip
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\Caere OmnipagePro 9 10.torrent
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\GetRight3.2 Stolen Software NR.torrent
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\GetRight3.2 Stolen Software NR.zip
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.torrent
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.zip
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\s
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\vtmp2
    C:\Temp\vtmp2\ktnv33.log
    C:\WINDOWS\mainms.vpi
    C:\WINDOWS\megavid.cdt
    C:\WINDOWS\muotr.so
    C:\WINDOWS\system32\2422\25381.dll
    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\hljwugsf.bin
    C:\WINDOWS\system32\MSINET.oca

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSSECURITY1.209.4

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-10 01:46 . 2008-06-10 01:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-10 01:46 . 2008-06-10 01:46 <REP> d-------- C:\Documents and Settings\Tiju\Application Data\Malwarebytes
    2008-06-10 01:46 . 2008-06-10 01:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-10 01:46 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-10 01:46 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-10 01:09 . 2008-06-10 01:32 4,028 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-10 01:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-06-10 01:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-06-10 01:08 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-06-10 01:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-06-10 01:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-06-10 01:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-06-10 01:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-06-10 01:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-06-10 00:09 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\Tiju\Application Data\uTorrent
    2008-06-09 22:36 . 2008-06-09 23:12 <REP> d-------- C:\Program Files\Navilog1
    2008-06-09 18:26 . 2008-06-09 18:28 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-06-09 18:26 . 2008-06-09 18:26 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-06-09 16:00 . 2008-06-09 16:00 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-09 16:00 . 2008-06-09 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-09 15:59 . 2008-06-09 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-08 17:03 . 2008-06-08 23:13 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-08 15:19 . 2008-06-10 12:32 <REP> d-------- C:\WINDOWS\system32\2422
    2008-06-08 14:16 . 2008-06-10 03:36 <REP> d-------- C:\WINDOWS\system32\OBE1
    2008-06-08 14:16 . 2008-06-08 14:16 <REP> d-------- C:\WINDOWS\system32\kip
    2008-06-08 14:16 . 2008-06-08 14:16 <REP> d-------- C:\WINDOWS\system32\20541
    2008-06-08 14:16 . 2008-06-10 12:30 <REP> d-------- C:\Temp
    2008-06-08 14:16 . 2008-06-08 14:16 121,325 --a------ C:\Temp\dvzer6.exe
    2008-06-08 14:15 . 2008-06-08 14:15 <REP> d---s---- C:\Documents and Settings\LocalService\Favoris
    2008-05-26 16:53 . 2008-05-26 16:53 604 --a------ C:\Raccourci vers Super Nintendo.lnk
    2008-05-24 12:59 . 2008-05-24 12:59 268 --ah----- C:\sqmdata19.sqm
    2008-05-24 12:59 . 2008-05-24 12:59 244 --ah----- C:\sqmnoopt19.sqm
    2008-05-19 13:11 . 2008-06-09 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-14 18:56 . 2008-06-05 19:42 <REP> d-------- C:\Program Files\Last.fm
    2008-05-14 18:56 . 2008-05-14 18:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-09 22:21 --------- d-----w C:\Program Files\TransVente
    2008-06-09 21:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-09 21:56 --------- d-----w C:\Program Files\uTorrent
    2008-06-08 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-08 20:42 --------- d-----w C:\Program Files\LEGO Company
    2008-06-08 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-05 01:17 --------- d-----w C:\Program Files\Windows Desktop Search
    2008-05-26 23:05 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-05-25 19:40 --------- d-----w C:\Program Files\Winamp Desk Band
    2008-05-25 19:39 --------- d-----w C:\Program Files\Ubisoft
    2008-05-25 19:37 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-05-24 10:59 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-24 10:37 --------- d-----w C:\Program Files\Windows Live
    2008-05-24 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-21 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-20 20:07 --------- d-----w C:\Program Files\Trillian
    2008-05-19 11:15 --------- d-----w C:\Program Files\Google
    2008-05-18 18:56 --------- d-----w C:\Program Files\DivX
    2008-05-14 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-06 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-05-05 12:17 --------- d-----w C:\Documents and Settings\Tiju\Application Data\OpenOffice.org2
    2008-05-04 11:10 --------- d-----w C:\Program Files\Java
    2008-04-29 17:39 --------- d-----w C:\Program Files\Loop12 V2
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-23 15:41 --------- d-----w C:\Documents and Settings\Tiju\Application Data\U3
    2008-04-22 19:18 --------- d-----w C:\Documents and Settings\Tiju\Application Data\LEGO Company
    2008-04-15 15:28 --------- d-----w C:\Documents and Settings\Tiju\Application Data\Winamp
    2008-04-15 15:17 --------- d-----w C:\Program Files\Winamp
    2008-04-15 15:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-14 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
    2008-04-14 23:29 --------- d-----w C:\Documents and Settings\Tiju\Application Data\Songbird
    2008-04-14 00:59 --------- d-----w C:\Program Files\Screamer Radio
    2008-03-10 23:52 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-03-10 23:52 290,816 -c----w C:\WINDOWS\Setup1.exe
    2007-07-30 20:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007073020070731\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
    "RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" [2005-04-22 00:01 2371584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 15:04 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "TransVente"="C:\PROGRA~1\TRANSV~1\TransVente.exe" [2006-11-23 19:26 40960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
    "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
    "WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [2005-04-14 15:46 45056]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 14:36 774233]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 13:57 573440]
    "nwiz"="nwiz.exe" [2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 16:11 86016]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "StandardInstall"="" []
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
    "Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 18:46 543232]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 13:40 106496]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 16:11 7577600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "VIDC.VDOM"= vdowave.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
    backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Tiju^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
    path=C:\Documents and Settings\Tiju\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
    backup=C:\WINDOWS\pss\Club Internet.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Tiju^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Tiju\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    C:\Program Files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
    --a------ 2006-02-23 13:40 106496 C:\WINDOWS\ATK0100\HControl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a--c--- 2004-08-10 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-06-12 16:11 7577600 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-06-12 16:11 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-10 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-10 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-10-19 19:18 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --a------ 2006-06-01 13:57 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2006-05-12 14:36 774233 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
    D:\install\Workflow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Trillian\\trillian.exe"=
    "C:\\Program Files\\aMSN\\bin\\wish.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16040:TCP"= 16040:TCP:µ Torrent

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 05:50]
    S3 gel90xne;gel90xne;C:\DOCUME~1\Tiju\LOCALS~1\Temp\gel90xne.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9abb0c7-28c5-11dc-b42e-0018f37257e8}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-10 12:38:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\freecell.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-10 12:49:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-10 10:48:48

    Pre-Run: 3,608,760,320 octets libres
    Post-Run: 3,710,627,840 octets libres

    284 --- E O F --- 2008-05-29 01:02:04
    0
  12. Utilisateur anonyme
     
    OK Refais un scan hijackthis et post le rapport stp
    0
  13. tiju33
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:04:53, on 10/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\aMSN\bin\wish.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Tiju\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TransVente] C:\PROGRA~1\TRANSV~1\TransVente.exe 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  14. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\2422
    C:\WINDOWS\system32\OBE1
    C:\WINDOWS\system32\kip
    C:\WINDOWS\system32\20541
    C:\Temp\dvzer6.exe
    C:\sqmdata19.sqm
    C:\sqmnoopt19.sqm
    C:\WINDOWS\Setup1.exe
    C:\PROGRA~1\TRANSV~1\TransVente.exe

    Folder::
    C:\PROGRA~1\TRANSV~1

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TransVente"="

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  15. tiju33
     
    Rapport ComboFix

    ComboFix 08-06-09.7 - Tiju 2008-06-10 13:19:42.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.347 [GMT 2:00]
    Endroit: C:\Documents and Settings\Tiju\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Tiju\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\PROGRA~1\TRANSV~1\TransVente.exe
    C:\sqmdata19.sqm
    C:\sqmnoopt19.sqm
    C:\Temp\dvzer6.exe
    C:\WINDOWS\Setup1.exe
    C:\WINDOWS\system32\20541
    C:\WINDOWS\system32\2422
    C:\WINDOWS\system32\kip
    C:\WINDOWS\system32\OBE1
    C:\WINDOWS\system32\tmp.reg
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\PROGRA~1\TRANSV~1
    C:\PROGRA~1\TRANSV~1\ADVPACK.DLL
    C:\PROGRA~1\TRANSV~1\AgtX040C.exe
    C:\PROGRA~1\TRANSV~1\asso.txt
    C:\PROGRA~1\TRANSV~1\asycfilt.dll
    C:\PROGRA~1\TRANSV~1\cat.txt
    C:\PROGRA~1\TRANSV~1\comcat.dll
    C:\PROGRA~1\TRANSV~1\condition.html
    C:\PROGRA~1\TRANSV~1\coordonnee.html
    C:\PROGRA~1\TRANSV~1\faq.html
    C:\PROGRA~1\TRANSV~1\ijl15.dll
    C:\PROGRA~1\TRANSV~1\image\1-1.bmp
    C:\PROGRA~1\TRANSV~1\image\1-2.bmp
    C:\PROGRA~1\TRANSV~1\image\1-3.bmp
    C:\PROGRA~1\TRANSV~1\image\1-4.bmp
    C:\PROGRA~1\TRANSV~1\image\1-5.bmp
    C:\PROGRA~1\TRANSV~1\image\1-6.bmp
    C:\PROGRA~1\TRANSV~1\image\2-1.bmp
    C:\PROGRA~1\TRANSV~1\image\200.ico
    C:\PROGRA~1\TRANSV~1\image\3-1.bmp
    C:\PROGRA~1\TRANSV~1\image\4-1.bmp
    C:\PROGRA~1\TRANSV~1\image\ami.png
    C:\PROGRA~1\TRANSV~1\image\b.png
    C:\PROGRA~1\TRANSV~1\image\bd.png
    C:\PROGRA~1\TRANSV~1\image\bg.png
    C:\PROGRA~1\TRANSV~1\image\d.png
    C:\PROGRA~1\TRANSV~1\image\dot.gif
    C:\PROGRA~1\TRANSV~1\image\F.ico
    C:\PROGRA~1\TRANSV~1\image\failed-lg.gif
    C:\PROGRA~1\TRANSV~1\image\failed-sm.gif
    C:\PROGRA~1\TRANSV~1\image\fond.png
    C:\PROGRA~1\TRANSV~1\image\g.png
    C:\PROGRA~1\TRANSV~1\image\guitare.gif
    C:\PROGRA~1\TRANSV~1\image\H.ico
    C:\PROGRA~1\TRANSV~1\image\h.png
    C:\PROGRA~1\TRANSV~1\image\hd.png
    C:\PROGRA~1\TRANSV~1\image\hg.png
    C:\PROGRA~1\TRANSV~1\image\logo.png
    C:\PROGRA~1\TRANSV~1\image\pc.jpeg
    C:\PROGRA~1\TRANSV~1\image\photo.gif
    C:\PROGRA~1\TRANSV~1\image\remaining-lg.gif
    C:\PROGRA~1\TRANSV~1\image\remaining-sm.gif
    C:\PROGRA~1\TRANSV~1\image\soft.gif
    C:\PROGRA~1\TRANSV~1\image\success-lg.gif
    C:\PROGRA~1\TRANSV~1\image\success-sm.gif
    C:\PROGRA~1\TRANSV~1\image\tondeuse.jpeg
    C:\PROGRA~1\TRANSV~1\image\tondeuse.png
    C:\PROGRA~1\TRANSV~1\index.html
    C:\PROGRA~1\TRANSV~1\lhttsfrf.exe
    C:\PROGRA~1\TRANSV~1\macro\tv.swf
    C:\PROGRA~1\TRANSV~1\monnaie.txt
    C:\PROGRA~1\TRANSV~1\msvbvm60.dll
    C:\PROGRA~1\TRANSV~1\MSWINSCK.OCX
    C:\PROGRA~1\TRANSV~1\oleaut32.dll
    C:\PROGRA~1\TRANSV~1\olepro32.dll
    C:\PROGRA~1\TRANSV~1\paiement.txt
    C:\PROGRA~1\TRANSV~1\region.txt
    C:\PROGRA~1\TRANSV~1\smiley\1.gif
    C:\PROGRA~1\TRANSV~1\smiley\10.gif
    C:\PROGRA~1\TRANSV~1\smiley\11.gif
    C:\PROGRA~1\TRANSV~1\smiley\12.gif
    C:\PROGRA~1\TRANSV~1\smiley\13.gif
    C:\PROGRA~1\TRANSV~1\smiley\14.gif
    C:\PROGRA~1\TRANSV~1\smiley\15.gif
    C:\PROGRA~1\TRANSV~1\smiley\16.gif
    C:\PROGRA~1\TRANSV~1\smiley\17.gif
    C:\PROGRA~1\TRANSV~1\smiley\18.gif
    C:\PROGRA~1\TRANSV~1\smiley\19.gif
    C:\PROGRA~1\TRANSV~1\smiley\2.gif
    C:\PROGRA~1\TRANSV~1\smiley\20.gif
    C:\PROGRA~1\TRANSV~1\smiley\21.gif
    C:\PROGRA~1\TRANSV~1\smiley\22.gif
    C:\PROGRA~1\TRANSV~1\smiley\23.gif
    C:\PROGRA~1\TRANSV~1\smiley\24.gif
    C:\PROGRA~1\TRANSV~1\smiley\25.gif
    C:\PROGRA~1\TRANSV~1\smiley\26.gif
    C:\PROGRA~1\TRANSV~1\smiley\27.gif
    C:\PROGRA~1\TRANSV~1\smiley\28.gif
    C:\PROGRA~1\TRANSV~1\smiley\29.gif
    C:\PROGRA~1\TRANSV~1\smiley\3.gif
    C:\PROGRA~1\TRANSV~1\smiley\30.gif
    C:\PROGRA~1\TRANSV~1\smiley\31.gif
    C:\PROGRA~1\TRANSV~1\smiley\32.gif
    C:\PROGRA~1\TRANSV~1\smiley\33.gif
    C:\PROGRA~1\TRANSV~1\smiley\34.gif
    C:\PROGRA~1\TRANSV~1\smiley\35.gif
    C:\PROGRA~1\TRANSV~1\smiley\36.gif
    C:\PROGRA~1\TRANSV~1\smiley\37.gif
    C:\PROGRA~1\TRANSV~1\smiley\38.gif
    C:\PROGRA~1\TRANSV~1\smiley\39.gif
    C:\PROGRA~1\TRANSV~1\smiley\4.gif
    C:\PROGRA~1\TRANSV~1\smiley\40.gif
    C:\PROGRA~1\TRANSV~1\smiley\41.gif
    C:\PROGRA~1\TRANSV~1\smiley\42.gif
    C:\PROGRA~1\TRANSV~1\smiley\43.gif
    C:\PROGRA~1\TRANSV~1\smiley\44.gif
    C:\PROGRA~1\TRANSV~1\smiley\45.gif
    C:\PROGRA~1\TRANSV~1\smiley\46.gif
    C:\PROGRA~1\TRANSV~1\smiley\47.gif
    C:\PROGRA~1\TRANSV~1\smiley\48.gif
    C:\PROGRA~1\TRANSV~1\smiley\49.gif
    C:\PROGRA~1\TRANSV~1\smiley\5.gif
    C:\PROGRA~1\TRANSV~1\smiley\50.gif
    C:\PROGRA~1\TRANSV~1\smiley\51.gif
    C:\PROGRA~1\TRANSV~1\smiley\52.gif
    C:\PROGRA~1\TRANSV~1\smiley\53.gif
    C:\PROGRA~1\TRANSV~1\smiley\54.gif
    C:\PROGRA~1\TRANSV~1\smiley\6.gif
    C:\PROGRA~1\TRANSV~1\smiley\7.gif
    C:\PROGRA~1\TRANSV~1\smiley\8.gif
    C:\PROGRA~1\TRANSV~1\smiley\9.gif
    C:\PROGRA~1\TRANSV~1\smiley\init.ini
    C:\PROGRA~1\TRANSV~1\spchapi.exe
    C:\PROGRA~1\TRANSV~1\stdole2.tlb
    C:\PROGRA~1\TRANSV~1\style.css
    C:\PROGRA~1\TRANSV~1\TransVente.exe
    C:\PROGRA~1\TRANSV~1\TransVente.ocx
    C:\PROGRA~1\TRANSV~1\Uninstal.exe
    C:\PROGRA~1\TRANSV~1\VB6FR.DLL
    C:\PROGRA~1\TRANSV~1\W95INF16.DLL
    C:\PROGRA~1\TRANSV~1\W95INF32.DLL
    C:\sqmdata19.sqm
    C:\sqmnoopt19.sqm
    C:\Temp\dvzer6.exe
    C:\WINDOWS\Setup1.exe
    C:\WINDOWS\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-10 01:46 . 2008-06-10 01:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-10 01:46 . 2008-06-10 01:46 <REP> d-------- C:\Documents and Settings\Tiju\Application Data\Malwarebytes
    2008-06-10 01:46 . 2008-06-10 01:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-10 01:46 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-10 01:46 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-10 01:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-06-10 01:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-06-10 01:08 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-06-10 01:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-06-10 01:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-06-10 01:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-06-10 01:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-06-10 01:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-06-10 00:09 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\Tiju\Application Data\uTorrent
    2008-06-09 22:36 . 2008-06-10 13:04 <REP> d-------- C:\Program Files\Navilog1
    2008-06-09 18:26 . 2008-06-09 18:28 <REP> d-------- C:\Program Files\SPYWAREfighter
    2008-06-09 18:26 . 2008-06-09 18:26 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2008-06-09 16:00 . 2008-06-09 16:00 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-09 16:00 . 2008-06-09 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-09 15:59 . 2008-06-09 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-08 17:03 . 2008-06-08 23:13 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-08 15:19 . 2008-06-10 12:32 <REP> d-------- C:\WINDOWS\system32\2422
    2008-06-08 14:16 . 2008-06-10 03:36 <REP> d-------- C:\WINDOWS\system32\OBE1
    2008-06-08 14:16 . 2008-06-08 14:16 <REP> d-------- C:\WINDOWS\system32\kip
    2008-06-08 14:16 . 2008-06-08 14:16 <REP> d-------- C:\WINDOWS\system32\20541
    2008-06-08 14:16 . 2008-06-10 13:20 <REP> d-------- C:\Temp
    2008-06-08 14:15 . 2008-06-08 14:15 <REP> d---s---- C:\Documents and Settings\LocalService\Favoris
    2008-05-26 16:53 . 2008-05-26 16:53 604 --a------ C:\Raccourci vers Super Nintendo.lnk
    2008-05-19 13:11 . 2008-06-09 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2008-05-14 18:56 . 2008-06-05 19:42 <REP> d-------- C:\Program Files\Last.fm
    2008-05-14 18:56 . 2008-05-14 18:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-09 21:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-09 21:56 --------- d-----w C:\Program Files\uTorrent
    2008-06-08 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-08 20:42 --------- d-----w C:\Program Files\LEGO Company
    2008-06-08 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-05 01:17 --------- d-----w C:\Program Files\Windows Desktop Search
    2008-05-26 23:05 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-05-25 19:40 --------- d-----w C:\Program Files\Winamp Desk Band
    2008-05-25 19:39 --------- d-----w C:\Program Files\Ubisoft
    2008-05-25 19:37 --------- d-----w C:\Program Files\OpenOffice.org 2.3
    2008-05-24 10:59 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-24 10:37 --------- d-----w C:\Program Files\Windows Live
    2008-05-24 10:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-21 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-20 20:07 --------- d-----w C:\Program Files\Trillian
    2008-05-19 11:15 --------- d-----w C:\Program Files\Google
    2008-05-18 18:56 --------- d-----w C:\Program Files\DivX
    2008-05-14 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-06 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-05-05 12:17 --------- d-----w C:\Documents and Settings\Tiju\Application Data\OpenOffice.org2
    2008-05-04 11:10 --------- d-----w C:\Program Files\Java
    2008-04-29 17:39 --------- d-----w C:\Program Files\Loop12 V2
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-23 15:41 --------- d-----w C:\Documents and Settings\Tiju\Application Data\U3
    2008-04-22 19:18 --------- d-----w C:\Documents and Settings\Tiju\Application Data\LEGO Company
    2008-04-15 15:28 --------- d-----w C:\Documents and Settings\Tiju\Application Data\Winamp
    2008-04-15 15:17 --------- d-----w C:\Program Files\Winamp
    2008-04-15 15:04 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-14 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
    2008-04-14 23:29 --------- d-----w C:\Documents and Settings\Tiju\Application Data\Songbird
    2008-04-14 00:59 --------- d-----w C:\Program Files\Screamer Radio
    2008-04-04 13:48 359,936 ----a-w C:\WINDOWS\system32\cards.dll.tmp
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-10 23:52 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    1998-08-24 10:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe
    2007-07-30 20:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007073020070731\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
    "RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" [2005-04-22 00:01 2371584]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 15:04 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "TransVente"="C:\PROGRA~1\TRANSV~1\TransVente.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
    "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
    "WellPhone DirectSync - ScheduleSync"="C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE" [2005-04-14 15:46 45056]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 14:36 774233]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 13:57 573440]
    "nwiz"="nwiz.exe" [2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 16:11 86016]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "StandardInstall"="" []
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
    "Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 18:46 543232]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 13:40 106496]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 16:11 7577600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    C:\Documents and Settings\Tiju\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "VIDC.VDOM"= vdowave.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
    backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Tiju^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
    path=C:\Documents and Settings\Tiju\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
    backup=C:\WINDOWS\pss\Club Internet.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Tiju^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
    path=C:\Documents and Settings\Tiju\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    C:\Program Files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
    --a------ 2006-02-23 13:40 106496 C:\WINDOWS\ATK0100\HControl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a--c--- 2004-08-10 14:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
    C:\Documents and Settings\Tiju\Application Data\Microsoft\dtsc\32122.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-06-12 16:11 7577600 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-06-12 16:11 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-10 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-10 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-10-19 19:18 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    --a------ 2006-06-01 13:57 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2006-05-12 14:36 774233 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
    D:\install\Workflow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Trillian\\trillian.exe"=
    "C:\\Program Files\\aMSN\\bin\\wish.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16040:TCP"= 16040:TCP:µ Torrent

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
    R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
    S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 05:50]
    S3 gel90xne;gel90xne;C:\DOCUME~1\Tiju\LOCALS~1\Temp\gel90xne.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9abb0c7-28c5-11dc-b42e-0018f37257e8}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-10 13:22:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-10 13:27:39
    ComboFix-quarantined-files.txt 2008-06-10 11:26:35
    ComboFix2.txt 2008-06-10 10:49:38

    Pre-Run: 3,575,775,232 octets libres
    Post-Run: 3,630,239,744 octets libres

    369 --- E O F --- 2008-05-29 01:02:04
    0
  16. tiju33
     
    Et voici celui de HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:29:55, on 10/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\aMSN\bin\wish.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Tiju\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TransVente] C:\PROGRA~1\TRANSV~1\TransVente.exe 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  17. Utilisateur anonyme
     
    Réouvre hijackthis
    fais scan only
    coche ces lignes :

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)

    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    tu les coches et tu clic sur fix checked

    ensuite désinstal java car pas a jours et telecharge et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    ensuite si c est la version gratuite désinstal adobe reader acrobat car pas a jours et telecharge et instal cette version :

    https://get2.adobe.com/reader/otherversions/

    ensuite :

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5

    Pour désinstaller Avast telecharge cet outil

    https://www.avast.com/fr-fr/uninstall-utility

    ensuite :

    telecharge Ccleaner :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    instal le sans la barre yahoo

    fais lancer le nettoyage

    repete l opération jusqu a ce qu il trouve rien

    ensuite fais registre

    fais chercher les erreures

    ensuite fais corriger les erreures

    repete l opération jusqu a ce qu il trouve rien

    ensuite ;

    Telecharge reg cleaner pour nettoyer le registre:

    http://manuelsdaide.com/RegCleaner/RegCleaner.htm
    ________________

    ouvre le et clic sur TOOL

    Choisi registry cleanup

    clic sur automatic registry cleaner

    laisse scanner et supprime tout

    ensuite lance AVG anti spyware et nettoie

    et pour finir :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    0
  18. tiju33
     
    -->- Recherche:
    Et voilou !!

    C:\Qoobox: trouvé !
    C:\Documents and Settings\Tiju\Bureau\Navilog1.exe: trouvé !
    C:\Documents and Settings\Tiju\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Tiju\Bureau\HijackThis.exe: trouvé !
    C:\Documents and Settings\Tiju\Bureau\SmitFraudfix: trouvé !
    C:\Juju\Applications\Msnfix.zip: trouvé !
    C:\Juju\Applications\MsnFix: trouvé !
    C:\Program Files\Navilog1: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Tiju\Bureau\Navilog1.exe: supprimé !
    C:\Documents and Settings\Tiju\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Tiju\Bureau\HijackThis.exe: ERREUR DE SUPPRESSION !!
    C:\Juju\Applications\Msnfix.zip: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\Tiju\Bureau\SmitFraudfix: supprimé !
    C:\Juju\Applications\MsnFix: supprimé !
    C:\Program Files\Navilog1: supprimé !
    0
  19. Utilisateur anonyme
     
    Voila c est propre !!

    si tu n as pas d autres soucis change le statut du sujet en resolu stp
    0
    1. ptipeck
       
      bonsoir j'aivu ke vous aviez la solution au pb de l'ecran bleu pouvez vous m'aider car moi aussi je galere grave et je ne suis pas un pro de l'informatique
      merci d'avance
      0
  20. tiju33
     
    Je l'avais deja mis en résolu ^^
    Merci pour tout !!
    Bonne journée !
    0
  21. Utilisateur anonyme
     
    hi hi c vrai sorry ciao @++
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut sa c du bon travaille
      0
  • 1
  • 2