AntySpywareExpert oh la la!!!

Résolu
etoilenanou Messages postés 19 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j'ai chopé un trojan "AntiSpywareExpert" et pas moyen de l'enlever!!!! meme trojan remover ne l'a pas enlever!
qui pourrait m'aider?
voici de quoi ca a l'air....

Value Name: AntiSpywareExpert
Value Data: C:\Program Files\AntiSpywareExpert\ase_fr.exe
C:\Program Files\AntiSpywareExpert\ase_fr.exe
1504720 bytes
Created: 5/06/2008
Modified: 5/06/2008
Company: AntiSpywareSolutionPro Inc.
Configuration: Windows Vista
Internet Explorer 7.0

22 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    cré ton propre message et on t'aidera cela sera plus clair
    1
  2. noisette80100 Messages postés 118 Statut Membre 5
     
    salut ,

    Télécharge HijackThis ici :

    -> https://www.01net.com/
    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
  3. etoilenanou Messages postés 19 Statut Membre
     
    je l'ai télécharger mais le problème est tjr là!!!
    0
  4. totobetourne Messages postés 5677 Statut Membre 65
     
    hijack ne l cenlever pas il nous montre ou il se trouve , sa nature .donc il faudrait coller un rapport pour que l on puisse en savoir plus.
    0
    1. etoilenanou Messages postés 19 Statut Membre
       
      voici le résultat:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:53:29, on 12/06/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\AntiSpywareExpert\ase_fr.exe
      C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      D:\CalCheck.exe
      C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
      C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
      C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Program Files\Windows Live\Mail\wlmail.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
      C:\Program Files\Windows Live Toolbar\msn_sl.exe
      C:\Users\anne & benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHL2X1XB\HiJackThis[1].
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. etoilenanou Messages postés 19 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:53:29, on 12/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AntiSpywareExpert\ase_fr.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    D:\CalCheck.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Users\anne & benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHL2X1XB\HiJackThis[1].
    0
  7. totobetourne Messages postés 5677 Statut Membre 65
     
    il faut le rapport au complet il en manque la plus grande partie
    0
    1. etoilenanou Messages postés 19 Statut Membre
       
      ok voilà:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:53:29, on 12/06/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\AntiSpywareExpert\ase_fr.exe
      C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      D:\CalCheck.exe
      C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
      C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
      C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Program Files\Windows Live\Mail\wlmail.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
      C:\Program Files\Windows Live Toolbar\msn_sl.exe
      C:\Users\anne & benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHL2X1XB\HiJackThis[1].exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fmsn.be%2fhotmail%2f%3f
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe
      O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
      O4 - HKLM\..\Run: [PC Booster] "D:\Program Files\pcbooster.exe"
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE&B~1\AppData\Local\Temp\ssqOIYOi.dll,#1
      O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE&B~1\AppData\Local\Temp\tuvSihhI.dll,c
      O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: Photo Express Calendar Checker SE.lnk = D:\CalCheck.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: eNetHook.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
      O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
      O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
      O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
      0
  8. etoilenanou Messages postés 19 Statut Membre
     
    alors qui peut m'aider avec ce rapport? merci d'avance...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:53:29, on 12/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AntiSpywareExpert\ase_fr.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    D:\CalCheck.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Users\anne & benoit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHL2X1XB\HiJackThis[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fmsn.be%2fhotmail%2f%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [PC Booster] "D:\Program Files\pcbooster.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE&B~1\AppData\Local\Temp\ssqOIYOi.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE&B~1\AppData\Local\Temp\tuvSihhI.dll,c
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = D:\CalCheck.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  9. etoilenanou Messages postés 19 Statut Membre
     
    help me!!!! please....
    0
  10. arko
     
    jariv pa a installe flash player a cause de la sécurité
    kess ke jfai*
    0
  11. etoilenanou Messages postés 19 Statut Membre
     
    je suis désespérer!!! pas moyen de l'enlever!!! qui a une solution?
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ANNE&B~1\AppData\Local\Temp\ssqOIYOi.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ANNE&B~1\AppData\Local\Temp\tuvSihhI.dll,c
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')

    _______________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\AntiSpywareExpert
    C:\Program Files\AntiSpywareExpert\ase_fr.exe
    C:\Users\ANNE&B~1\AppData\Local\Temp\ssqOIYOi.dll
    C:\Users\ANNE&B~1\AppData\Local\Temp\tuvSihhI.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _________________

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  13. Laurent
     
    Merci de m'aider.....je rame....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:07: VIRUS ALERT!, on 07/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\atmadm2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AntiSpywareExpert\ase_fr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Antivirus 2009\av2009.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: sqvgnrpx - {4CD6E3CE-395E-46C7-BA94-8E23942E5F81} - C:\WINDOWS\sqvgnrpx.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
    O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\atmadm2.exe
    O4 - HKLM\..\Run: [147a94f1] rundll32.exe "C:\WINDOWS\system32\lclkrutw.dll",b
    O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase_fr.exe
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Device Detection] C:\Program Files\Foto.com\Editeur Foto.com\dd.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [36905438244347389603375917239746] C:\Program Files\Antivirus 2009\av2009.exe
    O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: https://www.brusselsairport.be/en/passengers
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chimacien.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.photolitto.com/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer = 195.238.2.21,195.238.2.22
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Micro Application\Trains Miniatures 3D\monki.dll (file missing)
    O21 - SSODL: fdxbameg - {F14835C8-8FFD-4F4E-8867-48E182DC6A00} - C:\WINDOWS\fdxbameg.dll
    O21 - SSODL: fsrpknov - {B0A153B9-4420-4949-93B6-98B5B1409205} - C:\WINDOWS\fsrpknov.dll
    O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    DriveCleaner Free et antispyware expert et Antivirus 2009 sont des espions! vire les

    lance rogue remover

    pour info :
    http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

    pour telecharger :
    https://www.01net.com/telecharger/

    ______________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    _______________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapports

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    __________________
    recolle un hijakchits
    a plus
    0
    1. Laurent
       
      tout d'abord un tout grand merci pour cette brillante réponse...
      voici le rapport demandé...
      encore merci.....

      ComboFix 08-07-05.1 - Administrateur 2008-07-07 21:08:15.1 - NTFSx86 NETWORK
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Administrateur\err.log
      C:\Documents and Settings\Administrateur\ResErrors.log
      C:\WINDOWS\Downloaded Program Files\setup.inf
      C:\WINDOWS\system32\cfx32.ocx
      C:\WINDOWS\system32\qqsDKRqr.ini
      C:\WINDOWS\system32\qqsDKRqr.ini2
      C:\WINDOWS\system32\rqRKDsqq.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-07-07 20:54 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-07 20:54 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-07 20:46 . 2008-07-07 20:49 3,226 --a------ C:\WINDOWS\system32\tmp.reg
      2008-07-07 20:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-07-07 20:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-07-07 20:45 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-07-07 20:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-07-07 20:45 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-07-07 20:45 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-07-07 20:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-07-07 20:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-07-07 20:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-07-07 20:36 . 2008-07-07 20:39 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-07-07 19:46 . 2008-07-07 20:33 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-07-07 19:46 . 2008-07-07 19:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-07 19:46 . 2008-07-07 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
      2008-07-07 19:46 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-07-07 19:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-07-07 19:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-07-07 19:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-07-07 19:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-07-07 18:12 . 2008-07-07 18:12 <REP> d-------- C:\Program Files\Enigma Software Group
      2008-07-07 15:12 . 2008-07-03 20:14 32,256 --a------ C:\WINDOWS\Sys402.exe
      2008-07-07 15:12 . 2008-07-03 20:14 30,208 --a------ C:\WINDOWS\Sys404.exe
      2008-07-07 15:12 . 2008-07-07 15:12 28,800 --------- C:\WINDOWS\system32\iifCtSJA.dll
      2008-06-21 17:27 . 2008-06-21 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-06-20 16:10 . 2008-07-07 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cogniview
      2008-06-20 16:10 . 2008-07-07 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Cogniview
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-10 17:25 . 2008-06-22 10:10 <REP> d-------- C:\Program Files\myphotobook
      2008-06-10 15:55 . 2008-06-10 16:08 <REP> d-------- C:\Program Files\TicTacPhoto

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-07 14:54 --------- d-----w C:\Program Files\Palm
      2008-07-07 14:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-07-07 13:25 --------- d-----w C:\Program Files\Fichiers communs\Java
      2008-06-25 20:06 --------- d-----w C:\Program Files\eMule
      2008-05-15 16:36 --------- d-----w C:\Program Files\FLVPlayer
      2008-05-15 16:34 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
      2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      2008-05-07 20:46 31,349 ----a-w C:\Documents and Settings\Administrateur\Application Data\mdbu.bin
      2008-05-07 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
      2007-03-27 08:03 87,608 ----a-w C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
      2007-03-27 08:03 47,360 ----a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}]
      2008-07-07 15:12 28800 --------- C:\WINDOWS\system32\iifCtSJA.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-02 16:35 282624]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
      "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 16208384 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{20177355-706D-416B-A23B-49443A7118F3}"= "C:\WINDOWS\system32\iifCtSJA.dll" [2008-07-07 15:12 28800]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifCtSJA]
      2008-07-07 15:12 28800 C:\WINDOWS\system32\iifCtSJA.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-05 12:50 8704 C:\WINDOWS\system32\PCANotify.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_SZ msv1_0
      Notification Packages REG_SZ scecli

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
      "C:\\Sabconew\\SABCO.EXE"=
      "C:\\Program Files\\eMule\\emule.exe"=

      R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-10 19:11]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b42404a-4f59-11dc-bdee-00138fd82229}]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b3f2b46-1a76-11dd-be7f-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6252b46-be96-11dc-be1d-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
      HKCU-Run-Device Detection - C:\Program Files\Foto.com\Editeur Foto.com\dd.exe
      HKLM-Run-MsgCenterExe - C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
      Notify-WgaLogon - (no file)


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-07 21:12:01
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\iifCtSJA.dll
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

      PROCESS: C:\WINDOWS\system32\lsass.exe
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-07 21:14:53 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-07 19:14:43

      Pre-Run: 171,891,027,968 octets libres
      Post-Run: 175,836,422,144 octets libres

      151 --- E O F --- 2008-06-21 01:00:40
      0
    2. Laurent
       
      tout d'abord un tout grand merci pour cette brillante réponse...
      voici le rapport demandé...
      encore merci.....

      ComboFix 08-07-05.1 - Administrateur 2008-07-07 21:08:15.1 - NTFSx86 NETWORK
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Administrateur\err.log
      C:\Documents and Settings\Administrateur\ResErrors.log
      C:\WINDOWS\Downloaded Program Files\setup.inf
      C:\WINDOWS\system32\cfx32.ocx
      C:\WINDOWS\system32\qqsDKRqr.ini
      C:\WINDOWS\system32\qqsDKRqr.ini2
      C:\WINDOWS\system32\rqRKDsqq.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-07-07 20:54 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-07 20:54 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-07 20:46 . 2008-07-07 20:49 3,226 --a------ C:\WINDOWS\system32\tmp.reg
      2008-07-07 20:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-07-07 20:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-07-07 20:45 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-07-07 20:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-07-07 20:45 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-07-07 20:45 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-07-07 20:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-07-07 20:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-07-07 20:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-07-07 20:36 . 2008-07-07 20:39 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-07-07 19:46 . 2008-07-07 20:33 <REP> d-------- C:\Program Files\Spyware Doctor
      2008-07-07 19:46 . 2008-07-07 19:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-07 19:46 . 2008-07-07 19:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
      2008-07-07 19:46 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-07-07 19:46 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-07-07 19:46 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-07-07 19:46 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-07-07 19:46 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-07-07 18:12 . 2008-07-07 18:12 <REP> d-------- C:\Program Files\Enigma Software Group
      2008-07-07 15:12 . 2008-07-03 20:14 32,256 --a------ C:\WINDOWS\Sys402.exe
      2008-07-07 15:12 . 2008-07-03 20:14 30,208 --a------ C:\WINDOWS\Sys404.exe
      2008-07-07 15:12 . 2008-07-07 15:12 28,800 --------- C:\WINDOWS\system32\iifCtSJA.dll
      2008-06-21 17:27 . 2008-06-21 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-06-20 16:10 . 2008-07-07 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cogniview
      2008-06-20 16:10 . 2008-07-07 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Cogniview
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-10 17:25 . 2008-06-22 10:10 <REP> d-------- C:\Program Files\myphotobook
      2008-06-10 15:55 . 2008-06-10 16:08 <REP> d-------- C:\Program Files\TicTacPhoto

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-07 14:54 --------- d-----w C:\Program Files\Palm
      2008-07-07 14:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-07-07 13:25 --------- d-----w C:\Program Files\Fichiers communs\Java
      2008-06-25 20:06 --------- d-----w C:\Program Files\eMule
      2008-05-15 16:36 --------- d-----w C:\Program Files\FLVPlayer
      2008-05-15 16:34 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
      2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      2008-05-07 20:46 31,349 ----a-w C:\Documents and Settings\Administrateur\Application Data\mdbu.bin
      2008-05-07 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
      2007-03-27 08:03 87,608 ----a-w C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
      2007-03-27 08:03 47,360 ----a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}]
      2008-07-07 15:12 28800 --------- C:\WINDOWS\system32\iifCtSJA.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-02 16:35 282624]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
      "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 16208384 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{20177355-706D-416B-A23B-49443A7118F3}"= "C:\WINDOWS\system32\iifCtSJA.dll" [2008-07-07 15:12 28800]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifCtSJA]
      2008-07-07 15:12 28800 C:\WINDOWS\system32\iifCtSJA.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-05 12:50 8704 C:\WINDOWS\system32\PCANotify.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_SZ msv1_0
      Notification Packages REG_SZ scecli

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
      "C:\\Sabconew\\SABCO.EXE"=
      "C:\\Program Files\\eMule\\emule.exe"=

      R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-10 19:11]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b42404a-4f59-11dc-bdee-00138fd82229}]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b3f2b46-1a76-11dd-be7f-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6252b46-be96-11dc-be1d-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
      HKCU-Run-Device Detection - C:\Program Files\Foto.com\Editeur Foto.com\dd.exe
      HKLM-Run-MsgCenterExe - C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
      Notify-WgaLogon - (no file)


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-07 21:12:01
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\iifCtSJA.dll
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

      PROCESS: C:\WINDOWS\system32\lsass.exe
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-07 21:14:53 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-07 19:14:43

      Pre-Run: 171,891,027,968 octets libres
      Post-Run: 175,836,422,144 octets libres

      151 --- E O F --- 2008-06-21 01:00:40
      0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as les rapport smitfraudfix , malware byte's?

    __________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\iifCtSJA.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{20177355-706D-416B-A23B-49443A7118F3}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifCtSJA]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis et dis tes soucis actuels

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. Laurent
       
      SmitFraudFix v2.329

      Rapport fait à 20:46:05,56, 07/07/2008
      Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

      C:\DOCUME~1\ADMINI~1\Favoris\Error Cleaner.url PRESENT !
      C:\DOCUME~1\ADMINI~1\Favoris\Privacy Protector.url PRESENT !
      C:\DOCUME~1\ADMINI~1\Favoris\Spyware?Malware Protection.url PRESENT !

      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
      "SubscribedURL"="file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
      "FriendlyName"=""

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri
      +--------------------------------------------------+
      [!] Suspicious: wbxdpgfeoba.dll
      BHO: QXK Olive - {26BB7FDF-BB85-4513-8D57-41581C246610}
      TypeLib: {2AF95849-824C-4B32-8C9F-238AEAA90AF0}
      Interface: {310DA161-13D4-496D-B91A-9237D58D299A}
      Interface: {DB894449-4862-4049-9B27-FFEEED6D1CA7}

      [!] Suspicious: sqvgnrpx.dll
      Toolbar: sqvgnrpx - {4CD6E3CE-395E-46C7-BA94-8E23942E5F81}
      TypeLib: {681D471C-A923-4AF9-B62F-C3A5A093826D}
      Interface: {EFCCD78C-F93D-41E5-96D6-F58AC8A30760}
      Classe: sqvgnrpx.blmw
      Classe: sqvgnrpx.ToolBar.1

      [!] Suspicious: fdxbameg.dll
      SSODL: fdxbameg - {F14835C8-8FFD-4F4E-8867-48E182DC6A00}


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 195.238.2.21
      DNS Server Search Order: 195.238.2.22

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer=195.238.2.21,195.238.2.22
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer=195.238.2.21,195.238.2.22
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer=195.238.2.21,195.238.2.22


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      SmitFraudFix v2.329

      Rapport fait à 20:49:15,20, 07/07/2008
      Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri
      C:\WINDOWS\wbxdpgfeoba.dll deleted.
      C:\WINDOWS\sqvgnrpx.dll deleted.
      C:\WINDOWS\fdxbameg.dll deleted.


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      C:\DOCUME~1\ADMINI~1\Favoris\Error Cleaner.url supprimé
      C:\DOCUME~1\ADMINI~1\Favoris\Privacy Protector.url supprimé
      C:\DOCUME~1\ADMINI~1\Favoris\Spyware?Malware Protection.url supprimé

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 195.238.2.21
      DNS Server Search Order: 195.238.2.22

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer=195.238.2.21,195.238.2.22
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer=195.238.2.21,195.238.2.22
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer=195.238.2.21,195.238.2.22


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
    2. Laurent
       
      ComboFix 08-07-05.1 - Administrateur 2008-07-07 21:34:04.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.88 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .
      [color=purple]The following files were disabled during the run:[/color]
      C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Administrateur\Bureau\Antivirus 2009.lnk
      C:\WINDOWS\system32\jiacqgye.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\qoMdBQGY.dll
      C:\WINDOWS\system32\YGQBdMoq.ini
      C:\WINDOWS\system32\YGQBdMoq.ini2

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-07 21:24 . 2008-07-07 21:24 89,088 --a------ C:\WINDOWS\system32\eygqcaij.dll
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-07-07 20:46 . 2008-07-07 20:49 3,226 --a------ C:\WINDOWS\system32\tmp.reg
      2008-07-07 20:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-07-07 20:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-07-07 20:45 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-07-07 20:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-07-07 20:45 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-07-07 20:45 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-07-07 20:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-07-07 20:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-07-07 20:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-07-07 20:36 . 2008-07-07 21:21 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-07-07 19:46 . 2008-07-07 19:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-07 19:46 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-07-07 18:12 . 2008-07-07 18:12 <REP> d-------- C:\Program Files\Enigma Software Group
      2008-07-07 15:12 . 2008-07-03 20:14 32,256 --a------ C:\WINDOWS\Sys402.exe
      2008-07-07 15:12 . 2008-07-03 20:14 30,208 --a------ C:\WINDOWS\Sys404.exe
      2008-07-07 15:12 . 2008-07-07 15:12 28,800 --------- C:\WINDOWS\system32\iifCtSJA.dll
      2008-06-21 17:27 . 2008-06-21 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-06-20 16:10 . 2008-07-07 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cogniview
      2008-06-20 16:10 . 2008-07-07 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Cogniview
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-10 17:25 . 2008-06-22 10:10 <REP> d-------- C:\Program Files\myphotobook
      2008-06-10 15:55 . 2008-06-10 16:08 <REP> d-------- C:\Program Files\TicTacPhoto

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-07 14:54 --------- d-----w C:\Program Files\Palm
      2008-07-07 14:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-07-07 13:25 --------- d-----w C:\Program Files\Fichiers communs\Java
      2008-06-25 20:06 --------- d-----w C:\Program Files\eMule
      2008-05-15 16:36 --------- d-----w C:\Program Files\FLVPlayer
      2008-05-15 16:34 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
      2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      2008-05-07 20:46 31,349 ----a-w C:\Documents and Settings\Administrateur\Application Data\mdbu.bin
      2008-05-07 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
      2007-03-27 08:03 87,608 ----a-w C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
      2007-03-27 08:03 47,360 ----a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
      .

      ((((((((((((((((((((((((((((( snapshot@2008-07-07_21.14.08.70 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-07-07 19:11:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-07-07 19:36:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}]
      2008-07-07 15:12 28800 --------- C:\WINDOWS\system32\iifCtSJA.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-02 16:35 282624]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "147a94f1"="C:\WINDOWS\system32\eygqcaij.dll" [2008-07-07 21:24 89088]
      "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 16208384 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{20177355-706D-416B-A23B-49443A7118F3}"= "C:\WINDOWS\system32\iifCtSJA.dll" [2008-07-07 15:12 28800]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifCtSJA]
      2008-07-07 15:12 28800 C:\WINDOWS\system32\iifCtSJA.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-05 12:50 8704 C:\WINDOWS\system32\PCANotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
      "C:\\Sabconew\\SABCO.EXE"=
      "C:\\Program Files\\eMule\\emule.exe"=

      R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-10 19:11]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b42404a-4f59-11dc-bdee-00138fd82229}]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b3f2b46-1a76-11dd-be7f-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6252b46-be96-11dc-be1d-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-07 21:37:08
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      C:\WINDOWS\system32\jiacqgye.ini 294 bytes

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 1

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\system32\winlogon.exe
      -> C:\WINDOWS\system32\iifCtSJA.dll

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\eygqcaij.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-07 21:39:29 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-07 19:39:24
      ComboFix2.txt 2008-07-07 19:14:56

      Pre-Run: 175,828,250,624 octets libres
      Post-Run: 175,816,929,280 octets libres

      141 --- E O F --- 2008-06-21 01:00:40
      0
    3. phisophour
       
      Oh secours, le PC de ma fille a ramassé antispywear expert... Nous ne sommes pas vraiment des cracs en informatique...Puis je solliciter votre aide pour virer ce poison ? Merci de ns repondre au + vite.
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > phisophour
         
        cré ton propre message et colle y un rapport hijakhchits et on t'aidera mais pas dans le post d'un autre
        merci
        0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non tu as remis le combofix de tout a l'heure fais ceci

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\iifCtSJA.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20177355-706D-416B-A23B-49443A7118F3}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{20177355-706D-416B-A23B-49443A7118F3}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifCtSJA]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis et dis tes soucis actuels

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. Laurent
       
      on recommence....pourtant j'avais fait comme dit avant...
      on va voir pour cette fois si c'est bon....

      ComboFix 08-07-05.1 - Administrateur 2008-07-07 21:44:48.3 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.166 [GMT 2:00]
      Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFscript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\iifCtSJA.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\iifCtSJA.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-07 to 2008-07-07 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-07 21:37 . 2008-07-07 21:43 414 ---hs---- C:\WINDOWS\system32\jiacqgye.ini
      2008-07-07 21:24 . 2008-07-07 21:24 89,088 --a------ C:\WINDOWS\system32\eygqcaij.dll
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-07 20:54 . 2008-07-07 20:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-07-07 20:46 . 2008-07-07 20:49 3,226 --a------ C:\WINDOWS\system32\tmp.reg
      2008-07-07 20:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-07-07 20:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-07-07 20:45 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-07-07 20:45 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-07-07 20:45 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-07-07 20:45 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-07-07 20:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-07-07 20:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-07-07 20:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-07-07 20:36 . 2008-07-07 21:21 <REP> d-------- C:\Program Files\RogueRemover FREE
      2008-07-07 19:46 . 2008-07-07 19:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-07 19:46 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
      2008-07-07 18:12 . 2008-07-07 18:12 <REP> d-------- C:\Program Files\Enigma Software Group
      2008-07-07 15:12 . 2008-07-03 20:14 32,256 --a------ C:\WINDOWS\Sys402.exe
      2008-07-07 15:12 . 2008-07-03 20:14 30,208 --a------ C:\WINDOWS\Sys404.exe
      2008-06-21 17:27 . 2008-06-21 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-06-20 16:10 . 2008-07-07 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cogniview
      2008-06-20 16:10 . 2008-07-07 15:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Cogniview
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-11 08:50 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-10 17:25 . 2008-06-22 10:10 <REP> d-------- C:\Program Files\myphotobook
      2008-06-10 15:55 . 2008-06-10 16:08 <REP> d-------- C:\Program Files\TicTacPhoto

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-07 14:54 --------- d-----w C:\Program Files\Palm
      2008-07-07 14:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-07-07 13:25 --------- d-----w C:\Program Files\Fichiers communs\Java
      2008-06-25 20:06 --------- d-----w C:\Program Files\eMule
      2008-05-15 16:36 --------- d-----w C:\Program Files\FLVPlayer
      2008-05-15 16:34 --------- d-----w C:\Program Files\YouTUBE (TM) movie downloader
      2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      2008-05-07 20:46 31,349 ----a-w C:\Documents and Settings\Administrateur\Application Data\mdbu.bin
      2008-05-07 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
      2007-03-27 08:03 87,608 ----a-w C:\Documents and Settings\Administrateur\Application Data\ezpinst.exe
      2007-03-27 08:03 47,360 ----a-w C:\Documents and Settings\Administrateur\Application Data\pcouffin.sys
      .

      ((((((((((((((((((((((((((((( snapshot@2008-07-07_21.14.08.70 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-07-07 19:11:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      + 2008-07-07 19:47:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-02 16:35 282624]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
      "147a94f1"="C:\WINDOWS\system32\eygqcaij.dll" [2008-07-07 21:24 89088]
      "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 10:48 16208384 C:\WINDOWS\RTHDCPL.exe]
      "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-05 12:50 8704 C:\WINDOWS\system32\PCANotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
      "C:\\Sabconew\\SABCO.EXE"=
      "C:\\Program Files\\eMule\\emule.exe"=

      R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-10 19:11]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b42404a-4f59-11dc-bdee-00138fd82229}]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b3f2b46-1a76-11dd-be7f-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6252b46-be96-11dc-be1d-00138fd82229}]
      \Shell\AutoRun\command - E:\InstallTomTomHOME.exe

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-07 21:48:04
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-07 21:50:21 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-07 19:50:18
      ComboFix2.txt 2008-07-07 19:39:30
      ComboFix3.txt 2008-07-07 19:14:56

      Pre-Run: 175,804,727,296 octets libres
      Post-Run: 175,792,529,408 octets libres

      124 --- E O F --- 2008-06-21 01:00:40
      0
    2. Laurent
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:54:16, on 07/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com/jump.php?wmid=6010&mid=mji6ojg5&lid=2
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [147a94f1] rundll32.exe "C:\WINDOWS\system32\eygqcaij.dll",b
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
      O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
      O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chimacien.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.photolitto.com/
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{590E92EC-814B-4BA7-BF59-271DD967A90D}: NameServer = 195.238.2.21,195.238.2.22
      O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Micro Application\Trains Miniatures 3D\monki.dll (file missing)
      O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok analyse ces deux fichiers sur virus total et colle les rapports:

    https://www.virustotal.com/gui/

    C:\WINDOWS\system32\jiacqgye.ini
    C:\WINDOWS\system32\eygqcaij.dll
    0
  18. Matmat914 Messages postés 1 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:31:43, on 2008-08-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\evupexsb\ofupenal.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\lphc7j3j0ee1c.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\FeedReader30\feedreader.exe
    C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    C:\DOCUME~1\ALAINM~1.PRO\LOCALS~1\Temp\setup1019.exe
    C:\WINDOWS\system32\abwhcxmv.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    C:\DOCUME~1\ALAINM~1.PRO\LOCALS~1\Temp\31.tmp
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=030707 serial=PE02CBX-0000003-NMD lang=FR
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [lphc7j3j0ee1c] C:\WINDOWS\system32\lphc7j3j0ee1c.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\Run: [ObjectDock] C:\Documents and Settings\alainm.PROTIC\Bureau\Style\WinOSX\ObjectDock\ObjectDock.exe
    O4 - HKCU\..\Run: [HSIMargin] C:\Documents and Settings\alainm.PROTIC\Bureau\Style\WinOSX\HSI\HSI.exe "C:\Documents and Settings\alainm.PROTIC\Bureau\Style\WinOSX\HSI\Margin.hss"
    O4 - HKCU\..\Run: [YzShadow] C:\Documents and Settings\alainm.PROTIC\Bureau\Style\WinOSX\YzShadow\YzShadow.exe
    O4 - HKCU\..\Run: [WinRoll] C:\Documents and Settings\alainm.PROTIC\Bureau\Style\WinOSX\WinRoll\winroll.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\ALAINM~1.PRO\LOCALS~1\Temp\setup1019.exe
    O4 - HKCU\..\Run: [apidsc] C:\WINDOWS\system32\abwhcxmv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [vnMO5RbkPT] C:\Documents and Settings\All Users\Application Data\evupexsb\ofupenal.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: Stardock ObjectDock.lnk = C:\Documents and Settings\alainm.PROTIC\Bureau\Document\Style\WinOSX\ObjectDock\ObjectDock.exe
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = protic.net
    O17 - HKLM\Software\..\Telephony: DomainName = protic.net
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = protic.net
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = protic.net
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    0
  19. matmat914
     
    Je comprend pas ce que je dois faire, je suis vrm nul en info et j'ai attraper un espece de viruse.

    Il est dans ma bar d'outil et il arrete de dire que j'ai un probleme de sécurité.

    Quelqun pourrait m'expliquer du début ce que je dois faire plz.
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    cré ton propre message et on t'aidera cela sera plus clair
    0
  21. rajae_tri Messages postés 1 Statut Membre
     
    slt tout le monde j'ai un probleme avec arez .
    je l'ai desinstaller mais j'ai cru avoir un payware dans mon pc issu du logicile arez comt faire pour le suprimer?
    0
  • 1
  • 2