Problème internet virus

Résolu
Passarinho44 Messages postés 977 Statut Contributeur -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,

J'ai un problème avec un virus qui fait que lorsque j'essaie de me connecter à un site, le navigateur ( j'ai essayé avec IE et Firefox ) reste en chargement et me met ensuite page introuvable.
Avec Firefox j'ai également un autre problème qui est que lorsque j'essaie d'atteindre une page web, j'ai droit à un message de windows me disant que l'ewplorateur va redémarrer, il me ferme les fenêtres de l'explorateur windows mais laisse les autres ( comme le navigateur internet ) mais ne charge pas la page et me met qu'elle est introuvable ... Après plusieurs actualisation j'arrive finalement à accéder à la page mais bon, c'est quand même embettant...
J'ai vu sur plusieurs discussions que pour résoudre ce genre de problème, un scan hijackthis s'impose.
C'est donc ce que j'ai fait et voici le résultat :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:37, on 15/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jerome\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [user32] C:\Users\Jerome\AppData\Roaming\user32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [DAEMON Tools Lite] G:\Daemon tools\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [4312e4ed] rundll32.exe "C:\Users\Jerome\AppData\Local\Temp\kiccoymg.dll",b
O4 - HKCU\..\Run: [BM4021d771] Rundll32.exe "C:\Users\Jerome\AppData\Local\Temp\pxjeelpa.dll",s
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 12390 bytes

J'espère que vous pourrez m'aider.

Merci d'avance =)
Configuration: Windows Vista
Internet Explorer 7.0

24 réponses

  • 1
  • 2
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    en effet plusieurs infections

    1/
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse


    2/
    Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    3/ Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69

    @+
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Ok merci, j'essaie ça et je te dis !
      0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Laisse pour sdfix
    il ne fonctionne pas avec vista

    fait les autres on verra ensuite
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Bon alors j'ai essayer de faire ce que tu as dit mais même en mode sans échec Malwarebytes' a planté lors du scan de rapport de scans (enfin je crois que c'est ça ... ) dans le dossier C:\ProgramData\Microsoft\Windows Defender ...

      Il y a des tonnes de fichiers dans ce dossier ...
      Et le cCleaner supprime ceux là ...

      Je les supprime tous (enfin avec cCleaner) ??

      Et pour malwarebytes t'as une idée??


      Merci de m'aider ! =)
      0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Fait le ménage avec CCleaner
    ensuite ré-essaye avec malwarebytes
    @+
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Voilà j'ai enfin pu faire un scan avec malwarebyte ^^
      Voilà le résultat :

      Malwarebytes' Anti-Malware 1.17
      Version de la base de données: 857

      22:40:51 16/06/2008
      mbam-log-6-16-2008 (22-40-51).txt

      Type de recherche: Examen complet (C:\|D:\|G:\|)
      Eléments examinés: 230262
      Temps écoulé: 39 minute(s), 47 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 5
      Valeur(s) du Registre infectée(s): 3
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 2
      Fichier(s) infecté(s): 8

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sudoplanet (Adware.EGDAccess) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SudoPlanet.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4312e4ed (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4021d771 (Trojan.Agent) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\SudoPlanet (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Users\Valérie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7X79FN1\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\Valérie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYN76OHF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\SudoPlanet.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\SudoPlanet.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\SudoPlanet\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
      0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Maintenant

    Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
    => Double clic sur SmitfraudFix.zip
    => Extraire tout
    => Double clic sur SmitfraudFix
    => Double Clic sur SmitfraudFix.cmd
    => Choisir Option 1
    => poste le rapport
    @+
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      J'ai fait le scan , voici le résultat :

      SmitFraudFix v2.325

      Scan done at 18:50:57,66, 17/06/2008
      Run from C:\Users\Jerome\Desktop\SmitfraudFix
      OS: Microsoft Windows [version 6.0.6001] - Windows_NT
      The filesystem type is NTFS
      Fix run in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Windows\system32\PnkBstrA.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      c:\wamp\mysql\bin\mysqld-nt.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Windows\System32\wpcumi.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\wamp\wampmanager.exe
      c:\wamp\apache2\bin\httpd.exe
      C:\wamp\apache2\bin\httpd.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\iTunes\iTunes.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\explorer.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\cmd.exe
      C:\Windows\system32\wbem\wmiprvse.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      hosts file corrupted !

      127.0.0.1 www.legal-at-spybot.info
      127.0.0.1 legal-at-spybot.info

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jerome


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jerome\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jerome\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, following keys are not inevitably infected!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, following keys are not inevitably infected!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, following keys are not inevitably infected!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"="APSHook.dll"
      "LoadAppInit_DLLs"=dword:00000001


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\Windows\\system32\\userinit.exe,"


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Intel(R) Wireless WiFi Link 4965AGN
      DNS Server Search Order: 212.27.54.252
      DNS Server Search Order: 212.27.53.252

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{0485B3CC-25F1-470D-8050-3319668D4A02}: DhcpNameServer=192.168.0.11
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{0EDC7C68-7CFC-4E74-AA48-B18354C34F79}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{0485B3CC-25F1-470D-8050-3319668D4A02}: DhcpNameServer=192.168.0.11
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{0EDC7C68-7CFC-4E74-AA48-B18354C34F79}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{0485B3CC-25F1-470D-8050-3319668D4A02}: DhcpNameServer=192.168.0.11
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{0EDC7C68-7CFC-4E74-AA48-B18354C34F79}: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


      »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


      »»»»»»»»»»»»»»»»»»»»»»»» End






      C'est bon? :s
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Redémarre l'ordinateur en mode sans échec
    (tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/

    * Double clique sur smitfraudfix.cmd

    * Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    * Redémarre en mode normal et poste le rapport ici

    N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
    Attention que l'option 2 de l'outil supprime le fond d'écran !

    reposte un nouveau rapport hijackthis à l'issu stp
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Voici le rapport de hijackthis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:29:37, on 17/06/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Windows\System32\wpcumi.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\Jerome\Downloads\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
      O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
      O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [user32] C:\Users\Jerome\AppData\Roaming\user32.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKCU\..\Run: [DAEMON Tools Lite] G:\Daemon tools\DAEMON Tools Lite\daemon.exe -autorun
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O13 - Gopher Prefix:
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
      O20 - AppInit_DLLs: APSHook.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
      O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
      0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    recherche dans ajout et suppression de programmes, via le Panneau de configuration
    et dans C:\Program Files en suivant ce chemin: Démarrer > Poste de travail > Disque C: > Program Files

    Search Settings et supprime

    Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [user32] C:\Users\Jerome\AppData\Roaming\user32.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    Ensuite clique sur "Fix checked"

    Ensuite

    Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    c:\program files\search settings\searchsettings.exe
    c:\program files\search settings\kb125\searchsettings.dll
    c:\users\jerome\appdata\roaming\user32.exe
    c:\program files\winsos\winsos.exe
    c:\program.exe
    EmptyTemp

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

    poste le rapport et rafias un nouveau rapport HijackThis stp.
    @+
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Bon alors tout d'abord merci beaucoup pour tout ces conseils :)

      Après avoir désinstallé Search settings plus de traces dans C:\ et je n'ai pas non plus trouvé les lignes
      O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      dans hijackthis.

      Voici le rapport OTMoveIT :

      File/Folder c:\program files\search settings\searchsettings.exe not found.
      File/Folder c:\program files\search settings\kb125\searchsettings.dll not found.
      File/Folder c:\users\jerome\appdata\roaming\user32.exe not found.
      File/Folder c:\program files\winsos\winsos.exe not found.
      File/Folder c:\program.exe not found.
      < EmptyTemp >
      File delete failed. C:\Users\Jerome\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
      File delete failed. C:\Users\Jerome\AppData\Local\Temp\~DF9532.tmp scheduled to be deleted on reboot.
      Temp folders emptied.
      IE temp folders emptied.

      OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06172008_234230

      Files moved on Reboot...
      C:\Users\Jerome\AppData\Local\Temp\ehmsas.txt moved successfully.
      C:\Users\Jerome\AppData\Local\Temp\~DF9532.tmp moved successfully.


      Et le rapport hijackthis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:49:03, on 17/06/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\notepad.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Windows\System32\wpcumi.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\Jerome\Downloads\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
      O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [user32] C:\Users\Jerome\AppData\Roaming\user32.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKCU\..\Run: [DAEMON Tools Lite] G:\Daemon tools\DAEMON Tools Lite\daemon.exe -autorun
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O13 - Gopher Prefix:
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
      O20 - AppInit_DLLs: APSHook.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
      O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
      0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    recherche dans ajout et suppression de programmes, via le Panneau de configuration
    et dans C:\Program Files en suivant ce chemin: Démarrer > Poste de travail > Disque C: > Program Files

    Winsos

    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de : user32.exe

    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    @+ ;-)
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Bonsoir ! =)

      Bon alors je ne sais pas si c'est bien ou pas mais les 2trucs que tu m'a donné n'ont rien donné :

      Pas de trace de winsos sur mon PC ...

      Après une recherche avec OAD, rien non plus avec user32.exe, le fichier txt créé à la fin était vide ...


      C'est grave docteur? ;p


      Fallait pas le lancé en mode sans échec?
      0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Grave non
    mais ça m'étonne ;-)

    on continu

    fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    ensuite un nouveau rapport hijack stp
    @+
    0
    1. Passarinho44 Messages postés 977 Statut Contributeur 132
       
      Bonjour,

      Voilà le scan bitdefender :

      BitDefender Online Scanner

      Scan report generated at: Thu, Jun 19, 2008 - 00:06:02

      Scan path: C:\;D:\;E:\;G:\;

      Statistics

      Time
      01:14:46

      Files
      601692

      Folders
      20655

      Boot Sectors
      5

      Archives
      3454

      Packed Files
      34442

      Results

      Identified Viruses
      7

      Infected Files
      9

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      18

      Engines Info

      Virus Definitions

      1261980

      Engine build
      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Scan plugins
      16

      Archive plugins
      42

      Unpack plugins
      7

      E-mail plugins
      6

      System plugins
      5


      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes


      Scanned File


      Status

      C:\Program Files\ESET\infected\0RLG3DCA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ETH

      C:\Program Files\ESET\infected\0RLG3DCA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\5BMLIYDA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ESK

      C:\Program Files\ESET\infected\5BMLIYDA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\CHV35VBA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ESK

      C:\Program Files\ESET\infected\CHV35VBA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\HM2V5PBA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ESF

      C:\Program Files\ESET\infected\HM2V5PBA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\LTJRXGBA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ENB

      C:\Program Files\ESET\infected\LTJRXGBA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\NAOAPLAA.NQF=>(Quarantine-PE)
      Infected with: Trojan.LowZones.SG

      C:\Program Files\ESET\infected\NAOAPLAA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\PFFBH0AA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ENC

      C:\Program Files\ESET\infected\PFFBH0AA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\Q1XDF1CA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ESF

      C:\Program Files\ESET\infected\Q1XDF1CA.NQF=>(Quarantine-PE)
      Deleted

      C:\Program Files\ESET\infected\XOR5IIAA.NQF=>(Quarantine-PE)
      Infected with: Trojan.Vundo.ESE

      C:\Program Files\ESET\infected\XOR5IIAA.NQF=>(Quarantine-PE)
      Deleted



      Et voici le rapport hijackthis


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 07:57:13, on 19/06/2008
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Windows\System32\wpcumi.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\wamp\wampmanager.exe
      C:\Windows\system32\conime.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\Jerome\Downloads\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
      O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [user32] C:\Users\Jerome\AppData\Roaming\user32.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
      O4 - HKCU\..\Run: [DAEMON Tools Lite] G:\Daemon tools\DAEMON Tools Lite\daemon.exe -autorun
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
      O13 - Gopher Prefix:
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
      O20 - AppInit_DLLs: APSHook.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
      O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
      0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    => /!\déconnecte toi d'internet et ferme toutes tes applications./!\

    =>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

    => Double-clic sur combofix,

    => /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

    => Attends que combofix ait terminé, un rapport sera créé.

    => réactive ton parefeu, ton antivirus, la garde de ton antispyware

    => copie/colle le rapport C:\ComboFix.txt

    => Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    0
  11. Passarinho44 Messages postés 977 Statut Contributeur 132
     
    Bonjour !

    Désolé pour le retard j'ai eu qq problèmes ... :s

    Voici le rapport de combofix :

    ComboFix 08-06-20.4 - Jerome 2008-06-23 7:52:45.1 - NTFSx86
    Endroit: C:\Users\Jerome\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SudoPlanet
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SudoPlanet\Conditions générales.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SudoPlanet\Confidentialité.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SudoPlanet\SudoPlanet.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SudoPlanet\Website.lnk
    C:\Users\Jerome\AppData\Local\fwwcobubp.dat
    C:\Users\Jerome\AppData\Local\fwwcobubp_nav.dat
    C:\Users\Jerome\AppData\Local\fwwcobubp_navps.dat
    C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SudoPlanet

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-20 21:01 . 2008-06-20 21:01 <REP> d-------- C:\Users\Jerome\AppData\Roaming\LogProtect
    2008-06-20 21:01 . 2008-06-22 12:11 <REP> d-------- C:\Temp
    2008-06-20 21:01 . 2008-06-22 12:11 <REP> d-------- C:\LogProtect
    2008-06-18 22:43 . 2008-06-19 00:06 <REP> d-------- C:\Windows\BDOSCAN8
    2008-06-17 23:42 . 2008-06-17 23:42 <REP> d-------- C:\_OTMoveIt
    2008-06-17 22:10 . 2008-06-17 22:10 691 --a------ C:\Users\Jerome\AppData\Roaming\GetValue.vbs
    2008-06-17 22:10 . 2008-06-17 22:10 35 --a------ C:\Users\Jerome\AppData\Roaming\SetValue.bat
    2008-06-17 18:51 . 2008-06-17 22:10 8,072 --a------ C:\Windows\System32\tmp.reg
    2008-06-17 18:50 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
    2008-06-17 18:50 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
    2008-06-17 18:50 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
    2008-06-17 18:50 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
    2008-06-17 18:50 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
    2008-06-17 18:50 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
    2008-06-17 18:50 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
    2008-06-17 18:50 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
    2008-06-17 18:50 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
    2008-06-15 17:49 . 2008-06-15 17:49 <REP> d-------- C:\Program Files\CCleaner
    2008-06-15 17:42 . 2008-06-15 17:42 <REP> d-------- C:\Users\Jerome\AppData\Roaming\Malwarebytes
    2008-06-15 17:42 . 2008-06-15 17:42 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-06-15 17:42 . 2008-06-15 17:42 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-15 17:42 . 2008-06-15 17:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-15 17:42 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-06-15 17:42 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-06-14 21:23 . 2008-06-14 21:23 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-06-14 20:15 . 2008-06-14 21:15 <REP> d-------- C:\wamp
    2008-06-14 19:55 . 2008-06-14 19:55 <REP> d-------- C:\Program Files\Notepad++
    2008-06-14 18:21 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-14 18:21 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-14 18:21 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-14 18:21 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-12 00:20 . 2008-06-12 00:20 197 --a------ C:\Windows\System32\MRT.INI
    2008-06-09 19:30 . 2008-06-09 19:30 <REP> d-------- C:\Program Files\eMule
    2008-05-30 18:20 . 2008-02-01 09:50 245,760 --a------ C:\Windows\JkDefragScreenSaver.exe
    2008-05-30 18:20 . 2008-02-01 09:50 229,376 --a------ C:\Windows\JkDefragCmd.exe
    2008-05-30 18:20 . 2008-02-01 09:50 229,376 --a------ C:\Windows\JkDefrag.exe
    2008-05-30 18:20 . 2008-02-01 09:50 110,592 --a------ C:\Windows\JkDefragScreenSaver.scr
    2008-05-30 18:00 . 2008-05-30 17:59 512,096 --a------ C:\Windows\System32\drivers\amon.sys
    2008-05-30 18:00 . 2008-05-30 17:59 298,104 --a------ C:\Windows\System32\imon.dll
    2008-05-30 18:00 . 2008-05-30 17:59 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
    2008-05-30 17:59 . 2008-06-02 19:35 <REP> d-------- C:\Program Files\ESET
    2008-05-30 17:08 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-30 17:08 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-27 12:47 . 2008-05-27 12:47 <REP> d-------- C:\Users\All Users\WindowsSearch
    2008-05-27 12:47 . 2008-05-27 12:47 <REP> d-------- C:\ProgramData\WindowsSearch
    2008-05-26 21:50 . 2008-05-26 21:50 <REP> d-------- C:\Users\Jerome\AppData\Roaming\Grisoft
    2008-05-26 21:50 . 2008-05-26 21:50 <REP> d-------- C:\Users\All Users\Grisoft
    2008-05-26 21:50 . 2008-05-26 21:50 <REP> d-------- C:\ProgramData\Grisoft
    2008-05-26 21:50 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
    2008-05-26 21:42 . 2008-05-26 21:42 <REP> d-------- C:\Users\All Users\ESET
    2008-05-26 21:42 . 2008-05-26 21:42 <REP> d-------- C:\ProgramData\ESET
    2008-05-26 19:58 . 2008-06-14 21:32 <REP> d-------- C:\tmp
    2008-05-26 19:56 . 2008-05-30 17:31 <REP> d-------- C:\Program Files\Anti-Leech
    2008-05-25 15:08 . 2008-05-26 20:33 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-25 15:08 . 2008-05-26 20:33 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-25 13:59 . 2008-05-25 13:59 <REP> d-------- C:\Program Files\LaBoiteACouleurs

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-22 17:29 --------- d-----w C:\Users\Jerome\AppData\Roaming\OpenOffice.org2
    2008-06-21 14:09 --------- d-----w C:\ProgramData\CyberLink
    2008-06-17 16:37 27,934 ----a-w C:\Users\Jerome\AppData\Roaming\nvModes.dat
    2008-06-14 19:24 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-06-14 17:55 --------- d-----w C:\Users\Jerome\AppData\Roaming\Notepad++
    2008-06-12 05:39 --------- d-----w C:\Program Files\Windows Mail
    2008-06-09 17:32 --------- d-----w C:\ProgramData\eMule
    2008-05-30 14:58 --------- d-----w C:\Users\Jerome\AppData\Roaming\DAEMON Tools
    2008-05-15 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-14 14:07 --------- d-----w C:\Users\Jerome\AppData\Roaming\Ubisoft
    2008-05-14 13:35 --------- d-----w C:\ProgramData\Ubisoft
    2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
    2008-05-08 10:26 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-05-04 13:14 --------- d-----w C:\ProgramData\MySQL
    2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
    2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
    2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
    2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-04-09 15:34 174 --sha-w C:\Program Files\desktop.ini
    2008-04-09 15:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-04-09 15:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-04-09 14:30 47,560 ----a-w C:\Windows\System32\SPReview.exe
    2008-04-09 14:30 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
    2008-03-15 15:57 199,445 ----a-w C:\Users\Jerome\AppData\Roaming\toolbar.dll
    2007-12-22 21:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-12-22 21:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-12-22 21:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
    "WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.EXE" [ ]
    "DAEMON Tools Lite"="G:\Daemon tools\DAEMON Tools Lite\daemon.exe" [ ]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
    "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "user32"="C:\Users\Jerome\AppData\Roaming\user32.exe" [ ]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-30 17:59 949376]

    C:\Users\Jerome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
    WampServer.lnk - C:\wamp\wampmanager.exe [2004-06-27 20:57:36 1101824]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=APSHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogProtect]
    --a------ 2007-09-09 20:44 2428416 C:\LogProtect\LogProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1921414526-946099951-3097703504-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E9700DD2-050E-4830-8C93-832E14A18463}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{D344DB5F-C5F3-44E3-A3CC-55968796A2F2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{394C533B-4CC1-4246-B362-3E4670DD45AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{A0D656E2-4E3F-4346-9AF0-1784F49B370E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "TCP Query User{2D3A76AA-AE31-4DBA-AC4C-D27D73D2F35B}G:\\cs\\counter strike\\hl.exe"= UDP:G:\cs\counter strike\hl.exe:Half-Life Launcher
    "UDP Query User{5EDFF0D6-ED26-4114-9C4D-D2A7A0119437}G:\\cs\\counter strike\\hl.exe"= TCP:G:\cs\counter strike\hl.exe:Half-Life Launcher
    "TCP Query User{ABD4B6FC-5D75-4D20-BEFB-54D49A62BC03}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
    "UDP Query User{EB5821C2-CBE9-4AC4-B42D-F17CD2ECF62F}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
    "TCP Query User{1BB5109B-3DE1-454E-9A44-46B79E81D245}C:\\program files\\war3\\war3.exe"= UDP:C:\program files\war3\war3.exe:Warcraft III
    "UDP Query User{7B4CAC19-3299-49B7-B470-F72409CD3BC8}C:\\program files\\war3\\war3.exe"= TCP:C:\program files\war3\war3.exe:Warcraft III
    "TCP Query User{5CA37E31-A8BF-47D3-821B-16038B3A4CD0}C:\\program files\\war3\\war3.exe"= UDP:C:\program files\war3\war3.exe:Warcraft III
    "UDP Query User{78243B3A-0D91-4776-9C5F-AC4DBA1DA0B1}C:\\program files\\war3\\war3.exe"= TCP:C:\program files\war3\war3.exe:Warcraft III
    "TCP Query User{E2EE1044-8B2E-4298-9F92-69D4BECF70F7}F:\\temp14\\counter strike\\hl.exe"= UDP:F:\temp14\counter strike\hl.exe:Half-Life Launcher
    "UDP Query User{4E0252B9-C629-4CE2-A7FD-621A84243E32}F:\\temp14\\counter strike\\hl.exe"= TCP:F:\temp14\counter strike\hl.exe:Half-Life Launcher
    "TCP Query User{94793654-3CCD-4CB6-9013-20B9C616EE86}C:\\ut2004\\system\\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004
    "UDP Query User{8219419C-457F-40B5-A930-D7A0827CAED5}C:\\ut2004\\system\\ut2004.exe"= TCP:C:\ut2004\system\ut2004.exe:UT2004
    "TCP Query User{858676C3-B0B5-46D7-B4BA-45D699B56E5C}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike\\hl.exe"= UDP:C:\pacsteamt\steamapps\passarinho4\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{7639BD08-7551-4194-8B11-226775D86549}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike\\hl.exe"= TCP:C:\pacsteamt\steamapps\passarinho4\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{9332AE91-7DC8-43D8-9E79-B9018E451F2E}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike source\\hl2.exe"= UDP:C:\pacsteamt\steamapps\passarinho4\counter-strike source\hl2.exe:hl2
    "UDP Query User{F22319A6-4D41-4F4D-B86E-EC5EC684A534}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike source\\hl2.exe"= TCP:C:\pacsteamt\steamapps\passarinho4\counter-strike source\hl2.exe:hl2
    "TCP Query User{A58A3171-18DA-4337-8A58-E3E881AD6887}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{B6DAB23D-6BEB-4D17-B930-6EEE6CA6BE04}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{78F2FF47-AF43-4B63-906A-A5410BC058A6}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike source\\hl2.exe"= UDP:C:\pacsteamt\steamapps\passarinho4\counter-strike source\hl2.exe:hl2
    "UDP Query User{5DD03D52-A716-4B1E-91BE-43F0840699F6}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike source\\hl2.exe"= TCP:C:\pacsteamt\steamapps\passarinho4\counter-strike source\hl2.exe:hl2
    "TCP Query User{316983CB-768D-4BD3-B2D1-3545FD1AF2EA}C:\\users\\jerome\\desktop\\games\\temp14\\counter strike\\hl.exe"= UDP:C:\users\jerome\desktop\games\temp14\counter strike\hl.exe:hl.exe
    "UDP Query User{AFD23B40-4790-4BB9-AECC-137A157B4DF6}C:\\users\\jerome\\desktop\\games\\temp14\\counter strike\\hl.exe"= TCP:C:\users\jerome\desktop\games\temp14\counter strike\hl.exe:hl.exe
    "TCP Query User{3FD5BEF7-8D50-40B4-AE2D-BC714630BE3C}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike\\hl.exe"= UDP:C:\pacsteamt\steamapps\passarinho4\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{DB31DA43-A6F2-47FD-B3BA-02C8C6C2064B}C:\\pacsteamt\\steamapps\\passarinho4\\counter-strike\\hl.exe"= TCP:C:\pacsteamt\steamapps\passarinho4\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{AE6ED97B-50AA-4948-96B4-3F91AA902352}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
    "UDP Query User{7FE7255F-83CD-4291-8167-1C273FED0F4D}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
    "{21F0A6FA-B61D-429A-B27B-59CA3CD32C43}"= Disabled:UDP:58408:Pando P2P TCP Listening Port
    "{46809079-A29C-427E-84AE-F56DC6E8C1C8}"= Disabled:TCP:58408:Pando P2P UDP Listening Port
    "TCP Query User{9585AEA0-F4F0-400C-B965-016C396CA943}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
    "UDP Query User{2C5EEA24-863F-4DE8-9A14-F3AFB4C614A5}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
    "TCP Query User{5FEE2382-2916-4259-B5AC-B0F43E3E840C}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
    "UDP Query User{67F12B50-10D7-435A-8F51-F6FA5777A112}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
    "TCP Query User{E4079A0A-9819-44D6-8EAC-6E4838DD2392}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{D6A8B907-B3B4-4BA5-BDC2-F9218D0B5A4D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{79F746A7-22F4-4DB7-A7D8-3ACB73644CDA}C:\\pacsteamt\\steamapps\\lartsim\\counter-strike\\hl.exe"= UDP:C:\pacsteamt\steamapps\lartsim\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{580C7D53-31B4-46AD-BC58-09C340DE0486}C:\\pacsteamt\\steamapps\\lartsim\\counter-strike\\hl.exe"= TCP:C:\pacsteamt\steamapps\lartsim\counter-strike\hl.exe:Half-Life Launcher
    "{AE00BC34-ACF8-4F2A-B20A-B012E703F9B4}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{C4029515-BD8A-4713-AFBA-12D92097F5CB}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{FACB7CAC-7480-4EE4-A0E4-2612D4A6E30A}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{1D3F876F-550F-4690-8210-7C9C3BDDD987}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
    "UDP Query User{612C0330-8057-4EF9-A7A8-E7B31A4A14E0}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
    "{42976830-C005-4774-8A5E-F70147212EAC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{8F20F618-1FC4-4EE3-9FD7-67E5726E5595}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{9E0C90F3-3492-475A-9B47-D4C14C23F1D1}"= UDP:C:\Users\Jerome\Documents\Devoirs\PHP\EasyPHP1-8\EasyPHP.exe:EasyPHP
    "{B9AB71E0-108A-49EC-B051-8F02D13ABA41}"= TCP:C:\Users\Jerome\Documents\Devoirs\PHP\EasyPHP1-8\EasyPHP.exe:EasyPHP
    "{B3278F59-B892-455F-A08B-23F4C4026A4B}"= UDP:80:apache
    "TCP Query User{C4273780-1884-494E-BA92-B9589CEFE136}C:\\pacsteamt\\steamapps\\passarinho4\\day of defeat source\\hl2.exe"= UDP:C:\pacsteamt\steamapps\passarinho4\day of defeat source\hl2.exe:hl2
    "UDP Query User{9BE49EE8-3087-4C7B-9386-94D5C7A04D2F}C:\\pacsteamt\\steamapps\\passarinho4\\day of defeat source\\hl2.exe"= TCP:C:\pacsteamt\steamapps\passarinho4\day of defeat source\hl2.exe:hl2
    "TCP Query User{CFE36288-6526-4CD9-A511-131BDDD6B35F}C:8\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:C:8\age of empires ii\age2_x1\age2_x1.exe:age2_x1.exe
    "UDP Query User{968B54DD-B0F2-4D8A-A8FE-2949371D5B8D}C:8\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:C:8\age of empires ii\age2_x1\age2_x1.exe:age2_x1.exe
    "TCP Query User{96FFCF8B-5809-4F8C-AF5D-11BCF6C35031}F:\\wolfenstein - enemy territory\\et.exe"= Disabled:UDP:F:\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{98BA1E80-25AB-4C2A-9AF2-8B70DCAD0EEF}F:\\wolfenstein - enemy territory\\et.exe"= Disabled:TCP:F:\wolfenstein - enemy territory\et.exe:ET
    "TCP Query User{8ED1E2EB-CFBD-4DAD-99B0-A48391AF8532}C:\\program files\\pando networks\\pando\\pando.exe"= Disabled:UDP:C:\program files\pando networks\pando\pando.exe:pando
    "UDP Query User{DC6A69D8-2B74-410F-B5BD-2D048350C1D8}C:\\program files\\pando networks\\pando\\pando.exe"= Disabled:TCP:C:\program files\pando networks\pando\pando.exe:pando
    "{219EFDEF-CA7D-4452-9AFD-ED1AE1509725}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{A07B99B4-19D5-4127-9F4D-3FDBB8B1DDE5}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{53CA3C26-D42A-477C-B7D3-D2EF71162B0C}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{47DA358A-CFEC-4DE1-83C5-742ED591649A}C:\\program files\\java\\jdk1.6.0_01\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_01\jre\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{87E6853F-3C28-465C-BB78-8789E6DD4143}C:\\program files\\java\\jdk1.6.0_01\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_01\jre\bin\java.exe:Java(TM) Platform SE binary
    "TCP Query User{F34948D2-45E3-4D84-A620-F72CF152C89B}G:\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:G:\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
    "UDP Query User{8290A517-2491-4544-964C-C52C472B0E65}G:\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:G:\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
    "{12905BEC-7B8E-4E31-B92E-9835CCC7B0BF}"= UDP:C:4\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{826ABCFB-FEC8-41A2-B44D-C8DB7098CCBB}"= TCP:C:4\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{23172051-CCD3-45AB-8F05-F9A266C2BECB}"= UDP:C:4\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{6BD25C85-4302-448B-9739-494A4C046B79}"= TCP:C:4\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{69DB2117-5830-4A4C-B96B-E055209BD928}"= UDP:C:4\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{2484F52E-48C6-4AC8-8B64-9E51E7A672B8}"= TCP:C:4\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "TCP Query User{E0FF214A-5B58-4312-9172-1F8D8AC00281}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{26FB53F9-EA86-4FA8-84EE-AB0FA6A60C0C}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "{A21F5CD2-8D05-4B8E-9567-5FA8DF432576}"= UDP:45276:utorrent
    "TCP Query User{6AB8E2D3-018E-42B5-9FF3-98C38B30E1BE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{091205C8-89C4-4391-9EF7-D26F6DAA344B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{706CF23C-2707-4DFC-B81A-F2039D656651}"= UDP:47331:emuleTCP
    "{63410E49-54B9-49E5-88C9-56F7CD46A8A9}"= TCP:20806:EmuleUDP
    "TCP Query User{EAD7F407-4C61-4039-8FAD-E6011FFE8FA9}C:0\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:C:0\age of empires ii\age2_x1\age2_x1.exe:age2_x1.exe
    "UDP Query User{59D80221-D93B-4F6A-8B6F-8237BF83F489}C:0\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:C:0\age of empires ii\age2_x1\age2_x1.exe:age2_x1.exe
    "TCP Query User{4103C98E-C16A-48AC-96C1-E7889C6C4E8B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{B33C483F-4492-4623-A90E-3C70E7F50FE7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{132E2211-1557-4E39-AB70-EDF4247CB825}C:\\program files\\mozilla firefox\\plugins\\alhlp.exe"= UDP:C:\program files\mozilla firefox\plugins\alhlp.exe:Anti-Leech plugin helper program
    "UDP Query User{BA023572-25A5-4DDA-B965-612B83793464}C:\\program files\\mozilla firefox\\plugins\\alhlp.exe"= TCP:C:\program files\mozilla firefox\plugins\alhlp.exe:Anti-Leech plugin helper program
    "{B46CB8E4-46FE-4286-BAE2-6664F3455281}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{EAC7853F-8770-426C-81AC-8298CED69661}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{839BD183-DC78-4B31-8995-3E5A30839005}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{9D91EEC4-816D-4B8F-B0CC-CE9D68D782F3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{1B81AFE3-00C9-4E42-8AFE-B923D0021234}"= UDP:C:\wamp\wampmanager.exe:wampmanager
    "{B3BADEAA-634D-413E-A7DE-80E0C692B8AE}"= TCP:C:\wamp\wampmanager.exe:wampmanager
    "{A4CC5997-87F2-4857-A4C3-B4C215A24F3D}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{FBB5EB7E-0DF8-4735-9AD7-195820EDB48D}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
    R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-10-22 04:30]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-12-30 15:34]
    S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    GPSvcGroup REG_MULTI_SZ GPSvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    bthsvcs REG_MULTI_SZ BthServ

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-23 05:38:09 C:\Windows\Tasks\User_Feed_Synchronization-{DB5778FD-8D93-417E-A233-AB84CBDBE91B}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-23 08:00:05
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\ESET\nod32krn.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Windows\System32\PnkBstrA.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-23 8:08:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-23 06:07:57

    Pre-Run: 80,831,025,152 octets libres
    Post-Run: 80,558,034,944 octets libres

    327 --- E O F --- 2008-06-19 19:56:14
    0
  12. sylvio
     
    tu as koi komme pc parce que je ne peu pas trops d'aider sur ca
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    selectionne ceci

    registry::

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WINSOS VERIFY"=-



    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Ensuite dit moi si tu as encore des soucis
    @+
    0
  14. Passarinho44 Messages postés 977 Statut Contributeur 132
     
    Bon mauvaise nouvelle : j'ai encore un problème :(

    J'ai une fenêtre qui s'ouvre un peu genre execution automatique d'un disque dur externe.

    La fenêtre me dit qu'il y a un message qui veut d'afficher sur le bureau.
    Là j'ai 2choix :
    - afficher le message
    - me rappeler dans quelques minutes

    Afficher le message me met un ecran noir de qq secondes puis éteint ma cam ( c'est une cam intégrée sur un ordi portable )

    Tu penses que ça peut venir de quoi?
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    OK on continu

    Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
    ==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    ==> Un nouveau dossier chercher va être créé DiagHelp
    ==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    ==> Une fenêtre va s'ouvrir, choisis l'option 1
    ==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
    ==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    ==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    ==> A nouveau menu Edition / copier
    ==> Dans un nouveau message ici, faire un clic droit / coller
    @+
    0
  16. Passarinho44 Messages postés 977 Statut Contributeur 132
     
    J'ai un problème avec ton programme :
    sous vista il faut que je le lance en tant qu'admin pour qu'il aie accès au fichiers
    ( j'ai essayer sans , le scan démarre mais il me dit que les fichiers sont introuvables (environ 3 ou 4 messages d'erreur ) puis il ferme l'invite de commande.. )
    Et lorsque je le lance en tant qu'admin, il me dit que le scan ne peut pas commencer car il manque des fichiers ...

    Que faire? :(
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    est-ce que tu la bien dézipper

    si tu ne peux toujours pas

    Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    http://deckard.geekstogo.com/dss.exe

    Ferme toutes les applications en cours.

    Double-clic sur comboscan.exe pour lancer l'outil.

    Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
    0
  18. Passarinho44 Messages postés 977 Statut Contributeur 132
     
    Bonjour !

    Non j'ai essayer de le retélécharger, de le redézipper, etc ... pas moyen ...

    Sinon pour l'autre voici le rapport main :

    Deckard's System Scanner v20071014.68
    Run by Jerome on 2008-06-24 07:53:04
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    7: 2008-06-23 19:12:45 UTC - RP263 - ComboFix created restore point
    6: 2008-06-23 19:00:54 UTC - RP262 - Supprimé GTAIII
    5: 2008-06-23 05:51:27 UTC - RP260 - ComboFix created restore point
    4: 2008-06-21 22:00:05 UTC - RP259 - Point de contrôle planifié
    3: 2008-06-20 22:49:08 UTC - RP258 - Point de contrôle planifié

    -- First Restore Point --
    1: 2008-06-19 02:49:20 UTC - RP256 - Point de contrôle planifié

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Jerome.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:55:06, on 24/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\wamp\wampmanager.exe
    C:\Windows\system32\conime.exe
    C:\Users\Jerome\Desktop\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jerome\DOWNLO~1\Jerome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [user32] C:\Users\Jerome\AppData\Roaming\user32.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [DAEMON Tools Lite] G:\Daemon tools\DAEMON Tools Lite\daemon.exe -autorun
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lan.rj44.fr
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Il reste encore des saloperies
    Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "user32"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "WINSOS VERIFY"=-


    Puis "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    c:\users\jerome\appdata\roaming\user32.exe
    c:\program files\winsos\winsos.exe
    c:\program.exe
    EmptyTemp

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

    @+
    0
  20. Passarinho44 Messages postés 977 Statut Contributeur 132
     
    Bonjour,

    Voici le rapport de MoveIt :

    File/Folder c:\users\jerome\appdata\roaming\user32.exe not found.
    File/Folder c:\program files\winsos\winsos.exe not found.
    File/Folder c:\program.exe not found.
    < EmptyTemp >
    File delete failed. C:\Users\Jerome\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
    File delete failed. C:\Users\Jerome\AppData\Local\Temp\fla20EF.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\Jerome\AppData\Local\Temp\~DF1F42.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\hppldcoi.log scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\hpqddsvc.log scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\hpzFR4v2.chm scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\hpzFR4v2.hlp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\ProductContextF4100.log scheduled to be deleted on reboot.
    Temp folders emptied.
    IE temp folders emptied.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06252008_075751
    0
  21. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    refais un nouveau HijackThis stp
    0
  • 1
  • 2