Adware et malware

lolo3 -  
afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Mon ordinateur vient de détecter un adware (win32:vapsup-CF) que j'ai essayé de supprimer en vain. A chaque fois que je le supprime, un message apparait me disant 'impossible de traiter le fichier'. :fou:

De plus, une fenêtre est apparu indiquant cela : 'Windows system files have been compromised. probably cause : malware infection. Replace modified files with backup copies and perform scan for malware ?' . Je ne sais pas si je dois répondre oui ou non ...

Enfin, des fichiers apparaissent tous seuls sur le bureau et je ne peux pas les supprimer, il réapparaissent à chaque fois.

PS : J'ai eu auparavant un cheval de troie que mon antivirus me détecte régulièrement mais je n'y avait pas vraiment fais attention car je n'avais aucun problème pour utiliser mon ordinateur.

Merci d'avance pour votre aide ;)
Configuration: Windows XP
Firefox 2.0.0.15

35 réponses

  • 1
  • 2
Résumé de la discussion

Un adware détecté sur Windows XP, identifié comme Win32:vapsup-CF, empêche la suppression et provoque des messages d'erreur et des fichiers qui réapparaissent sur le bureau. Plusieurs réponses proposent des outils et méthodes pour nettoyer le système, notamment HijackThis, ComboFix et Malwarebytes, ainsi que des conseils sur les processus et les objets de démarrage à inspecter. Des échanges évoquent des symptômes variés comme des fenêtres système compromises, des fichiers fantômes sur le bureau et des redémarrages problématiques, avec des conseils pratiques: rapports HijackThis, suppression de barres d’outils et restauration de sécurité. En cas de doute, des réponses mentionnent la nécessité d’un support technique et d’un CD d’installation, et signalent des risques potentiels lors des manipulations qui affectent le système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. yingetyang Messages postés 607 Statut Membre 34
     
    Le cheval de Troie est une porte ouverte, tu ne peux supprimer ton virus car il est en activité, il te faut aller dans le gestionnaire des taches et arrêter tous les logiciels suspect jusqu'a ce que tu trouve le bon et le supprimer. Attention tache longue et difficile car la plus part des virus prennent le nom d'un fichier système avec une petite erreur dans le nom afin de pouvoir s'installer
    0
    1. lolo3
       
      Merci de votre réponse mais je ne suis pas experte en informatique. Lorsque vous dites arrêter un par un, c'est à dire qu'il faut sélectionner chaque programme de l'onglet 'processus' et cliquer sur 'terminer le processus' ?
      Car en faisant ceci, le programme ne se relancera pas de lui-même après, si ?

      Merci encore
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
    1. lolo3
       
      Voila le rapport, merci de votre aide :


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:11:29, on 07/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\apps\ABoard\ABoard.exe
      C:\Program Files\Real\RealPlayer\RealPlay.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
      C:\APPS\SMP\SmpSys.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
      C:\Program Files\iPod\bin\iPodService.exe
      D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
      C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
      C:\Program Files\iTunes\iTunes.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
      C:\Program Files\PCHealthCenter\2.exe
      C:\Program Files\PCHealthCenter\3.exe
      C:\Program Files\PCHealthCenter\4.exe
      C:\Program Files\VAV\vav.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\cmd.exe
      D:\DOCUME~1\Lucia\LOCALS~1\Temp\software.php
      C:\WINDOWS\system32\cmd.exe
      D:\DOCUME~1\Lucia\LOCALS~1\Temp\software.php
      C:\WINDOWS\system32\cmd.exe
      D:\DOCUME~1\Lucia\LOCALS~1\Temp\software.php
      C:\WINDOWS\system32\cmd.exe
      D:\DOCUME~1\Lucia\LOCALS~1\Temp\software.php
      C:\WINDOWS\system32\cmd.exe
      D:\DOCUME~1\Lucia\LOCALS~1\Temp\atmadm2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
      O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O3 - Toolbar: sqvgnrpx - {1BFB720F-B45D-43FF-8AE1-54C86718DE99} - C:\WINDOWS\sqvgnrpx.dll
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
      O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
      O4 - HKLM\..\Run: [Sys57A.exe] C:\Windows\Sys57A.exe
      O4 - HKLM\..\Run: [Sys57B.exe] C:\Windows\Sys57B.exe
      O4 - HKLM\..\Run: [Sys57C.exe] C:\Windows\Sys57C.exe
      O4 - HKLM\..\Run: [Sys57D.exe] C:\Windows\Sys57D.exe
      O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
      O4 - HKLM\..\Run: [DelayLoad] D:\DOCUME~1\Lucia\LOCALS~1\Temp\atmadm2.exe
      O4 - HKLM\..\Run: [e4603ce5] rundll32.exe "C:\WINDOWS\system32\aeocaxje.dll",b
      O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Sys57A.exe] C:\Windows\Sys57A.exe
      O4 - HKCU\..\Run: [Sys57B.exe] C:\Windows\Sys57B.exe
      O4 - HKCU\..\Run: [Sys57C.exe] C:\Windows\Sys57C.exe
      O4 - HKCU\..\Run: [Sys57D.exe] C:\Windows\Sys57D.exe
      O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
      O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6ceeb71dec9046bda3c20016573c9efe
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6ceeb71dec9046bda3c20016573c9efe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O21 - SSODL: fsrpknov - {3734EA1A-1204-4E4F-BDF6-F08E31A02AE6} - C:\WINDOWS\fsrpknov.dll (file missing)
      O21 - SSODL: fdxbameg - {D6AC25C6-B2F6-4342-B359-50DC2D8F2337} - C:\WINDOWS\fdxbameg.dll (file missing)
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      0
  3. lolo3
     
    Bon, un beug est survenu, j'ai donc du redémarrer et un nouveau message apparait 'critical system warning'.
    Désolé d'insister mais je suis vraiment inquiète, de nombreux messages d'erreurs apparaissent et je ne sais pas quoi faire....
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok tu es gavée!

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    ___________________________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ___________________________

    Télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    _____________________

    recolle un nouvel hijakhcits
    a plus
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lolo3
     
    Alors voici le rapport de SDFix :

    [b]SDFix: Version 1.203 [/b]
    Run by Lucia on 07/07/2008 at 23:47

    Microsoft Windows XP [version 5.1.2600]
    Running From: D:\DOCUME~1\Lucia\Bureau\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\mlJBRLfE.dll - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\ac8zt2\fdxbameg.dll - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\ac8zt2\fsrpknov.dll - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\ac8zt2\install.bat - Deleted
    C:\Program Files\VAV\vav.exe - Deleted
    C:\Program Files\VAV\vav0.dat - Deleted
    C:\Program Files\VAV\vav1.dat - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\atmadm2.exe.bat - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\lwpower.exe.bat - Deleted
    D:\DOCUME~1\Lucia\LOCALS~1\Temp\PhotoFiltre.zip - Deleted
    C:\WINDOWS\Sys57A.exe - Deleted
    C:\WINDOWS\Sys57B.exe - Deleted
    C:\WINDOWS\Sys57C.exe - Deleted
    C:\WINDOWS\Sys57D.exe - Deleted
    C:\WINDOWS\system32\sex1.ico - Deleted
    C:\WINDOWS\system32\sex2.ico - Deleted
    C:\WINDOWS\EBAQ.EXE - Deleted

    Folder C:\Program Files\VAV - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-08 00:00:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000093

    scanning hidden files ...

    folder error: D:\Documents and Settings\Lucia

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:PowerCinema"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Wyzo\\wyzo.exe"="C:\\Program Files\\Wyzo\\wyzo.exe:*:Disabled:Wyzo"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - D:\DOCUME~1\Lucia\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 24 Aug 2006 215 A.SHR --- "C:\BOOT.BAK"
    Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Tue 22 Apr 2008 625,664 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
    Wed 24 May 2006 146,432 ..SHR --- "C:\Program Files\PhoTags Express\Setup.exe"
    Sun 9 Apr 2006 15,872 A.SHR --- "C:\Program Files\PhoTags Express\_Setup.dll"
    Wed 9 Mar 2005 39,936 A.SHR --- "C:\Program Files\PhoTags Express\_Setupx.dll"
    Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1D7.tmp"
    Mon 20 Aug 2007 12,411,017 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3694e759218fda893dfae95b16ae11fc\BIT28.tmp"
    Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

    [b]Finished![/b]

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------

    Puis celui de Malwarebyte's anti-malware fait en mode normal car le mode sans échec était beaucoup trop long(attente d'au moins 20minutes et toujours aucune icône sur le bureau...) :

    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 930
    Windows 5.1.2600 Service Pack 2

    12:50:00 08/07/2008
    mbam-log-7-8-2008 (12-50-00).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 175423
    Temps écoulé: 39 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 7
    Fichier(s) infecté(s): 31

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\xxyxUnlJ.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\yjnghnsc.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f52bea57-7591-41af-bdd6-2e3f06e9dd74} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{f52bea57-7591-41af-bdd6-2e3f06e9dd74} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{4fd5d703-3426-4b22-ba98-d092b8d06136} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1bfb720f-b45d-43ff-8ae1-54c86718de99} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sqvgnrpx.bbpq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e4603ce5 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1bfb720f-b45d-43ff-8ae1-54c86718de99} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxunlj -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxunlj -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\xxyxUnlJ.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\JlnUxyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\JlnUxyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yjnghnsc.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\csnhgnjy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034784.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034785.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034702.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    D:\Documents and Settings\prévost\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    D:\Documents and Settings\Lucia\Bureau\FREE gallery of the day.url (Rogue.Link) -> Quarantined and deleted successfully.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Je vais maintenant faire la manip avec combofix en espérant que ça aille ... Merci encore
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok parfait ton ordi doit déjà aller bien mieux

    encore ceci:

    Télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    _____________________

    recolle un nouvel hijakhcits
    0
    1. lolo3
       
      Bon ca à l'air d'être OK, plus d'icones étranges sur le bureau, plus d'alertes de l'antivirus ou autre !

      Voici le rapport combofix :


      ComboFix 08-07-07.3 - Lucia 2008-07-08 14:11:43.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.359 [GMT 2:00]
      Endroit: D:\Documents and Settings\Lucia\Bureau\Virus\Combofix\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
      C:\WINDOWS\system32\JlnUxyxx.ini
      C:\WINDOWS\system32\xxyxUnlJ.dll
      D:\Documents and Settings\prévost\Application Data\HbTools
      D:\Documents and Settings\prévost\Application Data\HbTools\HbTools.log
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\1399469.sdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\1399712.sdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024148
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024237
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026054
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026569
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026721
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000048104
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000048356
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000062903
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000063490
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10587
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10915
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14575
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\162760
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49957
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\55725
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56644
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56815
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59215
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61795
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705495
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\712549
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\716428
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\745387
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\81529
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83706
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99795
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
      D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
      D:\Documents and Settings\prévost\Application Data\HbTools_Icons
      D:\Documents and Settings\prévost\Application Data\HbTools_Icons\games2.ico
      D:\Documents and Settings\prévost\Application Data\HbTools_Icons\wallpapere1.ico

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-08 02:53 . 2008-07-08 12:49 89,088 --------- C:\WINDOWS\system32\yjnghnsc.dll
      2008-07-08 00:08 . 2008-07-08 00:08 <REP> d-------- D:\Documents and Settings\Lucia\Application Data\Malwarebytes
      2008-07-08 00:08 . 2008-07-08 00:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-08 00:08 . 2008-07-08 00:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-08 00:08 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-08 00:08 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-07 23:38 . 2008-07-07 23:38 <REP> d-------- C:\WINDOWS\ERUNT
      2008-07-07 23:25 . 2008-07-07 20:46 <REP> d-------- C:\SDFix
      2008-07-07 21:55 . 2008-07-07 22:13 <REP> d-------- C:\Hijackthis
      2008-07-07 21:53 . 2008-07-07 21:53 <REP> d-------- C:\Program Files\Trend Micro
      2008-07-07 19:14 . 2008-07-07 19:14 <REP> d-------- C:\Program Files\Lavasoft
      2008-06-24 17:00 . 2008-06-24 17:00 692,309 --a------ C:\FRAGLIST.LUAR
      2008-06-24 16:47 . 2008-06-24 16:47 <REP> d-------- C:\WINDOWS\UltraDefrag
      2008-06-22 17:33 . 2008-06-22 17:37 <REP> d-------- C:\Program Files\eToro
      2008-06-18 12:26 . 2008-06-18 12:26 <REP> d-------- D:\Documents and Settings\Lucia\Application Data\Viewpoint
      2008-06-13 21:35 . 2008-06-13 21:35 <REP> d-------- D:\Documents and Settings\Lucia\Application Data\.wyzo
      2008-06-13 20:53 . 2008-06-13 20:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\InterVideo
      2008-06-13 20:53 . 2008-06-13 20:53 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
      2008-06-13 20:53 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
      2008-06-13 20:53 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
      2008-06-13 20:53 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
      2008-06-13 20:53 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
      2008-06-13 20:53 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
      2008-06-13 20:53 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
      2008-06-11 12:40 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-11 12:40 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-06-10 18:05 . 2008-06-10 18:05 837 --a------ C:\WINDOWS\WININI.QTW
      2008-06-10 18:05 . 2008-06-17 13:53 305 --a------ C:\WINDOWS\QTW.INI
      2008-06-10 18:05 . 2008-06-10 18:05 247 --a------ C:\WINDOWS\SYSINI.QTW
      2008-06-10 18:02 . 2008-06-10 18:05 30 --a------ C:\WINDOWS\RESULT.QTW
      2008-06-10 18:01 . 2008-06-10 18:09 <REP> d-------- C:\DHM
      2008-06-10 18:01 . 2008-06-10 18:04 27 --a------ C:\WINDOWS\HACHETTE.INI

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-08 10:54 --------- d-----w D:\Documents and Settings\Lucia\Application Data\vmntoolbar
      2008-07-08 10:54 --------- d-----w D:\Documents and Settings\Lucia\Application Data\OpenOffice.org2
      2008-07-07 19:24 --------- d-----w C:\Program Files\Audacity
      2008-07-07 17:54 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
      2008-07-07 17:16 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-07-07 17:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-07-07 16:35 --------- d-----w C:\Program Files\eMule
      2008-07-03 18:43 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
      2008-07-02 22:25 --------- d-----w D:\Documents and Settings\Lucia\Application Data\dvdcss
      2008-07-02 15:04 --------- d-----w C:\Program Files\Windows Live Safety Center
      2008-07-01 13:57 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Image Zone Express
      2008-06-29 15:36 --------- d-----w C:\Program Files\vmntoolbar
      2008-06-18 16:49 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-06-13 19:25 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Ulead Systems
      2008-06-13 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-06-13 18:52 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
      2008-06-13 18:50 --------- d-----w C:\Program Files\Ulead Systems
      2008-05-31 13:46 --------- d-----w C:\Program Files\Web Photo Album
      2008-05-31 13:34 --------- d-----w C:\Program Files\Visicom Media
      2008-05-30 19:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Sony
      2008-05-30 19:44 --------- d-----w C:\Program Files\Vstplugins
      2008-05-30 19:43 --------- d-----w C:\Program Files\Sony
      2008-05-30 19:07 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Publish Providers
      2008-05-30 19:06 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Sony
      2008-05-20 16:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
      2008-05-11 14:33 --------- d-----w C:\Program Files\DivX
      2008-05-11 11:23 --------- d-----w C:\Program Files\Google
      2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
      1996-12-02 16:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
      2008-03-30 01:42 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 19:48 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
      "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
      "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
      "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 13:03 310272]
      "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
      "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
      "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-08-24 22:07 26112]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
      "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39 98304]
      "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112]
      "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 16:41 438359]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 13:23 341488]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
      2006-01-30 08:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
      "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
      "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
      "vidc.mpng"= C:\Program Files\t@b\0.957\686\tabdec.dll
      "vidc.mvjp"= C:\Program Files\t@b\0.957\686\tabdec.dll
      "vidc.444p"= C:\Program Files\t@b\0.957\686\tabdec.dll
      "VIDC.SP54"= SP5X_32.DLL
      "VIDC.SP55"= SP5X_32.DLL
      "VIDC.SP56"= SP5X_32.DLL
      "VIDC.SP57"= SP5X_32.DLL
      "VIDC.SP58"= SP5X_32.DLL

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%ProgramFiles%\\AOL 9.0\\aol.exe"=
      "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
      "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\AOL 9.0\\waol.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\FrostWire\\FrostWire.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
      S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 21:37]
      S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2008-03-09 13:26]
      S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 21:19]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-07-07 21:12:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      "2008-07-08 11:42:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"


      ------------------------------------------------------------------------------------------------------------------------------------------------------------------


      Puis le dernier rapport Hijackthis :


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:53, on 2008-07-08
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\Apps\Softex\OmniPass\Omniserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      C:\Apps\Softex\OmniPass\OPXPApp.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\apps\ABoard\ABoard.exe
      C:\Program Files\Real\RealPlayer\RealPlay.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
      C:\APPS\SMP\SmpSys.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
      D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
      O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
      O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
      O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
      O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
      O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
      O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6ceeb71dec9046bda3c20016573c9efe
      O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6ceeb71dec9046bda3c20016573c9efe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      0
  8. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Up
    'jour jlpjlp ;)
    Just for see.
    Al.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    Al

    toujours un plaisir de t'avoir!
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait

    tu as deux antivirus sur ton ordi!!!

    vire avast et garde antivir!

    _
    pour virer avast:
    https://www.avast.com/fr-fr/uninstall-utility

    __________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    _______________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _______________

    analyse ce fichier sur virus total et colle nous le rapport: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\yjnghnsc.dll

    ________________
    colle un rapport avec antivir que tu as et un nouvel hijackhtis

    a plus
    0
    1. lolo3
       
      J'ai désinstallé avast dans ajout/suppression des programmes....Je ne comprends pas pourquoi il serait encore présent..
      J'ai quand même essayer d'installer 'aswclear' mais quand je le lance, le message suivant apparait : 'the avast! self protection module is enabled. For this reason the operation cannot be completed....'
      merci
      0
  11. lolo3
     
    Bon pour avast le problème est réglé, par contre, concernant virus total, le fichier a analyser est bien C:\WINDOWS\system32\yjnghnsc.dll ? Si oui, je ne l'ai pas ...

    Sinon, voici le nouveau rapport de combofix après suppression des lignes :

    ComboFix 08-07-07.3 - Lucia 2008-07-08 16:08:18.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.350 [GMT 2:00]
    Endroit: D:\Documents and Settings\Lucia\Bureau\Virus\Combofix\ComboFix.exe
    Command switches used :: D:\Documents and Settings\Lucia\Bureau\Virus\Combofix\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\system32\JlnUxyxx.ini
    C:\WINDOWS\system32\xxyxUnlJ.dll
    D:\Documents and Settings\prévost\Application Data\HbTools
    D:\Documents and Settings\prévost\Application Data\HbTools\HbTools.log
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\1399469.sdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\1399712.sdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024148
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024237
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026054
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026569
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026721
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000048104
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000048356
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000062903
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000063490
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10587
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10915
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\14575
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\162760
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\49957
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\55725
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56644
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56815
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59215
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61795
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705495
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\712549
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\716428
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\745387
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\81529
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\83706
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99795
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
    D:\Documents and Settings\prévost\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
    D:\Documents and Settings\prévost\Application Data\HbTools_Icons
    D:\Documents and Settings\prévost\Application Data\HbTools_Icons\games2.ico
    D:\Documents and Settings\prévost\Application Data\HbTools_Icons\wallpapere1.ico

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-08 14:44 . 2008-07-08 14:44 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2008-07-08 14:44 . 2008-07-08 14:44 <REP> d-------- C:\Program Files\Avira
    2008-07-08 00:08 . 2008-07-08 00:08 <REP> d-------- D:\Documents and Settings\Lucia\Application Data\Malwarebytes
    2008-07-08 00:08 . 2008-07-08 00:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-08 00:08 . 2008-07-08 00:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-08 00:08 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-08 00:08 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-07 23:38 . 2008-07-07 23:38 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-07 23:25 . 2008-07-07 20:46 <REP> d-------- C:\SDFix
    2008-07-07 21:55 . 2008-07-08 15:56 <REP> d-------- C:\Hijackthis
    2008-07-07 21:53 . 2008-07-07 21:53 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-07 19:14 . 2008-07-07 19:14 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-24 17:00 . 2008-06-24 17:00 692,309 --a------ C:\FRAGLIST.LUAR
    2008-06-24 16:47 . 2008-06-24 16:47 <REP> d-------- C:\WINDOWS\UltraDefrag
    2008-06-22 17:33 . 2008-06-22 17:37 <REP> d-------- C:\Program Files\eToro
    2008-06-18 12:26 . 2008-06-18 12:26 <REP> d-------- D:\Documents and Settings\Lucia\Application Data\Viewpoint
    2008-06-13 21:35 . 2008-06-13 21:35 <REP> d-------- D:\Documents and Settings\Lucia\Application Data\.wyzo
    2008-06-13 20:53 . 2008-06-13 20:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\InterVideo
    2008-06-13 20:53 . 2008-06-13 20:53 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
    2008-06-13 20:53 . 2007-03-27 19:56 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
    2008-06-13 20:53 . 2007-03-27 19:56 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
    2008-06-13 20:53 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
    2008-06-13 20:53 . 2007-03-27 19:56 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
    2008-06-13 20:53 . 2007-03-27 19:56 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
    2008-06-13 20:53 . 2007-03-27 19:56 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
    2008-06-11 12:40 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 12:40 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 18:05 . 2008-06-10 18:05 837 --a------ C:\WINDOWS\WININI.QTW
    2008-06-10 18:05 . 2008-06-17 13:53 305 --a------ C:\WINDOWS\QTW.INI
    2008-06-10 18:05 . 2008-06-10 18:05 247 --a------ C:\WINDOWS\SYSINI.QTW
    2008-06-10 18:02 . 2008-06-10 18:05 30 --a------ C:\WINDOWS\RESULT.QTW
    2008-06-10 18:01 . 2008-06-10 18:09 <REP> d-------- C:\DHM
    2008-06-10 18:01 . 2008-06-10 18:04 27 --a------ C:\WINDOWS\HACHETTE.INI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-08 13:50 --------- d-----w D:\Documents and Settings\Lucia\Application Data\OpenOffice.org2
    2008-07-08 10:54 --------- d-----w D:\Documents and Settings\Lucia\Application Data\vmntoolbar
    2008-07-07 19:24 --------- d-----w C:\Program Files\Audacity
    2008-07-07 17:54 --------- d-----w C:\Program Files\particleIllusion 3.0 demo
    2008-07-07 17:16 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-07 17:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-07 16:35 --------- d-----w C:\Program Files\eMule
    2008-07-03 18:43 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-07-02 22:25 --------- d-----w D:\Documents and Settings\Lucia\Application Data\dvdcss
    2008-07-02 15:04 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-01 13:57 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Image Zone Express
    2008-06-29 15:36 --------- d-----w C:\Program Files\vmntoolbar
    2008-06-18 16:49 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-13 19:25 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Ulead Systems
    2008-06-13 18:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-13 18:52 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
    2008-06-13 18:50 --------- d-----w C:\Program Files\Ulead Systems
    2008-05-31 13:46 --------- d-----w C:\Program Files\Web Photo Album
    2008-05-31 13:34 --------- d-----w C:\Program Files\Visicom Media
    2008-05-30 19:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Sony
    2008-05-30 19:44 --------- d-----w C:\Program Files\Vstplugins
    2008-05-30 19:43 --------- d-----w C:\Program Files\Sony
    2008-05-30 19:07 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Publish Providers
    2008-05-30 19:06 --------- d-----w D:\Documents and Settings\Lucia\Application Data\Sony
    2008-05-20 16:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-11 14:33 --------- d-----w C:\Program Files\DivX
    2008-05-11 11:23 --------- d-----w C:\Program Files\Google
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-08-03 12:48 59,352 ----a-w D:\Documents and Settings\prévost\Application Data\GDIPFONTCACHEV1.DAT
    1996-12-02 16:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-08_14.22.47.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-08 12:16:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-08 13:48:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-07-08 12:17:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-07-08 12:37:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-07-08 12:17:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-07-08 12:37:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-07-08 12:17:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-07-08 12:37:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [BU]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 19:48 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
    "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
    "Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 13:03 310272]
    "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [BU]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [BU]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-08-24 22:07 26112]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39 98304]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112]
    "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 16:41 438359]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
    "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 13:23 341488]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "StandardInstall"="" [BU]

    D:\Documents and Settings\Lucia\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
    OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
    Outil de notification Live Search.lnk - D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-07-01 18:27:59 152616]

    D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2008-01-03 22:20:47 217088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
    2006-01-30 08:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "vidc.mpng"= C:\Program Files\t@b\[u]0/u.957\686\tabdec.dll
    "vidc.mvjp"= C:\Program Files\t@b\[u]0/u.957\686\tabdec.dll
    "vidc.444p"= C:\Program Files\t@b\[u]0/u.957\686\tabdec.dll
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\FrostWire\\FrostWire.exe"=

    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 21:37]
    S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2008-03-09 13:26]
    S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 21:19]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-07 21:12:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-07-08 13:42:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-08 16:09:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\Apps\Softex\OmniPass\opxpgina.dll
    .
    Temps d'accomplissement: 2008-07-08 16:10:52
    ComboFix-quarantined-files.txt 2008-07-08 14:10:21

    Pre-Run: 11,885,305,856 octets libres
    Post-Run: 11,872,423,936 octets libres

    373 --- E O F --- 2008-06-20 20:24:35
    0
  12. lolo3
     
    Voici le rapport d'antivir:

    Avira AntiVir Personal
    Report file date: mardi 8 juillet 2008 16:31

    Scanning for 1391314 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: 118332450315

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 12:46:13
    ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 12:46:15
    ANTIVIR3.VDF : 7.0.5.67 168448 Bytes 08/07/2008 12:46:16
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 08/07/2008 12:46:32
    AESCN.DLL : 8.1.0.22 119157 Bytes 08/07/2008 12:46:31
    AERDL.DLL : 8.1.0.20 418165 Bytes 08/07/2008 12:46:30
    AEPACK.DLL : 8.1.1.6 364918 Bytes 08/07/2008 12:46:28
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 08/07/2008 12:46:27
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 08/07/2008 12:46:26
    AEHELP.DLL : 8.1.0.15 115063 Bytes 08/07/2008 12:46:22
    AEGEN.DLL : 8.1.0.29 307573 Bytes 08/07/2008 12:46:20
    AEEMU.DLL : 8.1.0.6 430451 Bytes 08/07/2008 12:46:19
    AECORE.DLL : 8.1.0.32 168311 Bytes 08/07/2008 12:46:17
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 8 juillet 2008 16:31

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'jucheck.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
    Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'SMPSYS.EXE' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'realplay.exe' - '1' Module(s) have been scanned
    Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
    Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'OPXPApp.exe' - '1' Module(s) have been scanned
    Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'OmniServ.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    57 processes with 57 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '38' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxUnlJ.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034674.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034675.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034676.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48a37dd0.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034677.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48a37dd7.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034683.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034684.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034685.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48a37de4.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034686.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035838.exe
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035839.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035840.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035841.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035842.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035843.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035846.exe
    [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0035847.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP280\A0035909.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP281\A0036701.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    Begin scan in 'D:\' <DATA>
    D:\Documents and Settings\Lucia\Bureau\Virus\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/Sys57A.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backups/Sys57B.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backups/Sys57C.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    --> backups/Sys57D.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034710.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034711.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034712.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP279\A0034713.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP280\A0035949.exe
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.K.16
    [NOTE] The file was deleted!

    End of the scan: mardi 8 juillet 2008 17:14
    Used time: 43:24 min

    The scan has been done completely.

    12301 Scanning directories
    443933 Files were scanned
    28 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    22 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    443905 Files not concerned
    10799 Archives were scanned
    6 Warnings
    25 Notes

    --------------------------------------------------------------------------------------------------------------------------------------------------------------

    Et celui d'Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:18:06, on 08/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6ceeb71dec9046bda3c20016573c9efe
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6ceeb71dec9046bda3c20016573c9efe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  13. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut jlpjlp,

    Je serais bien en difficulté de donner un avis sur tout ce qui suit:

    1)- S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys ==> lolo3 as-tu vraiment besoin de ça http://www.toutfr.com/?p=programs_show&wid=1616 ?

    2)- A supprimer:
    C:\Program Files\vmntoolbar
    D:\Documents and Settings\Lucia\Application Data\vmntoolbar
    D:\Documents and Settings\Lucia\Application Data\Viewpoint

    3)- ==> lolo3 c'est quoi ça ?
    D:\Documents and Settings\Lucia\Application Data\.wyzo
    D:\Documents and Settings\Lucia\Application Data\Publish Providers

    4)- C:\Program Files\Fichiers communs\dao350.dll ==> https://codes-sources.commentcamarche.net/ (je ne comprends pas) ;)

    5°- Quelques sujets de réflexion

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplicat­ions\List]
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "C:\\Program Files\\FrostWire\\FrostWire.exe"= (FrostWire est un client alternatif au populaire LimeWire, logiciel P2P).

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm ==> lolo3, Vio c'est quoi ça ?
    "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm ==> http://www.infos-du-net.com/telecharger/MPEG-Streamclip,0301-9076.html"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "vidc.mpng"= C:\Program Files\t@b\[u]0</u>.957\686\tabdec.dll ==> lire http://www.isabella.net/fr/modelesspeciaux/isabella-modeles.html ???
    "vidc.mvjp"= C:\Program Files\t@b\[u]0</u>.957\686\tabdec.dll
    "vidc.444p"= C:\Program Files\t@b\[u]0</u>.957\686\tabdec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
    2006-01-30 08:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll
    C:\Apps\Softex\OmniPass\opxpgina.dll ==> OmniPass logiciel d'identification d'empreinte digitale Omnipass lolo3, est-ce toi qui a téléchargé ce logiciel ??

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StandardInstall"="" [BU] ??

    Bonne chance
    Al.
    0
  14. lolo3
     
    1/C'est un logiciel de défragmentation qui me parait indispensable à moins qu'il ne soit pas bien?

    2/J'ai supprimé les vmltoolbar sur les disques C et D ainsi que viewpoint

    3/Aucune idée de ce que c'est

    4/moi non plus je comprend pas désolé

    5/quel est le problème avec frostwire?Je n'ai pas compris....
    je ne sais pas du tout ce qu'est vio???
    en ce qui concerne omnipass, ça n'est pas moi qui l'ait installé il l'était déjà à l'achat...

    Merci
    0
  15. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Re,

    Et pour ça ==> C:\Program Files\t@b ? c'est quoi ?

    jlpjlp avisera pour le reste.
    Je ne garderais ni Vio, ni OmniPass, ni Publish Providers.

    Le problème avec frostwire, il est là:

    * Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent):
    Les infections véhiculées pas le p2p sont une menace réelle!!
    - Par exemple le vers "Worm.Win32_Sumom-A" qui est un ver de messagerie instantanée et de réseaux peer-to-peer, se met dans le dossier "incoming/Shared" afin d'être expédié à toutes les personnes qui partagent tes téléchargements...
    - L’infection « Worm.Win32_Sumom-A » => http://www.virustraq.com/info_virus/10134/details/
    * Pourquoi éviter le P2P : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793 ou https://lexpansion.lexpress.fr/actualite-economique/
    * Par Tesgaz concerne le P2P en général => https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/

    Bonne continuation.
    Al.
    0
  16. lolo3
     
    J'attends la réponse de jlpjlp en attendant j'ai viré frostwire ^^.
    Est-ce utile de supprimer omnipass car je ne connais pas la procédure à suivre étant donné qu'il ne se trouve pas dans ajout/suppression de programme. Désolé mais je ne suis pas experte en info ^^.
    En tout cas merci de m'aider, c'est gentil ^^
    0
  17. lolo3
     
    Je relance
    Ya t'il encore quelque chose à faire ou est ce que le problème est résolu??
    Merci de répondre
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    merci Afideg pour ce beau travail!!!

    vire ce qui est dans le dossier quarantine et backups: et vire le dossier omnipass

    C:\QooBox\Quarantine\

    D:\Documents and Settings\Lucia\Bureau\Virus\SDFix\backups

    C:\Apps\Softex\OmniPass\

    __________________

    vire ce qui est en quarantaine dans antivir

    __________________

    désactive ta restauration system puis redemarre ton ordi puis réactive la pour purger ce qui est dedans

    http://www.commentcamarche.net/forum/affich 1190031 mon pc s eteint sans raison

    _____________
    recolle un nouvel hijakchtis

    ______________

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  19. lolo3
     
    J'ai fait tout ce que vous m'avez demandé mais je viens d'avoir un problème au moment du redémarrage, un écran bleu est apparu avec écrit 'erreur système irrécupérable'.
    Après plusieurs redémarrage de l'ordi, il a enfin remarché... Est-ce du à une manipulation que vous m'avez demandé ?

    Voici le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:48:44, on 08/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\APPS\SMP\SmpSys.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\Lucia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6ceeb71dec9046bda3c20016573c9efe
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6ceeb71dec9046bda3c20016573c9efe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Apps\Softex\OmniPass\Omniserv.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour virer ce que l'on t'as fais utiliser: lance tools cleaner

    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    ________________

    repare windows comme ceci:
    https://www.pcastuces.com/pratique/windows/xp/default.htm

    ________________

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. lolo3
       
      Ok, je vais aller virer les logiciels .
      Par contre, je viens de voir dans le lien 'pour réparer windows' que durant le processus, il faudrait surement insérer le CD d'installation, or je n'en ai pas... J'ai acheté mon PC et je n'ai eu aucun CD avec, dois-je quand même faire la manipulation ?
      0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu n'as pas de cd!!!!

    regarde ton manuel et cré en un en urgence, c'est prevu si il a été vendu sans cd

    car si il y a un souci tu n'aura plus rien pour reparer ton windows!
    0
  • 1
  • 2