Pubs intempestives

ben2208 -
Destrio5 Messages postés 99820 Statut Modérateur - 25 juil. 2008 à 19:24

Bonjour,
j'ai malheureusement choper une merde qui m'ouvre sans arret des pages internet explorer avec pub intempestives incorporées, si quelqu'un pouvait m'aider . grand merci d'avance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:09, on 15/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Generic\USB_WLAN_Utility\Wlan.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\mjc\mjc.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sakora\Sakora.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Benj\Bureau\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {8ca5a6c2-7604-deab-a594-ac18330d5736} - {6375d033-81ca-495a-baed-40672c6a5ac8} - C:\WINDOWS\System32\hfhdwp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {B0B40EBC-0222-41FC-8158-195F8B5CC07B} - C:\WINDOWS\System32\xxywXPjj.dll
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\System32\cbXRJBqq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free edition\bdnagent.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662EA4EBF968951185EFC412806867680AEDE604D64C2661377FE13FD97CB77
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [BMdb113164] Rundll32.exe "C:\WINDOWS\System32\rjeupuxw.dll",s
O4 - HKLM\..\Run: [d82202f8] rundll32.exe "C:\WINDOWS\System32\vlwmlmap.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: USB Wireless Client Manager.lnk = C:\Program Files\Generic\USB_WLAN_Utility\Wlan.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B5A881F-19F5-4AA1-8ACF-BA69F54FA675}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D734970-9AA8-4945-9CC5-251C0170B57D}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5B0E7F-7E84-458F-A482-F387B04FB898}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFBF2357-F494-4D1A-B9D6-A147C20B60C5}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B5A881F-19F5-4AA1-8ACF-BA69F54FA675}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B5A881F-19F5-4AA1-8ACF-BA69F54FA675}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: cbXRJBqq - C:\WINDOWS\SYSTEM32\cbXRJBqq.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Afficher la suite

A voir également:

Pubs intempestives
Bloquer les pubs youtube - Accueil - Streaming
Supprimer les pubs - Guide
Mon téléphone lance des pubs tout seul ✓ - Forum Téléphones & tablettes Android
Comment couper le son des pubs dans les jeux - Forum Enceintes / HiFi
Pubs scrabble ✓ - Forum iPad

11 réponses

Réponse 1 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

Salut,

Windows XP SP1
---> Ton système n'est pas à jour.

Réponse 2 / 11

1PKable Messages postés 198 Statut Membre 13

Bonjour ben2208,

Pour ne plus avoir de pub fait une analyse avec ton antivirus et normalement il devrait te trouvais Traiking Cookies...
C'est un petit virus qui, avec un bon antivirus peut être suprimer très facilement

A+

1PKable

Réponse 3 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

1PKable ---> Ta gueule, merci d'avance. Tes conneries ne font rire que toi (et encore).

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

ben2208

merci pour vos reponse , j'ai bien suivi tout ce que tu m'as indiquer , j'ai beaucoup moins de pub , cependant quelques programmes tente de s'ouvrir et se bloque automatiquement et s'ont bloqués par spybot. je te poste mon log , merci encore..

ComboFix 08-07-15.4 - Benj 2008-07-17 20:58:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.634 [GMT 2:00]
Endroit: C:\Documents and Settings\Benj\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Benj\Application Data\FNTS~1
C:\Documents and Settings\Benj\Mes documents\FNTS~1
C:\Documents and Settings\Benj\Mes documents\FNTS~1\F?nts\
C:\Documents and Settings\Benj\Mes documents\FNTS~1\taskmgr.exe
C:\Program Files\CPV
C:\Program Files\inetget2
C:\Program Files\mjc
C:\Program Files\mjc\mjc.exe
C:\Program Files\mjc\mjc.exe.lzma
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\Sakora
C:\Program Files\Sakora\Sakora.exe
C:\Program Files\smbols~1
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Spcron\Spc.dll.lzma
C:\Program Files\Temporary
C:\WINDOWS\BMdb113164.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\helloserv.config
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajmnlr.dll
C:\WINDOWS\system32\bafweimh.ini
C:\WINDOWS\system32\bcnejnhp.dll
C:\WINDOWS\system32\bhvxjp.dll
C:\WINDOWS\system32\bjhlrnky.ini
C:\WINDOWS\system32\bqxxck.dll
C:\WINDOWS\system32\bvnyjblg.ini
C:\WINDOWS\system32\byXPHxvv.dll
C:\WINDOWS\system32\cbXRJBqq.dll
C:\WINDOWS\system32\cdxcodkn.dll
C:\WINDOWS\system32\celjvpfm.dll
C:\WINDOWS\system32\cfxvhjdm.dll
C:\WINDOWS\system32\cggnbuau.dll
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\cusgnwom.dll
C:\WINDOWS\system32\dplpcsrf.dll
C:\WINDOWS\system32\drmdhvio.dll
C:\WINDOWS\system32\dyqhxm.dll
C:\WINDOWS\system32\epilmtth.dll
C:\WINDOWS\system32\feihxlwf.dll
C:\WINDOWS\system32\ftjgxnye.dll
C:\WINDOWS\system32\fukwadmv.ini
C:\WINDOWS\system32\glnjpvtu.dll
C:\WINDOWS\system32\guccgkja.ini
C:\WINDOWS\system32\gvgclkgh.ini
C:\WINDOWS\system32\gwwwsovv.dll
C:\WINDOWS\system32\hfhdwp.dll
C:\WINDOWS\system32\hgoegpoo.ini
C:\WINDOWS\system32\hpljtpfx.dll
C:\WINDOWS\system32\iidqwiqc.dll
C:\WINDOWS\system32\imjed.dll
C:\WINDOWS\system32\irwoww.dll
C:\WINDOWS\system32\ixigku.dll
C:\WINDOWS\system32\jdouxw.dll
C:\WINDOWS\system32\jjaachta.dll
C:\WINDOWS\system32\jjPXwyxx.ini
C:\WINDOWS\system32\jjPXwyxx.ini2
C:\WINDOWS\system32\jkwnwcpa.dll
C:\WINDOWS\system32\jtkhfg.dll
C:\WINDOWS\system32\kvkbplkf.dll
C:\WINDOWS\system32\lnnriyhu.dll
C:\WINDOWS\system32\lqacqksa.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\meoeprcr.dll
C:\WINDOWS\system32\mlthvgto.dll
C:\WINDOWS\system32\mojthepq.dll
C:\WINDOWS\system32\oanvqovt.ini
C:\WINDOWS\system32\obczqn.dll
C:\WINDOWS\system32\ocxhscbh.dll
C:\WINDOWS\system32\opjpcpit.dll
C:\WINDOWS\system32\ovdjcmnt.dll
C:\WINDOWS\system32\ovscxokf.dll
C:\WINDOWS\system32\pamlmwlv.ini
C:\WINDOWS\system32\pamlmwlv.tmp
C:\WINDOWS\system32\phwsitoh.ini
C:\WINDOWS\system32\pngrsxfx.dll
C:\WINDOWS\system32\povdycvg.dll
C:\WINDOWS\system32\pscpfv.dll
C:\WINDOWS\system32\qqnhwgwf.ini
C:\WINDOWS\system32\qyfutcuv.ini
C:\WINDOWS\system32\rbnmypxt.ini
C:\WINDOWS\system32\rjeupuxw.dll
C:\WINDOWS\system32\rliagdhh.dll
C:\WINDOWS\system32\uxmcpqfu.ini
C:\WINDOWS\system32\VCwVBn.syz
C:\WINDOWS\system32\vfgtpuds.ini
C:\WINDOWS\system32\vlwmlmap.dll
C:\WINDOWS\system32\vtUKeeeB.dll
C:\WINDOWS\system32\wdvfibkl.ini
C:\WINDOWS\system32\wncuufmn.dll
C:\WINDOWS\system32\xaoxsvdn.dll
C:\WINDOWS\system32\xuwuancg.dll
C:\WINDOWS\system32\xxhjnjjo.ini
C:\WINDOWS\system32\xxmvwvxk.dll
C:\WINDOWS\system32\xxywXPjj.dll
C:\WINDOWS\system32\ynhmdqeg.ini
C:\WINDOWS\system32\ysijdlwd.ini
C:\WINDOWS\system32\ywyixkym.ini
C:\WINDOWS\system32\yxysbcuk.dll
C:\WINDOWS\system32\yyroahvx.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
.

2008-07-15 11:07 . 2008-07-15 11:07 41,724 ---hs---- C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
2008-07-07 17:38 . 2008-07-07 14:38 91,648 --a------ C:\WINDOWS\b152.exe
2008-07-07 14:17 . 2008-07-17 21:21 <REP> d-------- C:\Program Files\Webtools
2008-07-03 23:35 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-03 23:35 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-03 23:22 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-03 23:22 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-02 12:32 . 2008-07-02 09:32 74,752 --a------ C:\WINDOWS\b155.exe
2008-06-25 17:47 . 2008-06-25 14:47 41,984 --a------ C:\WINDOWS\b156.exe
2008-06-22 15:43 . 2008-06-22 15:43 41,984 -ra------ C:\WINDOWS\mrofinu572.exe
2008-06-19 01:15 . 2008-06-18 23:00 30,847 --a------ C:\media(2).php
2008-06-19 01:14 . 2008-06-18 23:00 30,911 --a------ C:\media.php
2008-06-19 01:14 . 2008-06-18 23:00 30,911 --a------ C:\media(1).php

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 09:08 --------- d-----w C:\Program Files\Common Files
2008-07-14 19:18 --------- d-----w C:\Program Files\FlashFXP
2008-07-07 14:22 --------- d-----w C:\Program Files\eChanblard
2008-07-01 16:12 --------- d-----w C:\Documents and Settings\Benj\Application Data\Image Zone Express
2008-06-16 23:56 --------- d-----w C:\Program Files\WinPcap
2008-06-16 21:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-16 21:26 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2008-06-16 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 20:46 1,761 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-13 11:52 214,016 ----a-w C:\WINDOWS\b148.exe
2008-06-05 19:06 --------- d-----w C:\Documents and Settings\Benj\Application Data\Talkback
2008-06-04 20:10 --------- d-----w C:\Program Files\MSN Messenger
2008-06-04 20:00 --------- d-----w C:\Program Files\Windows Live
2008-05-25 00:53 --------- d-----w C:\Documents and Settings\Benj\Application Data\Publish Providers
2008-05-21 08:53 --------- d-----w C:\Program Files\CommView
2008-05-18 13:06 --------- d-----w C:\Documents and Settings\Benj\Application Data\Vso
2008-01-15 21:34 140,800 --sh--w C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
2007-12-22 13:42 87,608 ----a-w C:\Documents and Settings\Benj\Application Data\inst.exe
2007-12-22 13:42 47,360 ----a-w C:\Documents and Settings\Benj\Application Data\pcouffin.sys
2007-10-22 22:05 88 --sh--r C:\WINDOWS\system32\1BFE778DD3.sys
2007-10-22 22:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-08-29 13:45 1162752 9cdc704e99fa1426fde0e512ec85f9d2 C:\WINDOWS\system32\wininet.dll
2002-08-29 13:45 1162752 9cdc704e99fa1426fde0e512ec85f9d2 C:\WINDOWS\system32\dllcache\wininet.dll

2002-08-29 13:45 1856512 982301a02c30cc9cf422c7f1ba5f831e C:\WINDOWS\explorer.exe
2002-08-29 13:45 1856512 982301a02c30cc9cf422c7f1ba5f831e C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Deehu"="C:\Program Files\Common Files\??stem32\??rvices.exe" [?]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 13:45 13312]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-05-02 15:19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:19 4640768]
"BDMCon"="c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe" [2004-03-01 14:41 229376]
"BDNewsAgent"="c:\program files\softwin\bitdefender free edition\bdnagent.exe" [2007-07-02 02:06 4608]
"TopDesk"="C:\Program Files\TopDesk Trial\topdesk.exe" [2006-03-01 19:02 462848]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 14:09 45056]
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 10:12 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 15:36 339968]
"nwiz"="nwiz.exe" [2003-05-02 15:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 13:45 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.PIM1"= PCLEPIM1.dll
"VIDC.NTN1"= NUVision.ax

[HKLM\~\startupfolder\C:^Documents and Settings^Benj^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Benj\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R1 ts_lb;ts_lb;C:\WINDOWS\System32\drivers\ts_lb.sys [2007-06-19 23:35]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\System32\DRIVERS\pctvvbi.sys [2002-11-11 19:52]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\System32\DRIVERS\cv2k1.sys [2006-12-07 22:04]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\System32\DRIVERS\nuvvid2.sys [2001-10-28 13:34]
S3 wampapache;wampapache;c:\wamp\apache2\bin\httpd.exe [2007-09-05 09:59]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 13:14]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-mjc - C:\Program Files\mjc\mjc.exe
HKCU-Run-Sakora - C:\Program Files\Sakora\Sakora.exe
HKCU-Run-Podo - C:\DOCUME~1\Benj\MESDOC~1\FNTS~1\taskmgr.exe
HKLM-Run-d82202f8 - C:\WINDOWS\System32\vlwmlmap.dll
HKLM-Run-BMdb113164 - C:\WINDOWS\System32\rjeupuxw.dll
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoClock - (no file)
HKLM-Run-EoWeather - (no file)
MSConfigStartUp-mjc - C:\Program Files\mjc\mjc.exe
MSConfigStartUp-Vcsron - C:\Program Files\Vcsron\Vcsron.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 21:22:46
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TopDesk Trial\topdesk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-17 21:27:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 19:26:28
ComboFix2.txt 2008-06-05 08:35:47

Pre-Run: 1,957,093,376 octets libres
Post-Run: 2,604,687,360 octets libres

255

Réponse 4 / 11

Utilisateur anonyme

1PKable ---> Ta gueule, merci d'avance. Tes conneries ne font rire que toi (et encore).

NO COMMENT

@++

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

ben2208

bonjour, j'ai suivi ce que tu m'as dit , ce logiciel m'a supprimé plus de 100 fichiers infectés. mon ordi est plus rapide. par contre spybot me bloque toujours des mauvais fichiers, je vous poste le log de malwarebytes et celui de hijackthis. merci encore pour vos reponses.

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 965
Windows 5.1.2600 Service Pack 1

23:21:01 18/07/2008
mbam-log-7-18-2008 (23-21-01).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 117897
Temps écoulé: 33 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 158

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Benj\Bureau\Bureau\rec xp\logiciel audio\audiograbber\agsetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\Benj\Mes documents\FNTS~1\taskmgr.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\mjc\mjc.exe.vir (Adware.MJC) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Sakora\Sakora.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spc.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXRJBqq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dplpcsrf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\drmdhvio.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ftjgxnye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gwwwsovv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hpljtpfx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iidqwiqc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\imjed.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ixigku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jdouxw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ocxhscbh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rjeupuxw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vlwmlmap.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUKeeeB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP372\A0063047.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP372\A0063049.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP373\A0063118.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP373\A0063120.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP373\A0063124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063165.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063170.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063172.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063173.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063174.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063182.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0063183.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP374\A0064211.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP375\A0065203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP375\A0065204.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP375\A0065205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP384\A0066636.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP384\A0066637.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP384\A0066638.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP384\A0066642.dll (Trojan.Qqpass) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP384\A0066643.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP384\A0066644.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP391\A0070076.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP391\A0070077.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP391\A0070078.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP391\A0070082.dll (Trojan.Qqpass) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP391\A0070083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP391\A0070084.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0070771.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071768.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071769.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071771.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071772.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071773.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071775.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071776.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071777.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071778.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071779.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071789.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071792.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071793.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071800.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071801.exe (Adware.MJC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071806.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP393\A0071807.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP396\A0072948.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP396\A0072949.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP396\A0072950.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP396\A0072951.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP396\A0072952.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP396\A0072953.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP398\A0075024.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP401\A0077061.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP401\A0077062.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP401\A0077063.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP401\A0078062.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP401\A0078063.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP402\A0079050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP402\A0079063.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP402\A0079064.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080076.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080079.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080082.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080088.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080089.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080119.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080120.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP403\A0080123.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP404\A0080155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP404\A0080167.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP405\A0080198.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP405\A0080200.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP406\A0080230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP406\A0080232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP407\A0080282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP407\A0080298.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP407\A0080299.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP407\A0080300.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP407\A0080301.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP407\A0080313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP409\A0080370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP409\A0080384.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP409\A0080385.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP409\A0080388.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081414.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081415.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081507.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081508.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081510.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081511.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081512.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081519.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081520.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081523.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081537.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081539.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081540.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081544.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP411\A0081545.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081565.exe (Adware.MJC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081566.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081567.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081569.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081572.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081585.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081589.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081615.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FAF59F6C-6071-4043-947C-CF607E6FDA4A}\RP415\A0081652.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b148.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\Documents\cours\Theme 2006 06\Programmation\SetupPCW.exe (Adware.Agent) -> Quarantined and deleted successfully.
E:\Softwares\logiciels\voice modeler\VoiceModeler DEMO Setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benj\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\msoupdater.config (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\WINDOWS\BMdb113164.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

et celui de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:53, on 19/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Benj\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free edition\bdnagent.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Deehu] "C:\Program Files\Common Files\??stem32\??rvices.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B5A881F-19F5-4AA1-8ACF-BA69F54FA675}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D734970-9AA8-4945-9CC5-251C0170B57D}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5B0E7F-7E84-458F-A482-F387B04FB898}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFBF2357-F494-4D1A-B9D6-A147C20B60C5}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B5A881F-19F5-4AA1-8ACF-BA69F54FA675}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B5A881F-19F5-4AA1-8ACF-BA69F54FA675}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Réponse 6 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

* Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec en appuyant sur F8 au démarrage du BIOS.
* Choisis ton compte.

Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt.

ben2208

encore merci pour ton coup de main , ce log ma débarrassé de queqlques malwares supplementaire.
des fenetres spybot s'ouvre pour bloquer d'autres site . Par contre il y a une progression , ca le fait uniquement quand je vais sur hotmail. je te pose le log de sdfix et celui de hijackthis.

[b]SDFix: Version 1.207 [/b]
Run by Benj on 21/07/2008 at 19:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\sdfix\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\vntiho01\vntiho011065.exe - Deleted

Folder C:\WINDOWS\system32\vntiho01 - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 19:49:28
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[b]Remaining Files [/b]:

File Backups: - C:\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 23 Oct 2007 88 ..SHR --- "C:\WINDOWS\system32\1BFE778DD3.sys"
Tue 23 Oct 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 27 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 30 Aug 2007 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Thu 30 Aug 2007 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 29 May 2008 230,400 ..SHR --- "C:\Program Files\Common Files\??stem32\??rvices.exe"

[b]Finished![/b]

et celui de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:44, on 21/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Benj\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free edition\bdnagent.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Deehu] "C:\Program Files\Common Files\??stem32\??rvices.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFBF2357-F494-4D1A-B9D6-A147C20B60C5}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3F37F3D-8897-4D46-BB6E-91C21F6DFFD1}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Réponse 7 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.

C:\Program Files\Common Files\??stem32\??rvices.exe

---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

---> Poste un nouveau rapport HijackThis

ben220885

merci pour ta reponse j'ai fait ce que tu m'as demandé mais le logiciel spybot continue de bloquer uniquement quant je suis sur hotmail. un fenetre s'ouvre également marquant qu'il ne trouve pas les dll de msn discovery. cela a surement un rapport avec hotmail. je te poste les logs.
avec OTMoveIt2.exe

< C:\Program Files\Common Files\??stem32\??rvices.exe >
File/Folder C:\Program Files\Common Files\??stem32\??rvices.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_183036

et hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:47, on 23/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Benj\Bureau\Nouveau dossier (4)\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free edition\bdnagent.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk Trial\topdesk.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Deehu] "C:\Program Files\Common Files\??stem32\??rvices.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3F37F3D-8897-4D46-BB6E-91C21F6DFFD1}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Réponse 8 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

msn discovery ---> Vire ce programme.

ben220885

je l'ai virée, c'est bien ca le probleme , mais quelque chose s'aprete toujours a le lancer. il doit rester le coeur de ce programme qui doit etre impossible a supprimer completement.
merci encore
benjamin

Réponse 9 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

Regarde dans C:\Program Files s'il y est ou pas.

Réponse 10 / 11

ben220885

il ny est pas dans program files , jai fait une demande de recherche et je ne trouve rien comportant ce nom.
merci
benjamin

Réponse 11 / 11

Destrio5 Messages postés 99820 Statut Modérateur 10 305

Réinstalle MSN Discovery pour voir.

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton

Publicités : même son coupé, elles sont à fond

Problème de son dans les pubs

Publicité s'ouvre toute seule ! ?

Pubs sites de rencontre intempestives

Pubs intempestives

11 réponses

Votre réponse

Discussions similaires

Newsletters