Probleme fenetre pub et mis a jour windows

fbenital -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,

Voila, je vous explique, je sais pas si tous ces probleme sont liés mais cela me depasse. J'ai deja formaté mon PC voila 15 jours pour le meme probleme, cela l'avait resolu mais c'est revenu.

Je vais essayer de les enumérer :

- impossible d'activer les mis a jours automatique windows (centre de securité en bas a droite de l'ecran en permanence)

- firefox ne veux plus s'ouvrir, (firefox a rencontrer un probleme.......)

- sur internet explorer (quand je peux acceder a internet), il y a des fenetre de pub qui s'affiche.

- mon antivirus trouve des fichier et me met des alertes mais n'arrive a supprimer ces fichiers ou les mettre en quarantaine

Vu que le formatage n'a rien donné, j'ai evidemmant analyser mes autres disques dur et partitions mais sans succès.

Adaware, spybot, ccleaner ont éé utiliser mais ineficace. J'avais Mc Afee en antivirus avant le formatage, maintenant j'ai antivir, mais le deux apparemment n'ont rien pu faire pour eviter ca.

Meci d'avance pour votre aide
Configuration: Windows XP
Firefox

7 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

    voici un tuto pour bien l installer : https://forums.cnetfrance.fr

    -une fois installé, le renommer HJT.exe pour contrer une éventuelle infection vundo
    -Double-clic dessus
    - Clic sur "Do a system scan and save the log"
    - copier le rapport, le coller dans la réponse
    0
    1. fbenital
       
      Merci pour ta repons voici :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:57:38, on 15/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\IncrediMail\bin\ImApp.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\Benito\Bureau\hjt.exe.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {46D3F55D-AF16-4360-A231-649905FA1B05} - C:\WINDOWS\system32\hgGWNDVm.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7768234D-E494-424D-96E6-4819A1E16325} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: {d6dd7999-e45c-dfb9-8be4-ef222ff9ee5d} - {d5ee9ff2-22fe-4eb8-9bfd-c54e9997dd6d} - C:\WINDOWS\system32\owabpd.dll
      O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [bc0fb745] rundll32.exe "C:\WINDOWS\system32\nworkrpa.dll",b
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
      O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
      O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - Winlogon Notify: iifgeBTL - iifgeBTL.dll (file missing)
      O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
      O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu as quelques infections vundo...fais ce qui suit stp :

    Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

    = double-clic sur mbam-setup pour lancer l'installation
    = Installer simplement sans rien modifier
    = Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
    = Clic Rechercher
    = Eventuellement décocher les disque à ne pas analyser
    = Clic Lancer l'examen
    = En fin de scan , si infection trouvée
    ==> Clic Afficher résultat
    = Fermer vos applications en cours
    = Vérifier si tout est coché et clic Supprimer la sélection

    un rapport s'ouvre le copier et le coller dans la réponse

    Puis redémarrer le pc !!

    ensuite :

    Télécharge sur le bureau virtumundobegone :
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    déconnecte internet et désactive ton antivirus le temps de la manipulation

    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau

    Et refais un nouveau rapport hijackthis stp
    0
    1. fbenital
       
      Malwarebytes' Anti-Malware 1.20
      Version de la base de données: 957
      Windows 5.1.2600 Service Pack 2

      00:22:35 16/07/2008
      mbam-log-7-16-2008 (00-22-35).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
      Eléments examinés: 73328
      Temps écoulé: 14 minute(s), 46 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 2
      Clé(s) du Registre infectée(s): 3
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 5

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\hgGWNDVm.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\nworkrpa.dll (Trojan.Vundo) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46d3f55d-af16-4360-a231-649905fa1b05} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{46d3f55d-af16-4360-a231-649905fa1b05} (Trojan.Vundo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7768234d-e494-424d-96e6-4819a1e16325} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc0fb745 (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7768234d-e494-424d-96e6-4819a1e16325} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwndvm -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwndvm -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\hgGWNDVm.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\mVDNWGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mVDNWGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nworkrpa.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\aprkrown.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      0
      1. fbenital > fbenital
         
        [07/16/2008, 0:30:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Benito\Bureau\VirtumundoBeGone.exe" )
        [07/16/2008, 0:30:31] - Detected System Information:
        [07/16/2008, 0:30:31] - Windows Version: 5.1.2600, Service Pack 2
        [07/16/2008, 0:30:31] - Current Username: Benito (Admin)
        [07/16/2008, 0:30:31] - Windows is in NORMAL mode.
        [07/16/2008, 0:30:31] - Searching for Browser Helper Objects:
        [07/16/2008, 0:30:31] - BHO 1: {46D3F55D-AF16-4360-A231-649905FA1B05} ()
        [07/16/2008, 0:30:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [07/16/2008, 0:30:31] - No filename found. Continuing.
        [07/16/2008, 0:30:31] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
        [07/16/2008, 0:30:31] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [07/16/2008, 0:30:31] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
        [07/16/2008, 0:30:31] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
        [07/16/2008, 0:30:31] - BHO 6: {d5ee9ff2-22fe-4eb8-9bfd-c54e9997dd6d} ()
        [07/16/2008, 0:30:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [07/16/2008, 0:30:31] - Checking for HKLM\...\Winlogon\Notify\owabpd
        [07/16/2008, 0:30:31] - Key not found: HKLM\...\Winlogon\Notify\owabpd, continuing.
        [07/16/2008, 0:30:31] - Finished Searching Browser Helper Objects
        [07/16/2008, 0:30:31] - Finishing up...
        [07/16/2008, 0:30:31] - Nothing found! Exiting...
        0
      2. fbenital > fbenital
         
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 00:33:54, on 16/07/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
        C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\Program Files\IncrediMail\bin\ImApp.exe
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        C:\Program Files\Logitech\SetPoint\SetPoint.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
        C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Documents and Settings\Benito\Bureau\hjt.exe.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: (no name) - {46D3F55D-AF16-4360-A231-649905FA1B05} - (no file)
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: {d6dd7999-e45c-dfb9-8be4-ef222ff9ee5d} - {d5ee9ff2-22fe-4eb8-9bfd-c54e9997dd6d} - C:\WINDOWS\system32\owabpd.dll
        O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
        O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
        O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
        O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
        O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
        O4 - Global Startup: Logitech SetPoint.lnk = ?
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O20 - Winlogon Notify: iifgeBTL - iifgeBTL.dll (file missing)
        O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
        O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        0
      3. fbenital > fbenital
         
        Voila desolé ca été un peu long, mais j'ai l'antivirus qui s'est affolé sur la premiere manip
        0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    est ce que tu as redémarré ton pc apres le passage de malwarebytes??

    car il y a des fichiers infectés qui doivent se supprimer au redémarrage du pc
    0
    1. fbenital
       
      oui j'ai redemaré le pc apres chaque manip
      0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...télécharge combofix (par sUBs) ici :

    https://forospyware.com

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. fbenital
       
      ComboFix 08-07-13.14 - Benito 2008-07-16 0:47:59.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1580 [GMT 2:00]
      Endroit: C:\Documents and Settings\Benito\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\BMbf3c84d9.txt
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\hgGWNDVm.dll
      C:\WINDOWS\system32\iccaidjl.ini
      C:\WINDOWS\system32\iyfafikj.dll
      C:\WINDOWS\system32\lehlxmce.ini
      C:\WINDOWS\system32\MSINET.oca
      C:\WINDOWS\system32\mVDNWGgh.ini
      C:\WINDOWS\system32\mVDNWGgh.ini2
      C:\WINDOWS\system32\ngtkxa.dll
      C:\WINDOWS\system32\odolusng.dll
      C:\WINDOWS\system32\owabpd.dll
      C:\WINDOWS\system32\pac.txt
      C:\WINDOWS\system32\qoMgdeDU.dll
      C:\WINDOWS\system32\ssqRLBrr.dll
      C:\WINDOWS\system32\tgfubv.dll
      C:\WINDOWS\system32\ukwqlmvg.dll
      C:\WINDOWS\system32\wdvfnwos.ini
      C:\WINDOWS\system32\wkfcdxdd.dll
      C:\WINDOWS\system32\wmxatsgr.dll

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
      .

      2019-07-06 16:34 . 2019-07-06 16:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
      2019-07-06 16:15 . 2008-07-13 15:22 12 --a------ C:\WINDOWS\system32\mapisvc.inf
      2019-07-06 16:14 . 2008-07-13 15:25 <REP> d-------- C:\Program Files\ESET
      2008-07-16 00:06 . 2008-07-16 00:06 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Malwarebytes
      2008-07-16 00:05 . 2008-07-16 00:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-16 00:05 . 2008-07-16 00:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-16 00:05 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-16 00:05 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-15 23:12 . 2008-07-15 23:12 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Talkback
      2008-07-15 22:53 . 2008-07-15 22:53 <REP> d-------- C:\Program Files\CCleaner
      2008-07-15 21:39 . 2008-07-15 21:39 95 --a------ C:\WINDOWS\wininit.ini
      2008-07-15 21:15 . 2008-07-15 21:15 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Lavasoft
      2008-07-15 21:14 . 2008-07-15 21:14 <REP> d-------- C:\Program Files\Lavasoft
      2008-07-15 21:11 . 2008-07-15 21:11 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Grisoft
      2008-07-15 21:11 . 2008-07-15 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-07-15 21:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-07-15 21:04 . 2008-07-15 21:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-07-15 21:04 . 2008-07-15 23:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-07-15 21:00 . 2008-07-15 21:09 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-15 20:59 . 2008-07-15 20:59 <REP> d-------- C:\Program Files\Google
      2008-07-15 18:03 . 2008-07-15 18:03 <REP> d-------- C:\Documents and Settings\Benito\Application Data\CR330TWN
      2008-07-15 18:03 . 2008-07-15 18:03 <REP> d-------- C:\Documents and Settings\Benito\Application Data\CR120TWN
      2008-07-14 15:54 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
      2008-07-14 15:54 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
      2008-07-14 13:55 . 2008-07-15 21:14 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
      2008-07-13 13:31 . 2008-07-13 13:31 <REP> d-------- C:\Program Files\Avira
      2008-07-13 13:31 . 2008-07-13 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-07-13 11:35 . 2008-07-15 21:40 110,419 --a------ C:\WINDOWS\BMbf3c84d9.xml
      2008-07-12 22:39 . 2008-07-15 22:49 1,804 --a------ C:\WINDOWS\cookies.MSNFix
      2008-07-12 10:54 . 2008-07-13 11:44 <REP> d-------- C:\WINDOWS\system32\olixds18
      2008-07-12 10:54 . 2008-07-12 10:54 <REP> d-------- C:\Temp\stmpv4
      2008-07-12 10:54 . 2008-07-12 10:54 <REP> d-------- C:\Temp
      2008-07-10 21:26 . 2008-07-10 21:26 <REP> d-------- C:\Webcam
      2008-07-10 21:26 . 2003-10-29 01:01 28,672 --a------ C:\WINDOWS\system32\P1120Ext.crl
      2008-07-10 21:26 . 2003-06-23 01:00 24,576 --a------ C:\WINDOWS\system32\P1120Pin.crl
      2008-07-10 21:26 . 2002-03-26 13:48 896 --a------ C:\WINDOWS\system32\P1120Vex.loc
      2008-07-10 21:24 . 2008-07-10 21:24 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Logitech
      2008-07-10 21:22 . 2008-07-10 21:22 <REP> d-------- C:\Program Files\Logitech
      2008-07-10 21:22 . 2008-07-10 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
      2008-07-10 21:22 . 2008-07-10 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
      2008-07-10 21:22 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
      2008-07-10 21:22 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
      2008-07-10 21:22 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
      2008-07-10 21:22 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
      2008-07-10 21:22 . 2007-01-23 15:45 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
      2008-07-10 21:22 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
      2008-07-10 21:22 . 2007-01-23 15:44 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
      2008-07-10 21:22 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
      2008-07-09 12:55 . 2008-07-09 12:55 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Corel
      2008-07-09 12:55 . 2008-07-15 18:00 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
      2008-07-09 12:54 . 2008-07-09 12:54 <REP> d-------- C:\Program Files\Corel
      2008-07-09 12:50 . 2008-07-09 12:50 <REP> d-------- C:\Program Files\Finale Performance Assessment
      2008-07-09 12:49 . 2008-07-09 12:49 <REP> d-------- C:\Psfonts
      2008-07-09 12:49 . 2008-07-09 12:51 <REP> d-------- C:\Program Files\Finale 2005b
      2008-07-09 12:49 . 2008-07-09 12:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-07-09 12:49 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
      2008-07-09 12:49 . 2008-07-09 12:49 507 --a------ C:\WINDOWS\winiini.fin
      2008-07-09 12:45 . 2008-07-09 12:45 <REP> d-------- C:\WINDOWS\system32\QuickTime
      2008-07-09 12:45 . 2008-07-09 12:45 <REP> d-------- C:\WINDOWS\Downloaded Installations
      2008-07-09 12:45 . 2008-07-09 12:46 <REP> d-------- C:\Program Files\Macromedia
      2008-07-09 12:45 . 2008-07-09 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
      2008-07-08 20:46 . 2008-07-08 20:46 <REP> d-------- C:\Program Files\Guitar Pro 5
      2008-07-08 13:18 . 2008-07-08 13:18 <REP> d-------- C:\Program Files\Hewlett-Packard
      2008-07-08 13:18 . 2008-07-08 13:18 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
      2008-07-08 13:13 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
      2008-07-08 13:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
      2008-07-08 13:13 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
      2008-07-08 13:07 . 2008-07-08 13:07 <REP> d-------- C:\Program Files\HP
      2008-07-08 13:02 . 2008-07-08 13:02 <REP> d-------- C:\Program Files\Sibelius Software
      2008-07-08 12:50 . 2008-07-08 12:50 <REP> d-------- C:\Program Files\LimeWire
      2008-07-08 12:50 . 2008-07-08 20:42 <REP> d-------- C:\Documents and Settings\Benito\Application Data\LimeWire
      2008-07-08 11:58 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
      2008-07-08 11:57 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-07-08 11:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-07-08 11:57 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-07-08 11:57 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-07-08 11:57 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-07-08 11:57 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-07-08 11:57 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-07-08 11:57 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-07-08 11:57 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-07-08 11:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-07-08 11:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-07-08 11:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-07-07 23:44 . 2008-07-07 23:44 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Media Player Classic
      2008-07-07 23:44 . 2008-07-15 17:51 69 --a------ C:\WINDOWS\NeroDigital.ini
      2008-07-07 23:35 . 2008-07-07 23:35 <REP> d-------- C:\Program Files\Outils de Guitare-Online
      2008-07-07 23:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-07-07 23:31 . 2008-07-07 23:32 <REP> d-------- C:\Program Files\Java
      2008-07-07 23:31 . 2008-07-07 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
      2008-07-06 21:16 . 2008-07-06 21:16 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Ahead
      2008-07-06 21:15 . 2008-07-06 21:15 <REP> d-------- C:\Program Files\Nero
      2008-07-06 21:15 . 2008-07-06 21:16 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
      2008-07-06 21:12 . 2008-07-06 21:12 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
      2008-07-06 21:12 . 2008-07-07 11:46 <REP> d-------- C:\Program Files\DAEMON Tools Lite
      2008-07-06 21:10 . 2008-07-06 21:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-07-06 21:09 . 2008-07-06 21:09 <REP> d-------- C:\Documents and Settings\Benito\Application Data\DAEMON Tools
      2008-07-06 20:59 . 2008-07-06 20:59 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Steinberg
      2008-07-06 20:57 . 2008-07-06 20:57 <REP> d-------- C:\Program Files\Steinberg
      2008-07-06 20:46 . 2008-07-06 20:46 <REP> d-------- C:\Program Files\K-Lite Codec Pack
      2008-07-06 20:46 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
      2008-07-06 20:44 . 2008-07-06 20:44 <REP> d-------- C:\Program Files\Windows Media Connect 2
      2008-07-06 20:43 . 2008-07-06 20:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
      2008-07-06 20:43 . 2008-07-06 20:44 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
      2008-07-06 20:15 . 2008-07-06 20:15 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
      2008-07-06 20:13 . 2008-07-06 21:12 <REP> d-------- C:\Program Files\NOS
      2008-07-06 20:13 . 2008-07-06 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
      2008-07-06 18:28 . 2008-07-08 12:00 <REP> d-------- C:\WINDOWS\system32\fr-fr
      2008-07-06 18:18 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-07-06 18:18 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-07-06 18:16 . 2008-07-06 18:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
      2008-07-06 18:15 . 2008-07-06 18:16 <REP> d-------- C:\Program Files\IncrediMail
      2008-07-06 18:15 . 2008-07-06 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
      2008-07-06 16:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
      2008-07-06 16:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
      2008-07-06 16:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
      2008-07-06 16:54 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
      2008-07-06 16:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
      2008-07-06 16:52 . 2008-07-06 16:52 <REP> d--hs---- C:\Documents and Settings\Benito\UserData
      2008-07-06 16:44 . 2008-07-06 16:44 0 --a------ C:\WINDOWS\nsreg.dat
      2008-07-06 16:11 . 2008-07-06 16:11 <REP> d-------- C:\Documents and Settings\Benito\Application Data\ATI
      2008-07-06 16:06 . 2008-07-06 16:06 <REP> d-------- C:\WINDOWS\system32\URTTemp
      2008-07-06 16:05 . 2008-07-06 16:07 <REP> d-------- C:\Program Files\ATI Technologies
      2008-07-06 16:05 . 2005-07-11 22:12 524,850 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
      2008-07-06 16:05 . 2005-08-05 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-06 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-07-06 15:53 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-07-06 15:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-07-06 15:49 --------- d-----w C:\Program Files\Windows Live
      2008-07-06 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-07-06 15:27 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
      2008-07-06 15:27 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
      2008-07-06 13:56 --------- d-----w C:\Program Files\microsoft frontpage
      2008-07-06 13:54 --------- d-----w C:\Program Files\Services en ligne
      2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      2007-12-10 15:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-04 12:42 683464]

      [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
      [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-04 12:42 683464]

      [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
      [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-06-12 13:49 243072]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-15 20:59 171448]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

      S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be3d1e7c-4fef-11dd-8e25-0018f3995a60}]
      \Shell\Auto\command - J:\Start.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

      .
      - - - - ORPHANS REMOVED - - - -

      BHO-{46D3F55D-AF16-4360-A231-649905FA1B05} - (no file)
      BHO-{d5ee9ff2-22fe-4eb8-9bfd-c54e9997dd6d} - (no file)
      HKLM-Run-NWEReboot - (no file)
      Notify-iifgeBTL - iifgeBTL.dll


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-16 00:51:07
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\IncrediMail\bin\ImApp.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-16 0:53:59 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-15 22:53:02

      Pre-Run: 74,180,702,208 octets libres
      Post-Run: 74,362,920,960 octets libres

      261 --- E O F --- 2008-07-09 10:12:38
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok fais ceci :

    Copie le texte ci-dessous :

    File::
    c:\windows\cookies.ini
    c:\windows\pskt.ini

    Folder::

    Registry::


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    ensuite refais un nouveau rapport hijackthis stp
    0
    1. fbenital
       
      ComboFix 08-07-13.14 - Benito 2008-07-16 1:07:36.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1595 [GMT 2:00]
      Endroit: C:\Documents and Settings\Benito\Bureau\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Benito\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      c:\windows\cookies.ini
      c:\windows\pskt.ini
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\BMbf3c84d9.xml

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
      .

      2019-07-06 16:34 . 2019-07-06 16:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
      2019-07-06 16:15 . 2008-07-13 15:22 12 --a------ C:\WINDOWS\system32\mapisvc.inf
      2019-07-06 16:14 . 2008-07-13 15:25 <REP> d-------- C:\Program Files\ESET
      2008-07-16 00:06 . 2008-07-16 00:06 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Malwarebytes
      2008-07-16 00:05 . 2008-07-16 00:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-16 00:05 . 2008-07-16 00:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-07-16 00:05 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-16 00:05 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-15 23:12 . 2008-07-15 23:12 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Talkback
      2008-07-15 22:53 . 2008-07-15 22:53 <REP> d-------- C:\Program Files\CCleaner
      2008-07-15 21:39 . 2008-07-15 21:39 95 --a------ C:\WINDOWS\wininit.ini
      2008-07-15 21:15 . 2008-07-15 21:15 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Lavasoft
      2008-07-15 21:14 . 2008-07-15 21:14 <REP> d-------- C:\Program Files\Lavasoft
      2008-07-15 21:11 . 2008-07-15 21:11 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Grisoft
      2008-07-15 21:11 . 2008-07-15 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-07-15 21:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-07-15 21:04 . 2008-07-15 21:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-07-15 21:04 . 2008-07-16 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-07-15 21:00 . 2008-07-15 21:09 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-07-15 20:59 . 2008-07-15 20:59 <REP> d-------- C:\Program Files\Google
      2008-07-15 18:03 . 2008-07-15 18:03 <REP> d-------- C:\Documents and Settings\Benito\Application Data\CR330TWN
      2008-07-15 18:03 . 2008-07-15 18:03 <REP> d-------- C:\Documents and Settings\Benito\Application Data\CR120TWN
      2008-07-14 15:54 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
      2008-07-14 15:54 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
      2008-07-14 13:55 . 2008-07-15 21:14 143 --a------ C:\WINDOWS\system32\mcrh.MSNFix
      2008-07-13 13:31 . 2008-07-13 13:31 <REP> d-------- C:\Program Files\Avira
      2008-07-13 13:31 . 2008-07-13 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-07-12 22:39 . 2008-07-15 22:49 1,804 --a------ C:\WINDOWS\cookies.MSNFix
      2008-07-12 10:54 . 2008-07-13 11:44 <REP> d-------- C:\WINDOWS\system32\olixds18
      2008-07-12 10:54 . 2008-07-12 10:54 <REP> d-------- C:\Temp\stmpv4
      2008-07-12 10:54 . 2008-07-12 10:54 <REP> d-------- C:\Temp
      2008-07-10 21:26 . 2008-07-10 21:26 <REP> d-------- C:\Webcam
      2008-07-10 21:26 . 2003-10-29 01:01 28,672 --a------ C:\WINDOWS\system32\P1120Ext.crl
      2008-07-10 21:26 . 2003-06-23 01:00 24,576 --a------ C:\WINDOWS\system32\P1120Pin.crl
      2008-07-10 21:26 . 2002-03-26 13:48 896 --a------ C:\WINDOWS\system32\P1120Vex.loc
      2008-07-10 21:24 . 2008-07-10 21:24 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Logitech
      2008-07-10 21:22 . 2008-07-10 21:22 <REP> d-------- C:\Program Files\Logitech
      2008-07-10 21:22 . 2008-07-10 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
      2008-07-10 21:22 . 2008-07-10 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
      2008-07-10 21:22 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
      2008-07-10 21:22 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
      2008-07-10 21:22 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
      2008-07-10 21:22 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
      2008-07-10 21:22 . 2007-01-23 15:45 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
      2008-07-10 21:22 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
      2008-07-10 21:22 . 2007-01-23 15:44 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
      2008-07-10 21:22 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
      2008-07-09 12:55 . 2008-07-09 12:55 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Corel
      2008-07-09 12:55 . 2008-07-15 18:00 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
      2008-07-09 12:54 . 2008-07-09 12:54 <REP> d-------- C:\Program Files\Corel
      2008-07-09 12:50 . 2008-07-09 12:50 <REP> d-------- C:\Program Files\Finale Performance Assessment
      2008-07-09 12:49 . 2008-07-09 12:49 <REP> d-------- C:\Psfonts
      2008-07-09 12:49 . 2008-07-09 12:51 <REP> d-------- C:\Program Files\Finale 2005b
      2008-07-09 12:49 . 2008-07-09 12:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-07-09 12:49 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
      2008-07-09 12:49 . 2008-07-09 12:49 507 --a------ C:\WINDOWS\winiini.fin
      2008-07-09 12:45 . 2008-07-09 12:45 <REP> d-------- C:\WINDOWS\system32\QuickTime
      2008-07-09 12:45 . 2008-07-09 12:45 <REP> d-------- C:\WINDOWS\Downloaded Installations
      2008-07-09 12:45 . 2008-07-09 12:46 <REP> d-------- C:\Program Files\Macromedia
      2008-07-09 12:45 . 2008-07-09 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
      2008-07-08 20:46 . 2008-07-08 20:46 <REP> d-------- C:\Program Files\Guitar Pro 5
      2008-07-08 13:18 . 2008-07-08 13:18 <REP> d-------- C:\Program Files\Hewlett-Packard
      2008-07-08 13:18 . 2008-07-08 13:18 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
      2008-07-08 13:13 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
      2008-07-08 13:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
      2008-07-08 13:13 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
      2008-07-08 13:07 . 2008-07-08 13:07 <REP> d-------- C:\Program Files\HP
      2008-07-08 13:02 . 2008-07-08 13:02 <REP> d-------- C:\Program Files\Sibelius Software
      2008-07-08 12:50 . 2008-07-08 12:50 <REP> d-------- C:\Program Files\LimeWire
      2008-07-08 12:50 . 2008-07-08 20:42 <REP> d-------- C:\Documents and Settings\Benito\Application Data\LimeWire
      2008-07-08 11:58 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
      2008-07-08 11:57 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-07-08 11:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-07-08 11:57 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-07-08 11:57 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
      2008-07-08 11:57 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
      2008-07-08 11:57 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
      2008-07-08 11:57 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
      2008-07-08 11:57 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
      2008-07-08 11:57 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-07-08 11:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-07-08 11:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-07-08 11:55 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-07-07 23:44 . 2008-07-07 23:44 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Media Player Classic
      2008-07-07 23:44 . 2008-07-15 17:51 69 --a------ C:\WINDOWS\NeroDigital.ini
      2008-07-07 23:35 . 2008-07-07 23:35 <REP> d-------- C:\Program Files\Outils de Guitare-Online
      2008-07-07 23:32 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-07-07 23:31 . 2008-07-07 23:32 <REP> d-------- C:\Program Files\Java
      2008-07-07 23:31 . 2008-07-07 23:31 <REP> d-------- C:\Program Files\Fichiers communs\Java
      2008-07-06 21:16 . 2008-07-06 21:16 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Ahead
      2008-07-06 21:15 . 2008-07-06 21:15 <REP> d-------- C:\Program Files\Nero
      2008-07-06 21:15 . 2008-07-06 21:16 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
      2008-07-06 21:12 . 2008-07-06 21:12 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
      2008-07-06 21:12 . 2008-07-07 11:46 <REP> d-------- C:\Program Files\DAEMON Tools Lite
      2008-07-06 21:10 . 2008-07-06 21:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-07-06 21:09 . 2008-07-06 21:09 <REP> d-------- C:\Documents and Settings\Benito\Application Data\DAEMON Tools
      2008-07-06 20:59 . 2008-07-06 20:59 <REP> d-------- C:\Documents and Settings\Benito\Application Data\Steinberg
      2008-07-06 20:57 . 2008-07-06 20:57 <REP> d-------- C:\Program Files\Steinberg
      2008-07-06 20:46 . 2008-07-06 20:46 <REP> d-------- C:\Program Files\K-Lite Codec Pack
      2008-07-06 20:46 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
      2008-07-06 20:44 . 2008-07-06 20:44 <REP> d-------- C:\Program Files\Windows Media Connect 2
      2008-07-06 20:43 . 2008-07-06 20:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
      2008-07-06 20:43 . 2008-07-06 20:44 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
      2008-07-06 20:15 . 2008-07-06 20:15 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
      2008-07-06 20:13 . 2008-07-06 21:12 <REP> d-------- C:\Program Files\NOS
      2008-07-06 20:13 . 2008-07-06 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
      2008-07-06 18:28 . 2008-07-08 12:00 <REP> d-------- C:\WINDOWS\system32\fr-fr
      2008-07-06 18:18 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-07-06 18:18 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-07-06 18:16 . 2008-07-06 18:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
      2008-07-06 18:15 . 2008-07-06 18:16 <REP> d-------- C:\Program Files\IncrediMail
      2008-07-06 18:15 . 2008-07-06 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
      2008-07-06 16:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
      2008-07-06 16:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
      2008-07-06 16:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
      2008-07-06 16:54 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
      2008-07-06 16:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
      2008-07-06 16:52 . 2008-07-06 16:52 <REP> d--hs---- C:\Documents and Settings\Benito\UserData
      2008-07-06 16:44 . 2008-07-06 16:44 0 --a------ C:\WINDOWS\nsreg.dat
      2008-07-06 16:11 . 2008-07-06 16:11 <REP> d-------- C:\Documents and Settings\Benito\Application Data\ATI
      2008-07-06 16:06 . 2008-07-06 16:06 <REP> d-------- C:\WINDOWS\system32\URTTemp
      2008-07-06 16:05 . 2008-07-06 16:07 <REP> d-------- C:\Program Files\ATI Technologies
      2008-07-06 16:05 . 2005-07-11 22:12 524,850 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
      2008-07-06 16:05 . 2005-08-05 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
      2008-07-06 16:05 . 2005-08-04 08:07 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-06 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-07-06 15:53 --------- d-----w C:\Program Files\Messenger Plus! Live
      2008-07-06 15:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-07-06 15:49 --------- d-----w C:\Program Files\Windows Live
      2008-07-06 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-07-06 15:27 64,419 ----a-w C:\WINDOWS\BricoPackUninst.cmd
      2008-07-06 15:27 6,116 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
      2008-07-06 15:27 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
      2008-07-06 13:56 --------- d-----w C:\Program Files\microsoft frontpage
      2008-07-06 13:54 --------- d-----w C:\Program Files\Services en ligne
      2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
      2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
      2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2007-12-10 15:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-04 12:42 683464]

      [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
      [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-04 12:42 683464]

      [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
      [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
      [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-06-12 13:49 243072]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-15 20:59 171448]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-10 21:22:33 688128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.YV12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\system32\\dpvsetup.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

      S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be3d1e7c-4fef-11dd-8e25-0018f3995a60}]
      \Shell\Auto\command - J:\Start.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-16 01:08:20
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-16 1:08:44
      ComboFix-quarantined-files.txt 2008-07-15 23:08:41
      ComboFix2.txt 2008-07-15 22:54:00

      Pre-Run: 74,347,270,144 octets libres
      Post-Run: 74,337,865,728 octets libres

      235 --- E O F --- 2008-07-09 10:12:38
      0
      1. fbenital > fbenital
         
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 01:10:13, on 16/07/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16674)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
        C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        C:\Program Files\IncrediMail\bin\ImApp.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\WINDOWS\system32\notepad.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\Documents and Settings\Benito\Bureau\hjt.exe.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
        O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
        O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
        O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        0
      2. fbenital > fbenital
         
        Est ce que je dois te remettre un HijackThis apres redemarrage manuelle
        0
  7. fbenital
     
    En tout ca merci beaucoup, ca a l'air de fonctionner pour l'instant.

    La je vais me coucher car boulot demain. Je te dirai demain si ca ne marche plus.

    Merci encore, bonne nuit et a bientot
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ca a l air bon je ne vois plus d infections dans ton rapport...fais ceci stp :

    relance hijackthis en cliquant sur scan only et coches cette ligne :

    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

    puis tu cliques sur fix checked.

    vas faire la mise à niveau de java à cette adresse : https://www.java.com/fr/download/manual.jsp

    est ce que tu as encore des problemes ??
    0