ouverture de page de pub intempestive , ads .

Question

Bonjour,
bonjour au forum VIRUS !!!
je viens de recuperer unb pc portable d'un copain qui est embeté par des fenetres de pub puis par "ads served" !!!
est ce qu une ame charitable pourrait me le sortir de ce petrin ?
merci d'avance

Destrio5 · Answer

Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

clapasol · Answer

bonjour destrio5 et merci pour ton aide .
voici le rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:48, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: targetedbanner browser optimizer - {d2479a0c-36ae-067a-582b-01f1cb44cfc6} - C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll
O2 - BHO: (no name) - {D293AADB-5A01-4D05-AD41-CC1DF0D421A7} - C:\WINDOWS\system32\urqQifFv.dll (file missing)
O2 - BHO: (no name) - {e60d0c50-15e4-40e9-9dd6-b7af2aabb0fe} - C:\WINDOWS\system32
tuswl.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [{0080a652-b4e6-2613-4ca6-68f84d335e97}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll" DllStart
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\wwjtveoi.dll",b
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\pambwvlq.dll",s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\w-w-w-dot-com\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\w-w-w-dot-com\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Destrio5 · Answer

Ah oui, effectivement...

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

clapasol · Answer

re voici le rapport:ComboFix 08-07-28.6 - hamga 2008-07-29 20:20:42.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.631 [GMT 2:00] Endroit: C:\Documents and Settings\hamga\Bureau\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\hamga\Application Data\DriveCleaner 2006 Free C:\Documents and Settings\hamga\Application Data\DriveCleaner 2006 Free\Logs\update.log C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\#SharedObjects\ZT2EHB8N\interclick.com C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\#SharedObjects\ZT2EHB8N\interclick.com\ud.sol C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\hamga\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Program Files\dbar C:\Program Files\dbar\basis.xml C:\Program Files\dbar\channel.tmpl C:\Program Files\dbar\content.tmpl C:\Program Files\dbar\dbaruninst.exe C:\Program Files\dbar\deskbar.crc C:\Program Files\dbar\deskbar.inf C:\Program Files\dbar\edit_rss.tmpl C:\Program Files\dbar\local.xml C:\Program Files\dbar av1.bmp C:\Program Files\dbar av2.bmp C:\Program Files\dbar ew_alert.tmpl C:\Program Files\dbar\version.ini C:\Program Files\dbar\version.txt C:\Program Files\VAV C:\Program Files\VAV\vav.ooo C:\WINDOWS\BM313e2b3d.txt C:\WINDOWS\cookies.ini C:\WINDOWS\system32\anjgliwj.dll C:\WINDOWS\system32\aqtcaodi.ini C:\WINDOWS\system32\autorun.ini C:\WINDOWS\system32\bhvuyyyc.dll C:\WINDOWS\system32\cagifmox.ini C:\WINDOWS\system32\doowid.dll C:\WINDOWS\system32\drivers pf.sys C:\WINDOWS\system32\ducrdt.dll C:\WINDOWS\system32\eddfvlrj.ini C:\WINDOWS\system32\eokfyllw.dll C:\WINDOWS\system32\eyihblnj.dll C:\WINDOWS\system32\faeofhij.ini C:\WINDOWS\system32\heybam.dll C:\WINDOWS\system32\hhxkwlef.dll C:\WINDOWS\system32\htufcrhi.dll C:\WINDOWS\system32\ibvyqxsl.dll C:\WINDOWS\system32\ikaedg.dll C:\WINDOWS\system32\ioevtjww.ini C:\WINDOWS\system32\irmgnyod.dll C:\WINDOWS\system32\jcffrwtm.ini C:\WINDOWS\system32\jemtqtmm.dll C:\WINDOWS\system32\lmsrzz.dll C:\WINDOWS\system32\lppsioyl.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mftvgy.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\mwvwjicd.dll C:\WINDOWS\system32\myhyqcqj.ini C:\WINDOWS\system32 tuswl.dll C:\WINDOWS\system32\ogmqmbdv.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pcgjqegu.ini C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\qldffhrc.ini C:\WINDOWS\system32\sdokpcmu.dll C:\WINDOWS\system32\sikumdvf.ini C:\WINDOWS\system32\suealgxt.dll C:\WINDOWS\system32 mruynjy.dll C:\WINDOWS\system32\vFfiQqru.ini C:\WINDOWS\system32\vFfiQqru.ini2 C:\WINDOWS\system32\vheuvrcp.ini C:\WINDOWS\system32\vvbxnjai.ini C:\WINDOWS\system32\vxnubedn.dll C:\WINDOWS\system32\wcrfaxmt.ini C:\WINDOWS\system32\wcwxrprj.dll C:\WINDOWS\system32\wivesatb.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wwjtveoi.dll C:\WINDOWS\system32\xvquhaav.dll C:\WINDOWS\system32\ykicli.dll C:\WINDOWS\system32\yksubwau.ini C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll C:\WINDOWS\system32\yonria.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))))))) . 2008-07-29 18:20 . 2008-07-29 18:20 d-------- C:\Program Files\Trend Micro 2008-07-28 19:59 . 2008-07-28 19:59 d-------- C:\VundoFix Backups 2008-07-28 19:45 . 2008-07-28 19:45 d-------- C:\WINDOWS\system32\fr 2008-07-28 19:45 . 2008-07-28 19:45 d-------- C:\WINDOWS\system32\bits 2008-07-28 19:45 . 2008-07-28 19:45 d-------- C:\WINDOWS\l2schemas 2008-07-28 19:42 . 2008-07-28 19:42 d-------- C:\WINDOWS\ServicePackFiles 2008-07-28 19:35 . 2008-07-28 19:36 d-------- C:\WINDOWS\EHome 2008-07-28 19:04 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-07-28 19:04 . 2004-08-03 22:29 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys 2008-07-28 19:04 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers etwlan5.img 2008-07-28 19:04 . 2004-08-03 22:29 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2008-07-28 19:04 . 2004-08-03 22:29 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys 2008-07-28 19:04 . 2004-08-03 22:29 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys 2008-07-28 19:04 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys 2008-07-28 19:04 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys 2008-07-28 18:45 . 2008-07-28 18:45 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-07-28 18:07 . 2008-07-28 18:07 d-------- C:\Program Files\Yahoo! 2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-28 15:00 . 2008-07-28 15:00 d--h----- C:\WINDOWS\$hf_mig$ 2008-07-28 15:00 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache mcast.sys 2008-07-28 13:20 . 2008-07-28 13:20 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-07-28 13:20 . 2008-07-28 13:20 298,104 --a------ C:\WINDOWS\system32\imon.dll 2008-07-28 13:20 . 2008-07-28 13:20 15,424 --a------ C:\WINDOWS\system32\drivers od32drv.sys 2008-07-28 13:19 . 2008-07-28 13:19 d-------- C:\Program Files\Eset 2008-07-25 20:30 . 2008-07-25 20:30 d-------- C:\Program Files\w-w-w-dot-com 2008-07-20 20:40 . 2008-07-20 20:40 294 --ahs---- C:\WINDOWS\system32\hcsfoewl.ini 2008-07-20 15:42 . 2008-07-20 15:42 1,715,108 ---hs---- C:\WINDOWS\system32\hcsfoewl.tmp 2008-07-17 20:48 . 2008-07-17 20:48 268 --ah----- C:\sqmdata09.sqm 2008-07-15 23:28 . 2008-07-15 23:28 268 --ah----- C:\sqmdata07.sqm 2008-07-13 21:45 . 2008-07-13 21:45 268 --ah----- C:\sqmdata02.sqm 2008-07-13 21:45 . 2008-07-13 21:45 244 --ah----- C:\sqmnoopt03.sqm 2008-07-11 23:23 . 2008-07-11 23:23 64,317 --a------ C:\WINDOWS\system32\ekphwdkffvs.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-28 11:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache cpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache cpip6.sys 2008-06-09 08:30 --------- d-----w C:\Program Files\Lavasoft 2008-06-09 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-09 08:06 3,032 ----a-w C:\WINDOWS\system32\lbspvcxc.dll 2008-06-09 07:29 3,032 ----a-w C:\WINDOWS\system32\vyghayjn.dll 2008-06-09 07:28 3,032 ----a-w C:\WINDOWS\system32\ywxkyvtf.dll 2008-06-06 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender 2008-06-06 08:47 --------- d-----w C:\Documents and Settings\hamga\Application Data\Talkback 2008-06-01 20:20 --------- d-----w C:\Documents and Settings\hamga\Application Data\ItsLabel 2008-06-01 20:11 63,909 ----a-w C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe 2008-06-01 15:11 --------- d-----w C:\Documents and Settings\hamga\Application Data\vlc 2008-06-01 15:10 --------- d-----w C:\Program Files\VideoLAN 2008-06-01 15:10 --------- d-----w C:\Documents and Settings\hamga\Application Data\EoRezo 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-01-29 17:10 0 ----a-w C:\Documents and Settings\hamga\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704] "nod32kui"="C:\Program Files\Eset od32kui.exe" [2008-07-28 13:20 949376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Acer\Acer Arcade\PCMService.exe"= "C:\Program Files\Hercules\Hercules DualPix HD Webcam\Station2.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-12-08 14:02] S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-11-16 16:01] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . - - - - ORPHANS REMOVED - - - - BHO-{D293AADB-5A01-4D05-AD41-CC1DF0D421A7} - C:\WINDOWS\system32\urqQifFv.dll HKCU-Run-WOOKIT - C:\PROGRA~1\WANADOO\GestMaj.exe HKLM-Run-{0080a652-b4e6-2613-4ca6-68f84d335e97} - C:\WINDOWS\system32\ymxvfpjduptcgjcf.dll HKLM-Run-320d18a1 - C:\WINDOWS\system32\wwjtveoi.dll HKLM-Run-BM313e2b3d - C:\WINDOWS\system32\pambwvlq.dll MSConfigStartUp-Antivirus - C:\Program Files\VAV\vav.exe MSConfigStartUp-{0080a652-b4e6-2613-4ca6-68f84d335e97} - C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://whynotsearchhere.com/start.php R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 20:25:01 Windows 5.1.2600 Service Pack 3 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Eset\pr_imon.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE C:\PROGRAM FILES\ESET\NOD32KRN.EXE C:\WINDOWS\SYSTEM32\HPZIPM12.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE . ************************************************************************** . Temps d'accomplissement: 2008-07-29 20:26:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-29 18:26:14 Pre-Run: 14,855,864,320 octets libres Post-Run: 14,804,975,616 octets libres 248 --- E O F --- 2008-07-28 18:14:20 par contre au redemarage de window , j'ai un son d'alerte puis plusieurs fenetres qui me disent qu il manque des fichiers dll.... puis j'ai toukours des fenetres qui s'ouvrent ? merci

clapasol · Answer

du coup j'ai refait un nettoyage et voici le rapport: ComboFix 08-07-28.6 - hamga 2008-07-29 20:32:22.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.649 [GMT 2:00] Endroit: C:\Documents and Settings\hamga\Bureau\ComboFix.exe * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM313e2b3d.xml . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))))))) . 2008-07-29 18:20 . 2008-07-29 18:20 d-------- C:\Program Files\Trend Micro 2008-07-28 19:59 . 2008-07-28 19:59 d-------- C:\VundoFix Backups 2008-07-28 19:45 . 2008-07-28 19:45 d-------- C:\WINDOWS\system32\fr 2008-07-28 19:45 . 2008-07-28 19:45 d-------- C:\WINDOWS\system32\bits 2008-07-28 19:45 . 2008-07-28 19:45 d-------- C:\WINDOWS\l2schemas 2008-07-28 19:42 . 2008-07-28 19:42 d-------- C:\WINDOWS\ServicePackFiles 2008-07-28 19:35 . 2008-07-28 19:36 d-------- C:\WINDOWS\EHome 2008-07-28 19:04 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-07-28 19:04 . 2004-08-03 22:29 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys 2008-07-28 19:04 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers etwlan5.img 2008-07-28 19:04 . 2004-08-03 22:29 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2008-07-28 19:04 . 2004-08-03 22:29 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys 2008-07-28 19:04 . 2004-08-03 22:29 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys 2008-07-28 19:04 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys 2008-07-28 19:04 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys 2008-07-28 18:45 . 2008-07-28 18:45 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-07-28 18:07 . 2008-07-28 18:07 d-------- C:\Program Files\Yahoo! 2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-28 15:03 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-28 15:00 . 2008-07-28 15:00 d--h----- C:\WINDOWS\$hf_mig$ 2008-07-28 15:00 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache mcast.sys 2008-07-28 13:20 . 2008-07-28 13:20 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-07-28 13:20 . 2008-07-28 13:20 298,104 --a------ C:\WINDOWS\system32\imon.dll 2008-07-28 13:20 . 2008-07-28 13:20 15,424 --a------ C:\WINDOWS\system32\drivers od32drv.sys 2008-07-28 13:19 . 2008-07-28 13:19 d-------- C:\Program Files\Eset 2008-07-25 20:30 . 2008-07-25 20:30 d-------- C:\Program Files\w-w-w-dot-com 2008-07-20 20:40 . 2008-07-20 20:40 294 --ahs---- C:\WINDOWS\system32\hcsfoewl.ini 2008-07-20 15:42 . 2008-07-20 15:42 1,715,108 ---hs---- C:\WINDOWS\system32\hcsfoewl.tmp 2008-07-17 20:48 . 2008-07-17 20:48 268 --ah----- C:\sqmdata09.sqm 2008-07-15 23:28 . 2008-07-15 23:28 268 --ah----- C:\sqmdata07.sqm 2008-07-13 21:45 . 2008-07-13 21:45 268 --ah----- C:\sqmdata02.sqm 2008-07-13 21:45 . 2008-07-13 21:45 244 --ah----- C:\sqmnoopt03.sqm 2008-07-11 23:23 . 2008-07-11 23:23 64,317 --a------ C:\WINDOWS\system32\ekphwdkffvs.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-28 11:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache cpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache cpip6.sys 2008-06-09 08:30 --------- d-----w C:\Program Files\Lavasoft 2008-06-09 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-09 08:06 3,032 ----a-w C:\WINDOWS\system32\lbspvcxc.dll 2008-06-09 07:29 3,032 ----a-w C:\WINDOWS\system32\vyghayjn.dll 2008-06-09 07:28 3,032 ----a-w C:\WINDOWS\system32\ywxkyvtf.dll 2008-06-06 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender 2008-06-06 08:47 --------- d-----w C:\Documents and Settings\hamga\Application Data\Talkback 2008-06-01 20:20 --------- d-----w C:\Documents and Settings\hamga\Application Data\ItsLabel 2008-06-01 20:11 63,909 ----a-w C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe 2008-06-01 15:11 --------- d-----w C:\Documents and Settings\hamga\Application Data\vlc 2008-06-01 15:10 --------- d-----w C:\Program Files\VideoLAN 2008-06-01 15:10 --------- d-----w C:\Documents and Settings\hamga\Application Data\EoRezo 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-01-29 17:10 0 ----a-w C:\Documents and Settings\hamga\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:34 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "epm-dm"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704] "nod32kui"="C:\Program Files\Eset od32kui.exe" [2008-07-28 13:20 949376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:34 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Acer\Acer Arcade\PCMService.exe"= "C:\Program Files\Hercules\Hercules DualPix HD Webcam\Station2.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-12-08 14:02] S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-11-16 16:01] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://free.fr/ R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 20:33:27 Windows 5.1.2600 Service Pack 3 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . Temps d'accomplissement: 2008-07-29 20:33:49 ComboFix-quarantined-files.txt 2008-07-29 18:33:48 ComboFix2.txt 2008-07-29 18:26:22 Pre-Run: 14,816,313,344 octets libres Post-Run: 14,799,994,880 octets libres 143 --- E O F --- 2008-07-28 18:14:20

Destrio5 · Answer

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

clapasol · Answer

hello
voici le rapport , j'ai toujours une fenetre sur le bureau avec "ring tone" 

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 3

18:05:32 30/07/2008
mbam-log-7-30-2008 (18-05-32).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 84120
Temps écoulé: 1 hour(s), 24 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\XOBE\fetchdll33.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089903.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089904.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089922.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0091281.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP228\A0093794.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP233\A0098126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098441.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098929.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098931.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103823.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103825.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\htufcrhi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\suealgxt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wwjtveoi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\packet.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
 merci

clapasol · Answer

hello 
j'ai toujours sur le bureau "ring tone" comme fond de bureau


Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 3

18:05:32 30/07/2008
mbam-log-7-30-2008 (18-05-32).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 84120
Temps écoulé: 1 hour(s), 24 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\XOBE\fetchdll33.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089903.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089904.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0089922.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP227\A0091281.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP228\A0093794.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP233\A0098126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP234\A0098441.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098929.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP236\A0098931.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103801.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103823.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39138AFC-2562-464E-ABA0-3F3BA0BC3ED9}\RP242\A0103825.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\htufcrhi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\suealgxt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wwjtveoi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\packet.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{e7264c9e-ef49-a591-9f14-43af84f0a51c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Destrio5 · Answer

- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) : 
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/ 

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix

clapasol · Answer

COMME PROMIS VOICI LE RAPPORT DE SMITFRAUDFIX :

SmitFraudFix v2.332

Rapport fait à 22:13:56,82, 30/07/2008
Executé à partir de C:\Documents and Settings\hamga\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\hamga\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\hamga


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\hamga\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\hamga\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Destrio5 · Answer

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Poste le rapport SmitfraudFix et un nouveau rapport HijackThis

clapasol · Answer

bonjour
voici le rapport smitfraud :

SmitFraudFix v2.332

Rapport fait à 13:28:52,46, 31/07/2008
Executé à partir de C:\Documents and Settings\hamga\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B60BF79-167A-4F22-9B13-37B1662B3C12}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

clapasol · Answer

puis voici le rapport de HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:06, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Eset
od32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

Destrio5 · Answer

Ça s'améliore ?

clapasol · Answer

bonjour
je pense que mon probleme est resolu , je te remercie de ton aide precieuse , et merci au forum de "commentcamarche" .
cordialement
pascal

Destrio5 · Answer

Ok, je te conseille de faire un scan en ligne quand même :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

Ouverture de page de pub intempestive , ads .

16 réponses

Votre réponse

Discussions similaires

Newsletters