Embete par antivirxp08 Fermé

Question

Bonjour,
comment proceder pour retirer ce virus.Merci de bien m'expliquer car je suis un neophite en informatique.
merci d'avance davy.

Destrio5 · Answer

Salut,

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Luciole55 · Answer

Ok merci voila le rapport de antimalware.Tiens moi au courant pour la suite encore merci.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1024
Windows 5.1.2600 Service Pack 2

18:18:36 04/08/2008
mbam-log-8-4-2008 (18-18-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 142105
Temps écoulé: 29 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 38

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc1qsj0e91v (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc1qsj0e91v (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dycpmuyjoc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc1qsj0e91v (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc5qsj0e91v (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhc1qsj0e91v (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\rhc1qsj0e91v\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\lozinyxc\lerkhepm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axoxgnuh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hibsdsxy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klcfovkp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\rhc1qsj0e91v.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\rhc1qsj0e91v.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc1qsj0e91v\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Davy\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc5qsj0e91v.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc5qsj0e91v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5qsj0e91v.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc5qsj0e91v.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Fais ceci :

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

Luciole55 · Answer

c'est quoi MBAM?

Destrio5 · Answer

MBAM = MalwareByte's Anti-Malware

Luciole55 · Answer

oui c bon j avais trouvé pardonVoila le rapport de hijacktis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:08, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\vphc600.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Common\ebelsfed.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\Common\ebelsfed.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7CAEA561-4492-4861-87FF-8873F5A70DCE} - C:\WINDOWS\system32\ddcAQgde.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [actui] C:\WINDOWS\Common\ebelsfed.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [etglndwv] C:\WINDOWS\system32ydqvkdy.exe
O4 - HKCU\..\Run: [kzymcokr] C:\WINDOWS\system32\xstepslk.exe
O4 - HKCU\..\Run: [pglfzbae] C:\WINDOWS\system32\apizctmr.exe
O4 - HKCU\..\Run: [zkjzumga] C:\WINDOWS\system32\ifajcxwh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9cf9d1ec91c64ddcb281d3cb58e9b908
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9cf9d1ec91c64ddcb281d3cb58e9b908
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{5029929D-5932-4563-9C24-6EA5A5407F7A}: NameServer = 217.169.242.2 217.169.242.3
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: ddcDTmjg - ddcDTmjg.dll (file missing)
O21 - SSODL: AplSh - {42DBD87A-F983-3943-59CC-007DD75F6AEB} - C:\Program Files	dfppsd\AplSh.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

Destrio5 · Answer

Tu n'as pas d'antivirus. Installe Antivir et fais un scan complet :
https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId480658

Luciole55 · Answer

si j'ai avg en version gratuite mais pas de prob je telecharges antivir.sinon je dois faire quoi?merci d avance

Destrio5 · Answer

Non, tu as AVG Anti-Spyware.

Tu dois faire un scan complet avec Antivir comme indiqué dans le lien puis poster le rapport ici.

Avant de lancer le scan, tu mets à jour Antivir bien sûr.

Luciole55 · Answer

dois je desinstaller avg avant d installer antivir et une fois le scan antivir effectué est ce bon je nai plus rien a faire

Destrio5 · Answer

Ce n'est pas l'antivirus d'AVG que tu as mais l'antispyware donc tu peux le laisser.

"le scan antivir effectué est ce bon je nai plus rien a faire"
---> Je ne pense pas vu l'infection que tu as chopé mais on pourra finir demain si t'es fatigué.

Luciole55 · Answer

je t envoies cela demain .a plus et merci davy

Destrio5 · Answer

Ok, ça roule.

Luciole55 · Answer

Bonjour voila le rapport de antivir.En attendant tes instructions.merci davy
Avira AntiVir Personal
Report file date: mardi 5 août 2008  09:35

Scanning for 1533850 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    ATHLON

Version information:
BUILD.DAT     : 8.1.0.326      16933 Bytes  11/07/2008 12:57:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  26/06/2008 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 22:10:30
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 13:54:15
ANTIVIR2.VDF  : 7.0.5.207    2316800 Bytes  04/08/2008 22:11:30
ANTIVIR3.VDF  : 7.0.5.213      37888 Bytes  05/08/2008 07:35:00
Engineversion : 8.1.1.15  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  09/07/2008 08:46:50
AESCRIPT.DLL  : 8.1.0.61      311675 Bytes  04/08/2008 22:12:03
AESCN.DLL     : 8.1.0.23      119156 Bytes  04/08/2008 22:12:00
AERDL.DLL     : 8.1.0.20      418165 Bytes  09/07/2008 08:46:50
AEPACK.DLL    : 8.1.2.1       364917 Bytes  04/08/2008 22:11:59
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes  04/08/2008 22:11:55
AEHEUR.DLL    : 8.1.0.44     1343863 Bytes  04/08/2008 22:11:54
AEHELP.DLL    : 8.1.0.15      115063 Bytes  09/07/2008 08:46:50
AEGEN.DLL     : 8.1.0.32      315765 Bytes  04/08/2008 22:11:41
AEEMU.DLL     : 8.1.0.7       430452 Bytes  04/08/2008 22:11:38
AECORE.DLL    : 8.1.1.8       172406 Bytes  04/08/2008 22:11:36
AEBB.DLL      : 8.1.0.1        53617 Bytes  24/04/2008 08:50:42
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes  04/08/2008 22:11:34
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 5 août 2008  09:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'TrayMin.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SpyHunter3.exe' - '1' Module(s) have been scanned
Scan process 'ebelsfed.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'vphc600.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\Davy\Local Settings\Temp\.tt22.tmp
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '490c03c5.qua'!
C:\Documents and Settings\Davy\Local Settings\Temporary Internet Files\Content.IE5\3E87571Y\amateur-xxx-sex_com[1].htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '48f903d6.qua'!
C:\Documents and Settings\Davy\Local Settings\Temporary Internet Files\Content.IE5\6VCA6S0Z\greatladymovies_com[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
    [NOTE]      The file was moved to '48fd0412.qua'!
C:\Documents and Settings\Davy\Local Settings\Temporary Internet Files\Content.IE5\90E5GHLG\greatladymovies_com[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
    [NOTE]      The file was moved to '48fd044c.qua'!
C:\Documents and Settings\Davy\Local Settings\Temporary Internet Files\Content.IE5\I7ZKLMK1\index[2].htm
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '48fc04c6.qua'!
C:\Documents and Settings\Davy\Local Settings\Temporary Internet Files\Content.IE5\I7ZKLMK1	hefuckingvideos_com[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
    [NOTE]      The file was moved to '48fd04d1.qua'!
C:\Program Files\eMule\Incoming\Avast.Antivirus.Pro.v4.7.892.FR.Incl-Keygen.rar
    [0] Archive type: RAR
    --> Keygen\keygen.exe
      [DETECTION] Is the TR/Dldr.Delf.ihy Trojan
    [NOTE]      The file was moved to '48f90893.qua'!
C:\QooBox\Quarantine\catchme2008-04-26_221309,70.zip
    [0] Archive type: ZIP
    --> fccdbArr.dll
      [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '490c0bb6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccdbArr.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to '48fb0bbd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fykpbocd.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE]      The file was moved to '49030bd5.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000049.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was moved to '48c80b92.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000056.exe
      [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c80b95.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000057.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c80b96.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000058.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c80b98.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000059.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c80b9a.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000064.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.XPAntivirus.NK phishing file/email
    [NOTE]      The file was moved to '48c80b9c.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000068.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c80b9f.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000070.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE]      The file was moved to '48c80ba2.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000071.exe
    [DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
    [NOTE]      The file was moved to '48c80ba3.qua'!
C:\System Volume Information\_restore{41B690CA-C048-4E91-897F-30BB9B7FEFEF}\RP5\A0000072.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE]      The file was moved to '48c80ba5.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING]   The file could not be opened!


End of the scan: mardi 5 août 2008  10:23
Used time: 47:54 Minute(s)

The scan has been done completely.

   6614 Scanning directories
 270168 Files were scanned
     18 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     20 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 270146 Files not concerned
   1995 Archives were scanned
      2 Warnings
     20 Notes

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: (no name) - Software - (no file) 

O2 - BHO: (no name) - {7CAEA561-4492-4861-87FF-8873F5A70DCE} - C:\WINDOWS\system32\ddcAQgde.dll (file missing) 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [actui] C:\WINDOWS\Common\ebelsfed.exe 

O4 - HKCU\..\Run: [etglndwv] C:\WINDOWS\system32ydqvkdy.exe

O4 - HKCU\..\Run: [kzymcokr] C:\WINDOWS\system32\xstepslk.exe

O4 - HKCU\..\Run: [pglfzbae] C:\WINDOWS\system32\apizctmr.exe

O4 - HKCU\..\Run: [zkjzumga] C:\WINDOWS\system32\ifajcxwh.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') 

O8 - Extra context menu item: Crawler Search - tbr:iemenu 

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll 

O20 - Winlogon Notify: ddcDTmjg - ddcDTmjg.dll (file missing) 

O21 - SSODL: AplSh - {42DBD87A-F983-3943-59CC-007DD75F6AEB} - C:\Program Files	dfppsd\AplSh.dll 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Télécharge OTMoveIt2 à partir du lien ci-dessous : 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.



C:\Program Files	dfppsd\
C:\WINDOWS\Common\ebelsfed.exe
C:\WINDOWS\system32ydqvkdy.exe
C:\WINDOWS\system32\xstepslk.exe
C:\WINDOWS\system32\apizctmr.exe
C:\WINDOWS\system32\ifajcxwh.exe
C:\PROGRA~1\Crawler\



---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES. 

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles. 

---> Redémarre et poste un nouveau rapport HijackThis

Luciole55 · Answer

Voila les rapports Movelt:il y en a 3 :
File/Folder  not found.
File/Folder C:\ProgramDatasiwakrt\izmbylil.exe not found.
File/Folder C:\ProgramData\ovwgcjgs\qpqdwtgz.exe not found.
File/Folder C:\ProgramData\eisindhs\jwlyrcvk.exe not found.
File/Folder C:\ProgramData\kdahorml\szyxuril.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04262008_225220

2eme:
File/Folder C:\DOWNLO~1\Software\RFONLI~1.EXE not found.
File/Folder C:\ProgramDatasiwakrt\izmbylil.exe not found.
File/Folder C:\ProgramData\ovwgcjgs\qpqdwtgz.exe not found.
File/Folder C:\ProgramData\eisindhs\jwlyrcvk.exe not found.
File/Folder C:\ProgramData\kdahorml\szyxuril.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04262008_225253

le 3eme:
C:\Program Files	dfppsd moved successfully.
C:\WINDOWS\Common\ebelsfed.exe moved successfully.
File/Folder C:\WINDOWS\system32ydqvkdy.exe not found.
File/Folder C:\WINDOWS\system32\xstepslk.exe not found.
File/Folder C:\WINDOWS\system32\apizctmr.exe not found.
File/Folder C:\WINDOWS\system32\ifajcxwh.exe not found.
C:\PROGRA~1\Crawler\Toolbar\WSGData\domains moved successfully.
C:\PROGRA~1\Crawler\Toolbar\WSGData moved successfully.
C:\PROGRA~1\Crawler\Toolbar\Update moved successfully.
C:\PROGRA~1\Crawler\Toolbar\TempDir moved successfully.
C:\PROGRA~1\Crawler\Toolbar\TBR5LanguageAct moved successfully.
C:\PROGRA~1\Crawler\Toolbar\STWSGLanguageAct moved successfully.
C:\PROGRA~1\Crawler\Toolbar\Languages moved successfully.
C:\PROGRA~1\Crawler\Toolbar moved successfully.
C:\PROGRA~1\Crawler\Download moved successfully.
C:\PROGRA~1\Crawler moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_185744


Je pense avoir repondu pour movelt.dis moi si c'est ce que tu attendais.merci Pour hitjackis ca suit

Luciole55 · Answer

Voila le rapport hijackthis:En attendant tes prochaines instructions Merci d'avance:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:57, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\vphc600.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: TrayMin.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9cf9d1ec91c64ddcb281d3cb58e9b908
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9cf9d1ec91c64ddcb281d3cb58e9b908
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{5029929D-5932-4563-9C24-6EA5A5407F7A}: NameServer = 217.169.242.2 217.169.242.3
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

Destrio5 · Answer

Tu as encore des problèmes ou on peut passer à la dernière étape ?

Luciole55 · Answer

non plus de probleme avec antirvirxp08 pas de probleme de fonds d ecran donc je pense qu'on peut passer a la derniere eytape et encore merci

Destrio5 · Answer

---> Désinstalle HijackThis

---> Supprime OTMoveIt2 et le dossier _OTMoveIt qui se trouve dans C:\

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

Luciole55 · Answer

j'ai fait tout ca que dois je faire maintenant a part te dire merci et meme ca je pense que ca ne suffit pas

Destrio5 · Answer

Tu dois me promettre de faire plus attention sur Internet.

Luciole55 · Answer

Ok fini les ballades denudées j ai eu trop peur encore merci.

Embete par antivirxp08

23 réponses

Discussions similaires