"Your computer is infectef"

Question

Bonjour,



Hier soir, j'ai reçu ce message d'erreur : "Your Computer is infected" en bas à droite près de l'horloge avec une croix dans un rond rouge. J'ai fais plusieurs Scan avec avast et autres logiciels anti-spyware, mais cela n'arrange rien, et
fréquemment un gros message qui s'ouvre m'annonçant que je suis victime d'un spyware (boite de dialogue "xp center infected" + diverses pop-up.

Tous les logiciels ne trouvent aucuns spyware. Comment retirer ces messages
et remettre mon pc en ordre ?

merci d'avances

sherred · Answer

bonjour
on commence par le comencement
télecharge ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html


Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton Do a system scan only

Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
il  suffit de realiser un copier/coller et de le poster dans le forum

sherred · Answer

pour ne pas perdre de temps
quand tu aura posté le rapport
Télécharge Smitfraudfix  http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Décompresse l'archive 
Exécute le en double cliquant sur Smitfraudfix.cmd 
Appuye sur une touche pour continuer 
Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française 
Au menu, choisir l&#8217;option 1 : Recherche 
Poste le rapport ainsi généré dans le forum

djmagicstef · Answer

Bonjou, 

Merci de la rapidité de réponse.

je suis actuellement au travail, je ferais donc le nécessaire ce soir et posterais les rapport ici.

Stef

Stéphane GOMEZ · Answer

je ne sais pas si c'est ça, 

j'ai lancé hijackthis et tout ce que j'ai pus prendre en copier coller c'est ça :

* Trend Micro HijackThis v2.0.2 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

 R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
 F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
 N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
 O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
 * Added O23 (NT Services) in light of newer trojans
 * Integrated ADS Spy into Misc Tools section
 * Added 'Action taken' to info in 'More info on this item'
[v1.98]
 * Definitive support for Japanese/Chinese/Korean systems
 * Added O20 (AppInit_DLLs) in light of newer trojans
 * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
 * Added O22 (SharedTaskScheduler) in light of newer trojans
 * Backups of fixed items are now saved in separate folder
 * HijackThis now checks if it was started from a temp folder
 * Added a small process manager (Misc Tools section)
[v1.96]
 * Lots of bugfixes and small enhancements! Among others:
 * Fix for Japanese IE toolbars
 * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
 * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
 * Added several files to the LSP whitelist
 * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
 * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
 * Added a new regval to check for from Whazit hijack (Start Page_bak).
 * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
 * New in logfile: Running processes at time of scan.
 * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
 * New O19 method to check for Datanotary hijack of user stylesheet.
 * Google.com IP added to whitelist for Hosts file check.
[v1.94]
 * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
 * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
 * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
 * Fixed a bug where DPF could not be deleted.
 * Fixed a stupid bug in enumeration of autostarting shortcuts.
 * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
 * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
 * Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
 * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
 * Fixed a bug in LSP routine for Win95. 
 * Made taborder nicer.
 * Fixed a bug in backup/restore of IE plugins.
 * Added UltimateSearch hijack in O17 method (I think). 
 * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
 * Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
 * Fixed two stupid bugs in backup restore function. 
 * Added DiamondCS file to LSP files safelist.
 * Added a few more items to the protocol safelist.
 * Log is now opened immediately after saving. 
 * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
 * Updated integrated StartupList to v1.52.
 * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
 * Rudimentary proxy support for the Check for Updates function.
[v1.91]
 * Added rd.yahoo.com to the Nonstandard But Safe Domains list. 
 * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
 * Added listing of programs/links in Startup folders (O4).
 * Fixed 'Check for Update' not detecting new versions.
[v1.9]
 * Added check for Lop.com 'Domain' hijack (O17).
 * Bugfix in URLSearchHook (R3) fix.
 * Improved O1 (Hosts file) check.
 * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
 * Added AutoConfigURL and proxyserver checks (R1).
 * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
 * Added check for extra protocols (O18).
[v1.81]
 * Added 'ignore non-standard but safe domains' option.
 * Improved Winsock LSP hijackers detection.
 * Integrated StartupList updated to v1.4.
[v1.8]
 * Fixed a few bugs.
 * Adds detecting of free.aol.com in Trusted Zone.
 * Adds checking of URLSearchHooks key, which should have only one value.
 * Adds listing/deleting of Download Program Files.
 * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
 * Improves detecting of O6.
 * Some internal changes/improvements.
[v1.7]
 * Adds backup function! Yay!
 * Added check for default URL prefix
 * Added check for changing of IERESET.INF
 * Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
 * Fixes Runtime Error when Hosts file is empty.
[v1.6]
 * Added enumerating of MSIE plugins
 * Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
 * Adds 'Uninstall & Exit' and 'Check for update online' functions. 
 * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
 * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
 * A few bugfixes/enhancements
[v1.3]
 * Adds detecting of extra MSIE context menu items
 * Added detecting of extra 'Tools' menu items and extra buttons
 * Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
 * Adds 'Ignorelist' and 'Info' functions
[v1.1]
 * Supports BHO's, some default URL changes
[v1.0]
 * Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.












Je fais la suite avec Smitfraudfix et je poste le rapport

Stéphane GOMEZ · Answer

help : dans le fichier Smitfraudfix, une fois décompressé, je n'ai pas de "Smitfraudfix.cmd"

je dois faire comment ?

Stéphane GOMEZ · Answer

C'est bon, j'ai le rapport

SmitFraudFix v2.333

Rapport fait à 19:49:36,57, 05/08/2008
Executé à partir de D:\Program Files\Mozilla Thunderbird\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\braviax.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Thunderbird	hunderbird.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\eMule\emule.exe
D:\Program Files\Mozilla Thunderbird\SmitfraudFix\Policies.exe
D:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 channels.lockergnome.com
127.0.0.1 mobile.lockergnome.com
127.0.0.1 microsoft.com.org
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\St‚phane GOMEZ


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\St‚phane GOMEZ\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\STPHAN~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{350E771A-A195-41D2-8F0D-1CC2D6641851}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{350E771A-A195-41D2-8F0D-1CC2D6641851}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{350E771A-A195-41D2-8F0D-1CC2D6641851}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


j'attends vos conseil pourl a suite

et encore merci pour votre aide :-)

sherred · Answer

bonjour stéphane
pour hijack   c'est pas ce que jai demandé
tu a du cliquer sur info 
donc je reprecise clique sur le bouton     Do a system scan only
le scan de hijack va s'afficher et une copie sous forme de fichier bloc note
que tu peu encore retrouver sous le nom de hijackthis.log
normalement ici C:\Program Files\Trend Micro\HijackThis\
fait un clic droit dessus et fait " ouvrir avec"  puis choisi le bloc note
fait un copier collé
et reposte le
ensuite
démarre en mode sans échec  sans prise en charge du réseau"tapote la touche F8 au démarrage"  

Lance de nouveau SmitfraudFix et choisi l&#8217;option 2 en répondant OUI (o) à la question qui te sera posée

sherred · Answer

aprés tu refait un hijack   merci

Stéphane GOMEZ · Answer

Je pense que c'est ça :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25:52, on 06/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\WINDOWS\system32\braviax.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Dans ton Cul !!!\Telecharger d'internet\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {8A11BBE3-E0B5-40FB-9D86-E08A52B51B47} - (no file)
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Windows\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe]           H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKLM\..\Run: [  H„„„„„„„„„„‚‚‚‚‚‚exe]             H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKLM\..\Run: [] øexe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [XP SecurityCenter] "D:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe]           H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKCU\..\Run: [  H„„„„„„„„„„‚‚‚‚‚‚exe]             H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKCU\..\Run: [] øexe
O4 - HKCU\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'Default user')
O4 - Global Startup: Assistant de traduction IdiomaX.lnk = D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://imageshack.com/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xokvrpwg - {AD0AA912-C771-479C-9D0A-8D681CA5AB9E} - D:\WINDOWS\xokvrpwg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

sherred · Answer

bon bah ya du boulot

suit bien ceci

Ouvre le bloc note et copie/colle dans ce bloc note ce qui suit. 
del D:\WINDOWS\system32\braviax.exe
del D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe	

enregistre le sous le nom de    delbrav.bat  sur ton bureau

  en mode sans echec
tu redemarre hijack     
tu coche 
O4 - HKLM\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
D:\WINDOWS\system32\braviax.exe

puis tu clic 2fois sur delbrav.bat

tu redemarre en normale et tu me reposte un rapport hijack

Utilisateur anonyme · Answer

bonjour a vous 

pour suivre tres interessant ce topic

bon courage

a+

sherred · Answer

ton aide est la bien venue 

je ne suis pas a l'abris d'erreur
et je crois qu'il y a un beau bordel

merci

Utilisateur anonyme · Answer

je pense que xp est piraté et qu'il y a une infection msn

Stéphane GOMEZ · Answer

Je te fais ça ce soir en rentrant du boulot !

Non, XP n'est pas piraté, il m'a été fourni lorsque j'ai acheté mon pc sur "rueducommerce".

En ce qui concerne les lignes bizarres, c'est comme ça qu'elles étaient notées dans le rapport (bloc note)

merci encore

Utilisateur anonyme · Answer

ok 

mais j'ai vu cela 

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') 

c'est pour cela que j'ai poser la question c'est tout

bon courage

Stéphane GOMEZ · Answer

J'avoue que je ne comprends rien à tout ce qui est marqué dans les rapports et à quoi cela correspond donc excusez mon ignorance :-)

stef

Stéphane GOMEZ · Answer

Voici le rapport

J'espère que ce n'est pas si désastreux et que l'on va enfin sortir de ce merdier !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:11, on 06/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {8A11BBE3-E0B5-40FB-9D86-E08A52B51B47} - (no file)
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Windows\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [] øexe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XP SecurityCenter] "D:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe]           H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKCU\..\Run: [  H„„„„„„„„„„‚‚‚‚‚‚exe]             H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKCU\..\Run: [] øexe
O4 - HKCU\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'Default user')
O4 - Global Startup: Assistant de traduction IdiomaX.lnk = D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://imageshack.com/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xokvrpwg - {AD0AA912-C771-479C-9D0A-8D681CA5AB9E} - D:\WINDOWS\xokvrpwg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

sherred · Answer

bon c'est pas gagné
1)................................................................................................
Télécharge OTMoveIt2  sur ton bureau  http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 
 Double-clique sur OTMoveIt.exe pour lancer le programme, 
 Copie la ligne ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" 

D:\WINDOWS\system32\braviax.exe

 Clique sur MoveIt! pour lancer la suppression, 
 Le résultat appraraîtra dans le cadre Results. 
 Clique sur Exit pour fermer le programme.
2)................................................................................................
Télécharge combofix.exe  sur ton Bureau. 

 http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Redémarre ton PC en mode sans échec.
 Double clique combofix.exe. 
 Tape sur la touche 1 (Yes) pour démarrer le scan. 
 Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
3.......................................................................................................

MalwareBytes' Anti-Malware

Passe un coup de MalwareBytes' Anti-Malware : met-le à jour avant, puis effectue le scan en( mode sans échec) et nettoye tout ce qu'il trouve.
http://site-naheulbeuk.com/
Tuto : http://mickael.barroux.free.fr/securite/malwarebytes.php
4............................................................................
reposte un rapport Hijack

Stéphane GOMEZ · Answer

Rapport combofix

ComboFix 08-08-06.02 - Administrateur 2008-08-07 7:23:22.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1763 [GMT 2:00]
Endroit: C:\Dans ton Cul !!!\Telecharger d'internet\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[color=red]D:\WINDOWS\system32\dllcache\beep.sys[/color]
[color=red]D:\WINDOWS\system32\drivers\beep.sys[/color]
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter\Uninstall.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter\XPSecurityCenter.lnk
D:\Documents and Settings\Stéphane GOMEZ\Local Settings\Temporary Internet Files\iduramito.lib
D:\Program Files\PCHealthCenter
D:\Program Files\PCHealthCenter\[u]0[/u].exe
D:\Program Files\PCHealthCenter\[u]0[/u].gif
D:\Program Files\PCHealthCenter\1.exe
D:\Program Files\PCHealthCenter\1.gif
D:\Program Files\PCHealthCenter\2.exe
D:\Program Files\PCHealthCenter\2.gif
D:\Program Files\PCHealthCenter\3.exe
D:\Program Files\PCHealthCenter\3.gif
D:\Program Files\PCHealthCenter\4.exe
D:\Program Files\PCHealthCenter\5.exe
D:\Program Files\PCHealthCenter\7.exe
D:\Program Files\PCHealthCenter\sex1.ico
D:\Program Files\PCHealthCenter\sex2.ico
D:\Program Files\VAV
D:\Program Files\VAV\vav.cpl
D:\Program Files\VAV\vav.ooo
D:\Program Files\VAV\vav0.dat
D:\Program Files\VAV\vav1.dat
D:\Program Files\XPSecurityCenter
D:\Program Files\XPSecurityCenter\data\daily.cvd
D:\Program Files\XPSecurityCenter\htmlayout.dll
D:\Program Files\XPSecurityCenter\install.exe
D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
D:\Program Files\XPSecurityCenter\pthreadVC2.dll
D:\Program Files\XPSecurityCenter\un.ico
D:\Program Files\XPSecurityCenter\unzip32.dll
D:\Program Files\XPSecurityCenter\wscui.cpl
D:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg
D:\Program Files\XPSecurityCenter\XPSecurityCenter.dll
D:\WINDOWS\ebdx.exe
D:\WINDOWS\system32\dllcache\figaro.sys
D:\WINDOWS\system32\ljJDVnlK.dll
D:\WINDOWS\system32\sex2.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
.

2008-08-07 07:29 . 2008-08-07 07:29 <REP> d-------- D:\WINDOWS\system32\xircom
2008-08-07 07:29 . 2008-08-07 07:29 <REP> d-------- D:\WINDOWS\system32\oobe
2008-08-07 07:29 . 2008-08-07 07:29 <REP> d-------- D:\Program Files\microsoft frontpage
2008-08-05 19:50 . 2008-08-06 07:35 5,292 --a------ D:\WINDOWS\system32\tmp.reg
2008-08-04 23:33 . 2007-01-18 14:00 3,968 --a------ D:\WINDOWS\system32\drivers\AvgArCln.sys
2008-08-04 23:26 . 2008-08-04 23:26 19,591 --a------ D:\Documents and Settings\All Users\Application Data\ybeso.scr
2008-08-04 21:01 . 2008-08-04 21:07 217 --a------ D:\WINDOWS\system32\tdssservers.da_
2008-08-04 20:25 . 2008-08-04 21:07 32,768 --a------ D:\WINDOWS\system32\tdssadw.dl_
2008-08-04 20:25 . 2008-08-04 21:07 10,240 --a------ D:\WINDOWS\system32\tdsslog.dl_
2008-08-04 20:25 . 2008-08-04 21:07 9,216 --a------ D:\WINDOWS\system32\tdssmain.dl_
2008-08-04 20:25 . 2008-08-04 23:35 7,652 --a------ D:\WINDOWS\system32\tdssinit.dl_
2008-08-04 20:24 . 2008-08-04 21:07 32,768 --a------ D:\WINDOWS\system32\drivers\tdssserv.sy_
2008-08-04 20:24 . 2008-08-04 21:07 14,848 --a------ D:\WINDOWS\system32\tdssl.dl_
2008-08-04 20:23 . 2008-08-04 18:24 86,016 --a------ D:\WINDOWS\lnvegaow.exe
2008-08-04 20:11 . 2008-08-04 20:11 244 --ah----- D:\sqmnoopt02.sqm
2008-08-04 20:11 . 2008-08-04 20:11 232 --ah----- D:\sqmdata02.sqm
2008-08-03 00:09 . 2008-08-03 00:09 <REP> d-------- D:\Program Files\Apple Software Update
2008-08-03 00:09 . 2008-08-03 00:09 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2008-07-31 22:29 . 2004-03-29 17:23 90,112 --a------ D:\WINDOWS\unvise32.exe
2008-07-25 10:00 . 2008-07-25 10:00 <REP> d-------- D:\Documents and Settings\Choupette\Application Data\Nero
2008-07-25 08:48 . 2008-06-20 12:44 360,960 --------- D:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-25 08:48 . 2008-06-20 19:37 247,808 --------- D:\WINDOWS\system32\dllcache\mswsock.dll
2008-07-25 08:48 . 2008-06-20 11:32 225,920 --------- D:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-25 08:48 . 2008-06-20 12:44 138,368 --------- D:\WINDOWS\system32\dllcache\afd.sys
2008-07-25 08:48 . 2006-08-16 14:13 100,352 --------- D:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-23 21:58 . 2008-08-06 00:16 69 --a------ D:\WINDOWS\NeroDigital.ini
2008-07-23 21:44 . 2008-07-23 21:44 <REP> d-------- D:\Program Files\NeroInstall.bak
2008-07-23 15:00 . 2008-07-31 21:00 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-07-23 15:00 . 2008-07-23 15:00 1,409 --a------ D:\WINDOWS\QTFont.for
2008-07-22 20:55 . 2007-04-09 13:23 28,040 --a------ D:\WINDOWS\system32\mdimon.dll
2008-07-22 20:53 . 2008-07-22 20:54 <REP> d-------- D:\WINDOWS\SHELLNEW
2008-07-22 20:53 . 2008-07-22 20:53 <REP> d-------- D:\Program Files\Microsoft.NET
2008-07-21 17:53 . 2008-07-21 17:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-21 16:08 . 2008-07-21 16:08 8,192 --a------ D:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 05:04 --------- d-----w D:\Program Files\Mozilla Thunderbird
2008-08-04 21:26 17,732 ----a-w D:\WINDOWS\miqyd.bat
2008-08-04 21:26 16,956 ----a-w D:\WINDOWS\jogo.pif
2008-08-04 21:26 16,910 ----a-w D:\WINDOWS\migem.vbs
2008-08-04 21:26 12,056 ----a-w D:\WINDOWS\agexit.bin
2008-08-04 21:26 10,787 ----a-w D:\WINDOWS\bekexo.vbs
2008-08-04 18:49 --------- d-----w D:\Documents and Settings\Choupette\Application Data\Skype
2008-08-04 18:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 16:35 --------- d-----w D:\Documents and Settings\Choupette\Application Data\skypePM
2008-08-02 22:10 --------- d-----w D:\Program Files\QT Lite
2008-07-31 14:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-24 13:52 --------- d-----w D:\Program Files\Vimicro
2008-07-23 19:42 --------- d-----w D:\Program Files\Fichiers communs\Nero
2008-07-23 19:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-07-22 18:53 --------- d-----w D:\Program Files\Windows Messaging
2008-07-21 09:20 --------- d-----w D:\Program Files\Java
2008-07-05 20:53 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-07-05 19:17 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2008-07-02 16:39 --------- d-----w D:\Program Files\Windows Live Safety Center
2008-06-20 10:44 360,960 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w D:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:33 --------- d-----w D:\Documents and Settings\Choupette\Application Data\Syntrillium
2008-06-17 05:27 --------- d-----w D:\Program Files\Fichiers communs\IdiomaX Uninstall
2008-06-17 05:27 --------- d-----w D:\Program Files\Fichiers communs\IdiomaX Shared
2008-06-17 05:26 --------- d-----w D:\Program Files\IdiomaX
2008-06-14 17:59 272,768 ------w D:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 19:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-07 14:45 --------- d-----w D:\Program Files\OpenAL
2008-04-07 21:24 15,397 -c--a-w D:\Program Files\settings.dat
2008-02-03 21:38 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-05-03 10:06 163,328 --sh--r D:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r D:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w D:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w D:\WINDOWS\system32\VistaUltm.dll
.

------- Sigcheck -------

2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 D:\WINDOWS\system32\winlogon.exe

2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa D:\WINDOWS\system32\drivers\ndis.sys

2007-12-18 04:04 2437632 61381c1b4c0374569fbbf20ff9be199c D:\WINDOWS\system32\ntkrnlpa.exe

2007-12-18 04:04 2302976 eb0349334ecad45736daf747222b0f0d D:\WINDOWS\system32\ntoskrnl.exe

2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 D:\WINDOWS\explorer.exe

2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c D:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H„„„„„„„„„„‚‚‚‚‚‚exe"=" H„„„„„„„„„„‚‚‚‚‚‚exe" [X]
" H„„„„„„„„„„‚‚‚‚‚‚exe"=" H„„„„„„„„„„‚‚‚‚‚‚exe" [X]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2007-12-18 04:04 25088]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 01:05 630784]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:07 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 15:49 16377344 D:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="D:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 04:04 12451]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\TrackMania United\\TmUnited.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Si3124;Si3124;D:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 04:04]
R0 Si3132r5;Si3132r5;D:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 04:04]
R0 Si3531;Si3531;D:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 04:04]
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 NMSAccessU;NMSAccessU;c:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 Viewpoint Manager Service;Viewpoint Manager Service;D:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
R3 usbstor;Pilote de stockage de masse USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]
S2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
S3 usbscan;Pilote de scanneur USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S4 Boonty Games;Boonty Games;D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-05-25 23:15]

*Newly Created Service* - HELPSVC
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-06 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-07 D:\WINDOWS\Tasks\MP Scheduled Scan.job
- D:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-{8A11BBE3-E0B5-40FB-9D86-E08A52B51B47} - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKCU-Run-| - (no file)
HKLM-Run-Sidebar - C:\Program Files\Windows Sidebar\sidebar.exe
HKLM-Run-UberIcon - C:\Program Files\UberIcon\UberIcon Manager.exe
HKLM-Run-VisualTaskTips - C:\Windows\System32\VisualTaskTips.exe
HKLM-Run-Vistadrv - C:\Windows\system32\Vistadrive\vsdrv.exe
HKLM-Run-Styler - C:\Program Files\styler\Styler.exe
HKLM-Run-XP SecurityCenter - D:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
HKLM-Run-| - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Stéphane GOMEZ\Application Data\Mozilla\Firefox\Profiles\p70frfya.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 07:31:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: D:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-07 7:34:31 - machine was rebooted [St‚phane GOMEZ]
ComboFix-quarantined-files.txt 2008-08-07 05:34:28

Pre-Run: 2,694,410,240 octets libres
Post-Run: 3,082,665,984 octets libres

281 --- E O F --- 2008-08-07 01:54:35

Stéphane GOMEZ · Answer

Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:37, on 2008-08-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe]           H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKCU\..\Run: [  H„„„„„„„„„„‚‚‚‚‚‚exe]             H„„„„„„„„„„‚‚‚‚‚‚exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans	scuinst.vbs" (User 'Default user')
O4 - Global Startup: Assistant de traduction IdiomaX.lnk = D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://imageshack.com/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe

Utilisateur anonyme · Answer

bonjour

je vais analyser le rapport combo il a pas mal bosser 

fais ceci 

> Télécharge, puis installe MSNFix (de !aur3n7) : http://sosvirus.changelog.fr/MSNFix.zip , tuto de Malekal : https://www.malekal.com/supprimer-virus-desinfecter-pc/ (si tu as besion).
- Décompresse donc le dossier zip MSNFix et lance le fichier "MSNFix.bat". Une fenêtre bleue doit apparaitre.
- Mets l'interface en français en appuyant sur la touche F puis sur Entrée.
- Lance la recherche de virus en appuyant sur la touche R puis sur Entrée.
Si un virus est détecté, il te sera alors demandé de nettoyer l'ordinateur.
Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.
- Poste le rapport qui s'ouvre en fin de nettoyage sur le forum stp.

Si ta barre "Démarrer" ne s'affiche toujours pas, il suffit de faire :
Ctrl + Alt + Suppr (sous Windows XP), ou Ctrl + Maj + Echap (sous Windows Vista) pour ouvrir le Gestionnaire de tâches Windows.
- Fais ensuite "Fichier", puis "Nouvelle tâche" et entre explorer.exe dans la fenêtre qui apparait et finis par "OK".

- redémarre ton ordinateur pour achever le nettoyage !


le rapport est enregistré par défaut dans le dossier MSNFix sous le nom date_heure.txt (15012008_2153.txt). 
Cela permet de conserver les rapports de plusieurs passages de MSNFix.

crackultime · Answer

salut il vient de m arriver la meme chose à l instant anti virus et spyware n arrive pas à l enlever (solution windows défender) attention cette cochonerie te désactive ton pare feu!! si tu n as pas windows défender télécharge le et fait les mises à jours il est gratuit bye ne te fait pas de soucis ca va fonctinner

"Your computer is infectef"

22 réponses

Votre réponse

Discussions similaires

Newsletters