aider moi SVP virus antivirus XP 2008 Fermé

Question

Bonjour,

alors voila j'ai choper un virus ( antivirus XP 2008 ) si quelqu'un pouvais m'aider sa serais vraiment gentil a lui ... 
Mon fond d'ecran est devenus bleu avec warning ... 
J'ai été sur d'autre forum et j'ai vu qu'il fallait faire une annalise avec HijackThis.
Si quelqu'un pouvais regarder mon rapport sa serait vraiment sympas.

merci d'avance a tous.

Utilisateur anonyme · Answer

Salut

post le rapport hijackthis stp

pablomica · Answer

Bonjour

merci de m'avoir repondut si rapidement voila mon rapport 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:42, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\WiPen\wpmanage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\rhctf3j0elt3\rhctf3j0elt3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\pphcpf3j0elt3.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Hiajckthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C57CB69-EC1F-4FF3-916F-52151AABC187} - C:\WINDOWS\system32\geBsrRkk.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (file missing)
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [WiPen] C:\Program Files\WiPen\wpmanage.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [lphcpf3j0elt3] C:\WINDOWS\system32\lphcpf3j0elt3.exe
O4 - HKLM\..\Run: [SMrhctf3j0elt3] C:\Program Files\rhctf3j0elt3\rhctf3j0elt3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer = 212.27.53.252,212.27.54.252
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: geBsrRkk - C:\WINDOWS\SYSTEM32\geBsrRkk.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Lettriq Drivers Auto Removal (pr2aqb2b) (pr2aqb2b) - Vocabelum Inc - C:\WINDOWS\system32\pr2aqb2b.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

http://siri.urz.free.fr/Fix/SmitfraudFix.exe 

Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp.

pablomica · Answer

merci 

voila le rapport

SmitFraudFix v2.334

Rapport fait à  0:13:30,94, 10/08/2008
Executé à partir de C:\Program Files\FlashGet\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\WiPen\wpmanage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Fileshctf3j0elt3hctf3j0elt3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\pphcpf3j0elt3.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Hiajckthis\HijackThis.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\FlashGet\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\paul


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\paul\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\perfc000.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Gigabyte GN-WB01GS USB WLAN Card #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

Description: Gigabyte GN-WB01GS USB WLAN Card #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CCS\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61B1B018-E560-474C-8881-E496BA34CDF1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88299DE9-6717-47A8-94D6-8D2EC52438B2}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS1\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61B1B018-E560-474C-8881-E496BA34CDF1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88299DE9-6717-47A8-94D6-8D2EC52438B2}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS3\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{61B1B018-E560-474C-8881-E496BA34CDF1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88299DE9-6717-47A8-94D6-8D2EC52438B2}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

# Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
---------------------------------------------------------------------------- 
# Relance le programme Smitfraud : 
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

pablomica · Answer

voila j'ai fait tous merci de m'aider c'est vraiment gentil 

SmitFraudFix v2.334

Rapport fait à  0:47:12,12, 10/08/2008
Executé à partir de C:\Program Files\FlashGet\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CCS\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61B1B018-E560-474C-8881-E496BA34CDF1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{88299DE9-6717-47A8-94D6-8D2EC52438B2}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS1\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61B1B018-E560-474C-8881-E496BA34CDF1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{88299DE9-6717-47A8-94D6-8D2EC52438B2}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer=212.27.32.176,212.27.32.177
HKLM\SYSTEM\CS3\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{61B1B018-E560-474C-8881-E496BA34CDF1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{88299DE9-6717-47A8-94D6-8D2EC52438B2}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Télécharge cet outil de SiRi: 

http://siri.urz.free.fr/RHosts.php 

Double cliquer dessus pour l'exécuter 

et cliquer sur " Restore original Hosts " 

ps : c est normal que rien ne se passe


ENSUITE :


télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt) 


Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm

pablomica · Answer

voila le rapport


   --------------------\  Lop S&D 4.2.2-6  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Paul ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 10/08/2008 |  1:01:24,61 ] [ PC : SN116318980313 ]
   [ MAJ : 09-08-2008 | 21:15 ]
 
   --------------------\  Listing des dossiers dans APPLIC~1  








































 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [08/08/2008 15:00][--a------] C:\WINDOWS	asks\Norton Security Scan.job
   [02/07/2008 10:14][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [13/02/2007 21:35][--a------] C:\WINDOWS	asks\Rappel d'enregistrement 2.job
   [06/02/2007 15:52][--a------] C:\WINDOWS	asks\Rappel d'enregistrement 3.job
   [10/08/2008 00:51][--ah-----] C:\WINDOWS	asks\SA.DAT
   [10/08/2004 09:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  MsgPlus SPONSOR INSTALLED !

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

   --------------------\  Listing des dossiers dans C:\Program Files

   [30/12/2007|10:42] C:\Program Files\Actual Hide Folders
   [07/03/2007|20:49] C:\Program Files\Adobe
   [08/02/2007|22:33] C:\Program Files\adslTV
   [12/12/2007|22:34] C:\Program Files\Alwil Software
   [06/02/2007|15:39] C:\Program Files\AMD
   [11/02/2007|18:58] C:\Program Files\appcache
   [05/05/2007|11:38] C:\Program Files\Apple Software Update
   [02/07/2008|17:43] C:\Program Files\ATI Technologies
   [25/02/2008|03:05] C:\Program Files\AviSynth 2.5
   [06/02/2007|15:40] C:\Program Files\AvRack
   [11/02/2007|18:57] C:\Program Files\bin
   [18/08/2007|12:34] C:\Program Files\BitTorrent
   [24/03/2008|15:33] C:\Program Files\Blender Foundation
   [08/07/2007|18:14] C:\Program Files\Bud Redhead
   [09/02/2007|23:09] C:\Program Files\CCleaner
   [03/07/2008|17:24] C:\Program Files\CDBurnerXP
   [06/02/2007|15:42] C:\Program Files\Common Files
   [23/09/2004|14:03] C:\Program Files\ComPlus Applications
   [11/02/2007|18:58] C:\Program Files\config
   [06/08/2008|19:56] C:\Program Files\Corel
   [06/11/2007|20:45] C:\Program Files\DAEMON Tools
   [08/07/2007|20:28] C:\Program Files\Efface Historique 21
   [24/09/2007|21:45] C:\Program Files\Everest Poker
   [04/08/2008|15:30] C:\Program Files\eX-Sense
   [25/12/2007|13:39] C:\Program Files\FAT32 Format
   [06/02/2007|15:48] C:\Program Files\Fichiers communs
   [09/09/2007|15:14] C:\Program Files\FlashGet
   [08/02/2007|22:28] C:\Program Files\Foxit Software
   [05/05/2007|13:42] C:\Program Files\Free
   [11/02/2007|18:59] C:\Program Files\friends
   [25/02/2008|03:05] C:\Program Files\Gabest
   [08/08/2008|12:17] C:\Program Files\GameSpy
   [14/03/2007|16:55] C:\Program Files\Gimp
   [11/02/2007|18:57] C:\Program Files\Graphics
   [27/05/2007|09:51] C:\Program Files\Grisoft
   [09/08/2008|22:19] C:\Program Files\GUILD WARS
   [08/02/2007|22:34] C:\Program Files\HomePlayer1.4
   [28/03/2008|23:41] C:\Program Files\ImTOO
   [25/02/2008|04:07] C:\Program Files\Incomplete
   [06/02/2007|15:44] C:\Program Files\InstallShield Installation Information
   [07/02/2007|11:55] C:\Program Files\Internet Explorer
   [06/02/2007|15:48] C:\Program Files\Java
   [08/07/2007|20:13] C:\Program Files\K-Lite Codec Pack
   [25/02/2008|18:48] C:\Program Files\Lame MP3 Codec
   [03/09/2007|11:43] C:\Program Files\Lavasoft
   [09/08/2008|22:40] C:\Program Files\Lettriq
   [18/10/2007|19:36] C:\Program Files\MagicISO
   [17/06/2007|17:25] C:\Program Files\MainSoft
   [25/02/2008|18:48] C:\Program Files\MarkAny
   [26/06/2008|12:24] C:\Program Files\MegauploadToolbar
   [06/02/2007|15:45] C:\Program Files\Messenger
   [17/01/2008|21:13] C:\Program Files\Messenger Plus! Live
   [17/01/2008|21:17] C:\Program Files\MessengerPlus! 3
   [23/09/2004|14:15] C:\Program Files\microsoft frontpage
   [11/02/2007|18:41] C:\Program Files\Microsoft LifeCam
   [30/01/2008|11:22] C:\Program Files\Microsoft Office
   [23/05/2007|21:00] C:\Program Files\MIKSOFT
   [25/03/2007|21:20] C:\Program Files\mIRC
   [23/09/2004|14:01] C:\Program Files\Movie Maker
   [07/02/2007|14:30] C:\Program Files\Mozilla Firefox
   [07/02/2007|09:43] C:\Program Files\MSBuild
   [23/09/2004|13:59] C:\Program Files\MSN
   [23/09/2004|13:59] C:\Program Files\MSN Gaming Zone
   [16/03/2007|20:06] C:\Program Files\MSN Messenger
   [26/07/2008|12:21] C:\Program Files\MSXML 4.0
   [26/07/2008|12:25] C:\Program Files\MSXML 6.0
   [03/08/2008|18:23] C:\Program Files\NCSoft
   [23/09/2004|14:07] C:\Program Files\NetMeeting
   [12/11/2007|17:39] C:\Program Files\OFFICE ONE6.5
   [08/02/2007|22:11] C:\Program Files\OpenOffice.org 2.0
   [07/02/2007|09:40] C:\Program Files\Outlook Express
   [14/06/2008|17:17] C:\Program Files\Outlook Express Quick Backup
   [31/10/2007|21:17] C:\Program Files\Outspark
   [09/09/2007|21:16] C:\Program Files\PandoBar
   [14/04/2008|22:04] C:\Program Files\PBP Unpacker
   [25/07/2008|15:20] C:\Program Files\Project64 1.6
   [19/10/2007|21:04] C:\Program Files\PSCS2Updater
   [11/02/2007|18:53] C:\Program Files\Public
   [14/02/2007|14:47] C:\Program Files\Radio Fr Solo
   [08/02/2007|22:31] C:\Program Files\Real
   [06/02/2007|15:40] C:\Program Files\Realtek AC97
   [06/02/2007|15:40] C:\Program Files\Realtek Sound Manager
   [05/07/2007|16:59] C:\Program Files\Red Kawa
   [07/02/2007|09:41] C:\Program Files\Reference Assemblies
   [12/01/2008|16:50] C:\Program Files\ReflexiveArcade
   [09/02/2007|23:13] C:\Program Files\RegCleaner
   [11/02/2007|18:57] C:\Program Filesesource
   [09/08/2008|23:15] C:\Program Fileshctf3j0elt3
   [25/02/2008|18:47] C:\Program Files\Samsung
   [11/02/2007|18:59] C:\Program Files\servers
   [23/09/2004|14:08] C:\Program Files\Services en ligne
   [11/02/2007|18:57] C:\Program Files\skins
   [08/02/2007|23:51] C:\Program Files\Skype
   [25/02/2008|03:31] C:\Program Files\SLD Codec Pack
   [08/02/2007|23:35] C:\Program Files\Sonic
   [29/04/2008|23:05] C:\Program Files\Sony
   [27/08/2007|19:37] C:\Program Files\Sony Ericsson
   [14/06/2008|15:26] C:\Program Files\Steam
   [29/12/2007|16:53] C:\Program Files\StuffPlug3
   [01/03/2007|20:56] C:\Program Files\Teamspeak2_RC2
   [08/07/2007|19:24] C:\Program Files\TGTSoft
   [09/08/2008|23:47] C:\Program Files\Trend Micro
   [08/02/2007|23:34] C:\Program Files\Ulead Systems
   [23/09/2004|14:25] C:\Program Files\Uninstall Information
   [08/02/2007|22:28] C:\Program Files\VideoLAN
   [28/02/2007|23:54] C:\Program Files\WinAVI Video Capture
   [14/06/2007|17:49] C:\Program Files\Windows Live
   [18/11/2007|11:10] C:\Program Files\Windows Live Safety Center
   [08/02/2007|23:32] C:\Program Files\Windows Media Components
   [07/02/2007|09:39] C:\Program Files\Windows Media Connect 2
   [07/02/2007|09:39] C:\Program Files\Windows Media Player
   [23/09/2004|13:59] C:\Program Files\Windows NT
   [23/09/2004|14:09] C:\Program Files\WindowsUpdate
   [29/04/2008|18:25] C:\Program Files\Winnydows
   [13/04/2007|17:52] C:\Program Files\WinPcap
   [07/03/2007|15:29] C:\Program Files\WinRAR
   [11/05/2008|11:05] C:\Program Files\WiPen
   [20/10/2007|18:50] C:\Program Files\World Of Warcraft
   [06/02/2007|15:42] C:\Program Files\X10 Hardware
   [23/09/2004|14:15] C:\Program Files\xerox
   [11/11/2007|20:23] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [30/04/2007|21:41] C:\Program Files\Fichiers communs\Adobe
   [29/05/2007|19:28] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [12/11/2007|21:37] C:\Program Files\Fichiers communs\Blizzard Entertainment
   [08/07/2007|18:38] C:\Program Files\Fichiers communs\BOONTY Shared
   [05/03/2007|20:58] C:\Program Files\Fichiers communs\GTK
   [06/02/2007|15:40] C:\Program Files\Fichiers communs\InstallShield
   [06/02/2007|15:48] C:\Program Files\Fichiers communs\Java
   [07/02/2007|09:35] C:\Program Files\Fichiers communs\Microsoft Shared
   [23/09/2004|14:07] C:\Program Files\Fichiers communs\MSSoap
   [03/03/2008|01:47] C:\Program Files\Fichiers communs\NSV
   [23/09/2004|13:53] C:\Program Files\Fichiers communs\ODBC
   [08/02/2007|22:31] C:\Program Files\Fichiers communs\Real
   [28/05/2007|21:42] C:\Program Files\Fichiers communs\Screaming Bee
   [23/09/2004|14:07] C:\Program Files\Fichiers communs\Services
   [08/02/2007|23:39] C:\Program Files\Fichiers communs\Sonic Shared
   [27/08/2007|19:37] C:\Program Files\Fichiers communs\Sony Ericsson Shared
   [23/09/2004|13:53] C:\Program Files\Fichiers communs\SpeechEngines
   [08/02/2007|23:35] C:\Program Files\Fichiers communs\SureThing Shared
   [11/11/2007|12:16] C:\Program Files\Fichiers communs\Symantec Shared
   [07/02/2007|09:40] C:\Program Files\Fichiers communs\System
   [27/08/2007|19:37] C:\Program Files\Fichiers communs\Teleca Shared
   [08/02/2007|23:32] C:\Program Files\Fichiers communs\Ulead Systems
   [06/11/2007|20:45] C:\Program Files\Fichiers communs\WhenU
   [17/01/2008|20:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [24/03/2007|19:16] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [08/02/2007|22:31] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 59 Processus )

   iexplore.exe ~ [3720]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   D:\DOCUME~1\paul\MENUDM~1\PROGRA~1\BitDownload
   D:\DOCUME~1\paul\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mp3 poll skip]
   "DisplayName"="CiD Help"
   "UninstallString"="D:\DOCUME~1\paul\APPLIC~1\MODEGL~1\Default amok grey.exe -uninstall"

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-10 01:03:04
   Windows 5.1.2600 Service Pack 2 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   => D:\DOCUME~1\paul\Favoris\http--www.crackspider.net-.url
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX06.469\keygen.exe
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX07.156\crack.exe
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX08.297\crack.exe
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX29.0218\gwkey\gwkeygen.exe


   [F:1562][D:176]-> D:\DOCUME~1\paul\LOCALS~1\Temp
   [F:33][D:0]-> D:\DOCUME~1\paul\Cookies
   [F:1095][D:20]-> C:	emp\FICHIE~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   --------------------\  Fin du rapport a  1:03:45,24

Utilisateur anonyme · Answer

Relance Lop S&D 


* Choisis cette fois ci l'Option 2 (Suppression) 
* Ne ferme pas la fenêtre lors de la suppression ! 
* Poste le rapport généré (C:\lopR.txt)

pablomica · Answer

voila le rapport 


   --------------------\  Lop S&D 4.2.2-6  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Paul ] [ "C:\Lop SD" ] [ Selection : 2 ]
   [ 10/08/2008 |  1:12:49,58 ] [ PC : SN116318980313 ]
   [ MAJ : 09-08-2008 | 21:15 ]


   \\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

   Supprime! - D:\DOCUME~1\paul\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk
   Supprime! - D:\DOCUME~1\paul\MENUDM~1\PROGRA~1\BitDownload
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\ 

   Supprime! - D:\DOCUME~1\paul\APPLIC~1\WhenU
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\

 
   --------------------\  Listing des dossiers dans APPLIC~1  








































 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [08/08/2008 15:00][--a------] C:\WINDOWS	asks\Norton Security Scan.job
   [02/07/2008 10:14][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [13/02/2007 21:35][--a------] C:\WINDOWS	asks\Rappel d'enregistrement 2.job
   [06/02/2007 15:52][--a------] C:\WINDOWS	asks\Rappel d'enregistrement 3.job
   [10/08/2008 00:51][--ah-----] C:\WINDOWS	asks\SA.DAT
   [10/08/2004 09:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  MsgPlus SPONSOR INSTALLED !

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

   --------------------\  Listing des dossiers dans C:\Program Files

   [30/12/2007|10:42] C:\Program Files\Actual Hide Folders
   [07/03/2007|20:49] C:\Program Files\Adobe
   [08/02/2007|22:33] C:\Program Files\adslTV
   [12/12/2007|22:34] C:\Program Files\Alwil Software
   [06/02/2007|15:39] C:\Program Files\AMD
   [11/02/2007|18:58] C:\Program Files\appcache
   [05/05/2007|11:38] C:\Program Files\Apple Software Update
   [02/07/2008|17:43] C:\Program Files\ATI Technologies
   [25/02/2008|03:05] C:\Program Files\AviSynth 2.5
   [06/02/2007|15:40] C:\Program Files\AvRack
   [11/02/2007|18:57] C:\Program Files\bin
   [18/08/2007|12:34] C:\Program Files\BitTorrent
   [24/03/2008|15:33] C:\Program Files\Blender Foundation
   [08/07/2007|18:14] C:\Program Files\Bud Redhead
   [09/02/2007|23:09] C:\Program Files\CCleaner
   [03/07/2008|17:24] C:\Program Files\CDBurnerXP
   [06/02/2007|15:42] C:\Program Files\Common Files
   [23/09/2004|14:03] C:\Program Files\ComPlus Applications
   [11/02/2007|18:58] C:\Program Files\config
   [06/08/2008|19:56] C:\Program Files\Corel
   [06/11/2007|20:45] C:\Program Files\DAEMON Tools
   [08/07/2007|20:28] C:\Program Files\Efface Historique 21
   [24/09/2007|21:45] C:\Program Files\Everest Poker
   [04/08/2008|15:30] C:\Program Files\eX-Sense
   [25/12/2007|13:39] C:\Program Files\FAT32 Format
   [06/02/2007|15:48] C:\Program Files\Fichiers communs
   [09/09/2007|15:14] C:\Program Files\FlashGet
   [08/02/2007|22:28] C:\Program Files\Foxit Software
   [05/05/2007|13:42] C:\Program Files\Free
   [11/02/2007|18:59] C:\Program Files\friends
   [25/02/2008|03:05] C:\Program Files\Gabest
   [08/08/2008|12:17] C:\Program Files\GameSpy
   [14/03/2007|16:55] C:\Program Files\Gimp
   [11/02/2007|18:57] C:\Program Files\Graphics
   [27/05/2007|09:51] C:\Program Files\Grisoft
   [09/08/2008|22:19] C:\Program Files\GUILD WARS
   [08/02/2007|22:34] C:\Program Files\HomePlayer1.4
   [28/03/2008|23:41] C:\Program Files\ImTOO
   [25/02/2008|04:07] C:\Program Files\Incomplete
   [06/02/2007|15:44] C:\Program Files\InstallShield Installation Information
   [07/02/2007|11:55] C:\Program Files\Internet Explorer
   [06/02/2007|15:48] C:\Program Files\Java
   [08/07/2007|20:13] C:\Program Files\K-Lite Codec Pack
   [25/02/2008|18:48] C:\Program Files\Lame MP3 Codec
   [03/09/2007|11:43] C:\Program Files\Lavasoft
   [09/08/2008|22:40] C:\Program Files\Lettriq
   [18/10/2007|19:36] C:\Program Files\MagicISO
   [17/06/2007|17:25] C:\Program Files\MainSoft
   [25/02/2008|18:48] C:\Program Files\MarkAny
   [26/06/2008|12:24] C:\Program Files\MegauploadToolbar
   [06/02/2007|15:45] C:\Program Files\Messenger
   [17/01/2008|21:13] C:\Program Files\Messenger Plus! Live
   [17/01/2008|21:17] C:\Program Files\MessengerPlus! 3
   [23/09/2004|14:15] C:\Program Files\microsoft frontpage
   [11/02/2007|18:41] C:\Program Files\Microsoft LifeCam
   [30/01/2008|11:22] C:\Program Files\Microsoft Office
   [23/05/2007|21:00] C:\Program Files\MIKSOFT
   [25/03/2007|21:20] C:\Program Files\mIRC
   [23/09/2004|14:01] C:\Program Files\Movie Maker
   [07/02/2007|14:30] C:\Program Files\Mozilla Firefox
   [07/02/2007|09:43] C:\Program Files\MSBuild
   [23/09/2004|13:59] C:\Program Files\MSN
   [23/09/2004|13:59] C:\Program Files\MSN Gaming Zone
   [16/03/2007|20:06] C:\Program Files\MSN Messenger
   [26/07/2008|12:21] C:\Program Files\MSXML 4.0
   [26/07/2008|12:25] C:\Program Files\MSXML 6.0
   [03/08/2008|18:23] C:\Program Files\NCSoft
   [23/09/2004|14:07] C:\Program Files\NetMeeting
   [12/11/2007|17:39] C:\Program Files\OFFICE ONE6.5
   [08/02/2007|22:11] C:\Program Files\OpenOffice.org 2.0
   [07/02/2007|09:40] C:\Program Files\Outlook Express
   [14/06/2008|17:17] C:\Program Files\Outlook Express Quick Backup
   [31/10/2007|21:17] C:\Program Files\Outspark
   [09/09/2007|21:16] C:\Program Files\PandoBar
   [14/04/2008|22:04] C:\Program Files\PBP Unpacker
   [25/07/2008|15:20] C:\Program Files\Project64 1.6
   [19/10/2007|21:04] C:\Program Files\PSCS2Updater
   [11/02/2007|18:53] C:\Program Files\Public
   [14/02/2007|14:47] C:\Program Files\Radio Fr Solo
   [08/02/2007|22:31] C:\Program Files\Real
   [06/02/2007|15:40] C:\Program Files\Realtek AC97
   [06/02/2007|15:40] C:\Program Files\Realtek Sound Manager
   [05/07/2007|16:59] C:\Program Files\Red Kawa
   [07/02/2007|09:41] C:\Program Files\Reference Assemblies
   [12/01/2008|16:50] C:\Program Files\ReflexiveArcade
   [09/02/2007|23:13] C:\Program Files\RegCleaner
   [11/02/2007|18:57] C:\Program Filesesource
   [09/08/2008|23:15] C:\Program Fileshctf3j0elt3
   [25/02/2008|18:47] C:\Program Files\Samsung
   [11/02/2007|18:59] C:\Program Files\servers
   [23/09/2004|14:08] C:\Program Files\Services en ligne
   [11/02/2007|18:57] C:\Program Files\skins
   [08/02/2007|23:51] C:\Program Files\Skype
   [25/02/2008|03:31] C:\Program Files\SLD Codec Pack
   [08/02/2007|23:35] C:\Program Files\Sonic
   [29/04/2008|23:05] C:\Program Files\Sony
   [27/08/2007|19:37] C:\Program Files\Sony Ericsson
   [14/06/2008|15:26] C:\Program Files\Steam
   [29/12/2007|16:53] C:\Program Files\StuffPlug3
   [01/03/2007|20:56] C:\Program Files\Teamspeak2_RC2
   [08/07/2007|19:24] C:\Program Files\TGTSoft
   [09/08/2008|23:47] C:\Program Files\Trend Micro
   [08/02/2007|23:34] C:\Program Files\Ulead Systems
   [23/09/2004|14:25] C:\Program Files\Uninstall Information
   [08/02/2007|22:28] C:\Program Files\VideoLAN
   [28/02/2007|23:54] C:\Program Files\WinAVI Video Capture
   [14/06/2007|17:49] C:\Program Files\Windows Live
   [18/11/2007|11:10] C:\Program Files\Windows Live Safety Center
   [08/02/2007|23:32] C:\Program Files\Windows Media Components
   [07/02/2007|09:39] C:\Program Files\Windows Media Connect 2
   [07/02/2007|09:39] C:\Program Files\Windows Media Player
   [23/09/2004|13:59] C:\Program Files\Windows NT
   [23/09/2004|14:09] C:\Program Files\WindowsUpdate
   [29/04/2008|18:25] C:\Program Files\Winnydows
   [13/04/2007|17:52] C:\Program Files\WinPcap
   [07/03/2007|15:29] C:\Program Files\WinRAR
   [11/05/2008|11:05] C:\Program Files\WiPen
   [20/10/2007|18:50] C:\Program Files\World Of Warcraft
   [06/02/2007|15:42] C:\Program Files\X10 Hardware
   [23/09/2004|14:15] C:\Program Files\xerox
   [11/11/2007|20:23] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [30/04/2007|21:41] C:\Program Files\Fichiers communs\Adobe
   [29/05/2007|19:28] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [12/11/2007|21:37] C:\Program Files\Fichiers communs\Blizzard Entertainment
   [08/07/2007|18:38] C:\Program Files\Fichiers communs\BOONTY Shared
   [05/03/2007|20:58] C:\Program Files\Fichiers communs\GTK
   [06/02/2007|15:40] C:\Program Files\Fichiers communs\InstallShield
   [06/02/2007|15:48] C:\Program Files\Fichiers communs\Java
   [07/02/2007|09:35] C:\Program Files\Fichiers communs\Microsoft Shared
   [23/09/2004|14:07] C:\Program Files\Fichiers communs\MSSoap
   [03/03/2008|01:47] C:\Program Files\Fichiers communs\NSV
   [23/09/2004|13:53] C:\Program Files\Fichiers communs\ODBC
   [08/02/2007|22:31] C:\Program Files\Fichiers communs\Real
   [28/05/2007|21:42] C:\Program Files\Fichiers communs\Screaming Bee
   [23/09/2004|14:07] C:\Program Files\Fichiers communs\Services
   [08/02/2007|23:39] C:\Program Files\Fichiers communs\Sonic Shared
   [27/08/2007|19:37] C:\Program Files\Fichiers communs\Sony Ericsson Shared
   [23/09/2004|13:53] C:\Program Files\Fichiers communs\SpeechEngines
   [08/02/2007|23:35] C:\Program Files\Fichiers communs\SureThing Shared
   [11/11/2007|12:16] C:\Program Files\Fichiers communs\Symantec Shared
   [07/02/2007|09:40] C:\Program Files\Fichiers communs\System
   [27/08/2007|19:37] C:\Program Files\Fichiers communs\Teleca Shared
   [08/02/2007|23:32] C:\Program Files\Fichiers communs\Ulead Systems
   [06/11/2007|20:45] C:\Program Files\Fichiers communs\WhenU
   [17/01/2008|20:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [24/03/2007|19:16] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [08/02/2007|22:31] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 60 Processus )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-10 01:14:23
   Windows 5.1.2600 Service Pack 2 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   => D:\DOCUME~1\paul\Favoris\http--www.crackspider.net-.url
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX06.469\keygen.exe
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX07.156\crack.exe
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX08.297\crack.exe
   => D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX29.0218\gwkey\gwkeygen.exe


   [F:1563][D:176]-> D:\DOCUME~1\paul\LOCALS~1\Temp
   [F:44][D:0]-> D:\DOCUME~1\paul\Cookies
   [F:1525][D:20]-> C:	emp\FICHIE~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   --------------------\  Fin du rapport a  1:14:40,88

Utilisateur anonyme · Answer

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

D:\DOCUME~1\paul\Favoris\http--www.crackspider.net-.url
D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX06.469\keygen.exe 
D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX07.156\crack.exe 
D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX08.297\crack.exe 
D:\DOCUME~1\paul\Local Settings\Temp\Rar$EX29.0218\gwkey\gwkeygen.exe 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 



ensuite :

Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

pablomica · Answer

merci mais par contre j'ai mon avast qui arrete pas de detecter des ver, cheval de troie, ... 


voila le rapport 

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1036
Windows 5.1.2600 Service Pack 2

01:36:11 10/08/2008
mbam-log-8-10-2008 (01-36-11).txt

Type de recherche: Examen rapide
Eléments examinés: 47810
Temps écoulé: 8 minute(s), 31 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
C:\Program Fileshctf3j0elt3hctf3j0elt3.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\pphcpf3j0elt3.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Fileshctf3j0elt3\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Fileshctf3j0elt3\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Fileshctf3j0elt3\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\system32\winjyp32.dll (Dialer) -> Delete on reboot.
C:\WINDOWS\system32\geBsrRkk.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c57cb69-ec1f-4ff3-916f-52151aabc187} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8c57cb69-ec1f-4ff3-916f-52151aabc187} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallhctf3j0elt3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWAREhctf3j0elt3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebsrrkk (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhctf3j0elt3 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c57cb69-ec1f-4ff3-916f-52151aabc187} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpf3j0elt3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Fileshctf3j0elt3 (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3 (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Datahctf3j0elt3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\geBsrRkk.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\urqRKETn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3hctf3j0elt3.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3hctf3j0elt3.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Fileshctf3j0elt3\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winjyp32.dll (Dialer) -> Delete on reboot.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uvSljGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMggdDU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaWpqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaAqQI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcpf3j0elt3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcpf3j0elt3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcpf3j0elt3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcpf3j0elt3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
D:\Documents and Settings\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

réouvre malewarebyte
va sur quarantaine
supprime tout 


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

pablomica · Answer

voila 


   -----------\  ToolBar S&D 1.0.8  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Paul ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
   [ 10/08/2008 |  3:51:21,14 ] [ PC : SN116318980313 ]
   [ MAJ : 04-08-2008 | 23:15 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\Fichiers communs\WhenU
   C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
   C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
   C:\WINDOWS\smdat32a.sys
   C:\WINDOWS\smdat32m.sys
   C:\WINDOWS\Fonts\acrsec.fon
   D:\DOCUME~1\paul\LOCALS~1\Temp\ICD1.tmp
   \...\{AF8637B0-18E3-44D3-86B7-55E09D9C4261} - (quick)

   -----------\  Extensions

   (Program Files) - {AF8637B0-18E3-44D3-86B7-55E09D9C4261} => quick


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   -----------\  Fin du rapport a  3:51:59,31

pablomica · Answer

que faud t'il faire aprés svp ?

Utilisateur anonyme · Answer

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée". 
! Ne ferme pas la fenêtre lors de la suppression ! 
Un rapport sera généré, poste son contenu ici. 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide.

pablomica · Answer

merci beaucoup de ton aide Chiquitine29,

voila


   -----------\  ToolBar S&D 1.0.8  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : Paul ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
   [ 10/08/2008 | 13:26:14,16 ] [ PC : SN116318980313 ]
   [ MAJ : 04-08-2008 | 23:15 ]

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
   Supprime! - C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
   Supprime! - C:\WINDOWS\smdat32a.sys
   Supprime! - C:\WINDOWS\smdat32m.sys
   Supprime! - C:\WINDOWS\Fonts\acrsec.fon
   Supprime! - D:\DOCUME~1\paul\LOCALS~1\Temp\ICD1.tmp
   Supprime! - C:\Program Files\Fichiers communs\WhenU
   Supprime! - C:\PROGRA~1\MOZILL~1\EXTENS~1\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   -----------\  Fin du rapport a 13:26:57,39

Utilisateur anonyme · Answer

de rien,comment va le pc ???

Démarrer > executer > tape : services.msc 

- Clic droit sur le service cité - Boonty games 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

2) Supprime le dossier : 

Va dans "C:\program files\fichiers communs\" trouve & supprime le dossier " boonty shared " 



ensuite refais un scan hijckthis et post le rapport stp

pablomica · Answer

ba j'ai j'impresion il va mieux mais toujours ce fond d'écran bleu, jeux peu plus changer l fond d'écran warning, mais avast detecte plus de virus et je vois plus antivirus XP 2008 voila le rapport 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:33, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\WiPen\wpmanage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Fileshctf3j0elt3hctf3j0elt3.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\pphcpf3j0elt3.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [WiPen] C:\Program Files\WiPen\wpmanage.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [lphcpf3j0elt3] C:\WINDOWS\system32\lphcpf3j0elt3.exe
O4 - HKLM\..\Run: [SMrhctf3j0elt3] C:\Program Fileshctf3j0elt3hctf3j0elt3.exe
O4 - HKLM\..\Run: [45ca4452] rundll32.exe "C:\WINDOWS\system32	vhjkajf.dll",b
O4 - HKLM\..\Run: [BM46f977ce] Rundll32.exe "C:\WINDOWS\system32\opqcbwfo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer = 212.27.53.252,212.27.54.252
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Lettriq Drivers Auto Removal (pr2aqb2b) (pr2aqb2b) - Vocabelum Inc - C:\WINDOWS\system32\pr2aqb2b.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

pablomica · Answer

Il a fallut que j'éteigne le pc en appuillant 5s sur le bouton car il a bugué voilla le rapport : ComboFix 08-08-09.06 - Paul 2008-08-10 13:47:16.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1403 [GMT 2:00] Endroit: C:\Downloads\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files hctf3j0elt3 C:\WINDOWS\BM46f977ce.txt C:\WINDOWS\BM46f977ce.xml C:\WINDOWS\cdmxtras C:\WINDOWS\cdmxtras\uninst.exe C:\WINDOWS\pskt.ini C:\WINDOWS\system32\AdCache C:\WINDOWS\system32\BIlRYcfe.ini C:\WINDOWS\system32\BIlRYcfe.ini2 C:\WINDOWS\system32\blphcpf3j0elt3.scr C:\WINDOWS\system32\byxyAPIC.dll C:\WINDOWS\system32\cache329 C:\WINDOWS\system32\drivers pf.sys C:\WINDOWS\system32\efcYRlIB.dll C:\WINDOWS\system32\fjakjhvt.ini C:\WINDOWS\system32\geBsrRkk.dll C:\WINDOWS\system32\hjhalr.dll C:\WINDOWS\system32\lphcpf3j0elt3.exe C:\WINDOWS\system32\ohogsbkk.dll C:\WINDOWS\system32\opqcbwfo.dll C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\phcpf3j0elt3.bmp C:\WINDOWS\system32\pphcpf3j0elt3.exe C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32 vhjkajf.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\winjyp32.dll C:\WINDOWS\system32\wpcap.dll D:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008 D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk D:\Documents and Settings\paul\Application Data\macromedia\Flash Player\#SharedObjects\ZEEQJ3BG\interclick.com D:\Documents and Settings\paul\Application Data\macromedia\Flash Player\#SharedObjects\ZEEQJ3BG\interclick.com\ud.sol D:\Documents and Settings\paul\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com D:\Documents and Settings\paul\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol D:\Documents and Settings\paul\Application Data hctf3j0elt3 D:\install.exe S:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NNSERV -------\Service_NPF ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))))))) . 2079-12-31 19:00 . 2004-08-27 11:18 97,920 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys 2079-12-31 19:00 . 2004-05-20 12:35 10,240 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys 2058-07-06 08:20 . 2007-08-06 16:57 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2058-07-06 08:20 . 2007-08-06 16:57 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-08-10 12:49 . 2008-08-10 12:49 2,048 --a------ C:\WINDOWS\system32\vevogdid.exe 2008-08-10 03:50 . 2008-08-10 03:50 d-------- C:\Toolbar SD 2008-08-10 01:48 . 2008-08-10 13:23 94,208 --a------ C:\WINDOWS\system32\23.tmp 2008-08-10 01:24 . 2008-08-10 01:24 d-------- D:\Documents and Settings\paul\Application Data\Malwarebytes 2008-08-10 01:24 . 2008-08-10 01:24 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-10 01:24 . 2008-08-10 01:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-10 01:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 01:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 01:22 . 2008-08-10 01:22 d-------- C:\_OTMoveIt 2008-08-10 01:00 . 2008-08-10 01:00 d-------- C:\Lop SD 2008-08-10 00:51 . 2008-08-10 00:51 16,384 --a------ C: emp\Perflib_Perfdata_620.dat 2008-08-10 00:13 . 2008-08-10 00:47 3,546 --a------ C:\WINDOWS\system32 mp.reg 2008-08-10 00:12 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-10 00:12 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-10 00:12 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-10 00:12 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-08-10 00:12 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-10 00:12 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-10 00:12 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-10 00:12 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-10 00:12 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-09 23:47 . 2008-08-09 23:47 d-------- C:\Program Files\Trend Micro 2008-08-09 22:40 . 2008-08-09 22:40 d-------- C:\Program Files\Lettriq 2008-08-09 22:19 . 2008-08-09 22:19 d-------- C:\Program Files\GUILD WARS 2008-08-08 12:17 . 2008-08-08 12:17 d-------- C:\Program Files\GameSpy 2008-08-07 16:46 . 2008-08-07 16:46 dr-h----- D:\Documents and Settings\paul\Application Data\SecuROM 2008-08-07 16:46 . 2008-08-07 16:47 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-07 15:58 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-08-07 15:58 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-08-07 15:58 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-08-07 15:58 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-08-07 15:58 . 2008-08-07 15:58 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-07 15:58 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-08-07 15:58 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2008-08-07 15:58 . 2008-08-07 15:58 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-08-07 15:58 . 2008-08-07 15:58 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-08-07 15:58 . 2008-08-07 15:58 22,328 --a------ D:\Documents and Settings\paul\Application Data\PnkBstrK.sys 2008-08-07 15:58 . 2008-08-07 15:58 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-06 19:58 . 2008-08-06 19:59 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-06 19:56 . 2008-08-06 19:56 d-------- C:\Program Files\Corel 2008-08-04 18:51 . 2008-08-04 18:51 23,392 --a------ C:\WINDOWS\system32 scompat.tlb 2008-08-04 18:51 . 2008-08-04 18:51 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-08-04 16:10 . 2008-08-04 16:10 d-------- C:\Hiajckthis 2008-08-04 15:30 . 2008-08-04 15:30 d-------- C:\Program Files\eX-Sense 2008-08-04 15:30 . 2008-08-04 15:30 73,216 --a------ C:\WINDOWS emp.002 2008-08-04 15:23 . 2008-08-04 15:23 73,216 --a------ C:\WINDOWS emp.001 2008-08-04 15:23 . 2008-08-04 15:23 1,685 --a------ C:\WINDOWS\ST6UNST.000 2008-08-04 15:14 . 2008-08-04 15:14 73,216 --a------ C:\WINDOWS emp.000 2008-08-04 13:39 . 2008-08-04 13:39 d--hs---- C:\FOUND.000 2008-08-03 18:23 . 2008-08-03 18:23 d-------- C:\Program Files\NCSoft 2008-08-03 18:19 . 2008-08-03 18:21 d-------- D:\Documents and Settings\paul\Application Data\GetRightToGo 2008-08-01 11:38 . 2008-08-01 11:38 d--hs---- C:\FOUND.027 2008-07-26 12:25 . 2008-07-26 12:25 d-------- C:\Program Files\MSXML 6.0 2008-07-26 12:20 . 2008-07-26 12:21 d-------- C:\Program Files\MSXML 4.0 2008-07-25 15:19 . 2008-07-25 15:20 d-------- C:\Program Files\Project64 1.6 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 15:48 --------- d-----w D:\Documents and Settings\paul\Application Data\OpenOffice.org2 2008-08-04 13:30 311,296 ------w C:\WINDOWS\Setup1.exe 2008-07-25 20:59 --------- d-----w D:\Documents and Settings\paul\Application Data eamspeak2 2008-07-03 15:24 --------- d-----w D:\Documents and Settings\paul\Application Data\Canneverbe_Limited 2008-07-03 15:24 --------- d-----w C:\Program Files\CDBurnerXP 2008-07-02 15:50 --------- d-----w D:\Documents and Settings\paul\Application Data\ATI 2008-07-02 15:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\ATI 2008-07-02 15:43 --------- d-----w C:\Program Files\ATI Technologies 2008-06-26 14:59 --------- d-----w D:\Documents and Settings\paul\Application Data\MegauploadToolbar 2008-06-26 10:24 --------- d-----w D:\Documents and Settings\paul\Application Data\Megaupload 2008-06-26 10:24 --------- d-----w C:\Program Files\MegauploadToolbar 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-15 16:46 --------- d-----w D:\Documents and Settings\paul\Application Data\Mumble 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 15:17 73,216 ------w C:\WINDOWS\ST6UNST.EXE 2008-06-14 15:17 --------- d-----w C:\Program Files\Outlook Express Quick Backup 2008-06-14 13:26 --------- d-----w C:\Program Files\Steam . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2007-09-09 21:16 61440] [HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2007-09-09 21:16 266240] [HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 09:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-17 21:17 190024] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "Steam"="c:\program files\steam\steam.exe" [2008-06-14 15:34 1271032] "Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2008-07-30 01:46 763392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 09:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 09:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 09:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 09:01 67584] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 16:05 344064] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-02-08 22:31 180269] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 15:39 707360] "Efface Historique 2.1"="C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE" [2004-04-01 02:01 322560] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624] "WiPen"="C:\Program Files\WiPen\wpmanage.exe" [2005-10-06 14:13 566272] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 90112 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 09:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\adslTV\adslTV.exe"= "C:\Program Files\HomePlayer1.4\HomePlayer.exe"= "C:\Program Files\Microsoft LifeCam\LifeCam.exe"= "C:\Program Files\Microsoft LifeCam\LifeExp.exe"= "C:\Program Files\mIRC\mirc.exe"= "C:\Program Files\Messenger\Msmsgs.exe"= "C:\Program Files\FlashGet\flashget.exe"= "C:\WINDOWS\system32\muzapp.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "C:\WINDOWS\system32\winver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26541:TCP"= 26541:TCP:BitComet 26541 TCP "26541:UDP"= 26541:UDP:BitComet 26541 UDP R0 pe3aqb2b;Lettriq Environment Driver (pe3aqb2b);C:\WINDOWS\system32\drivers\pe3aqb2b.sys [2008-06-06 18:47] R0 pf2aqb2b;Lettriq File System Driver (pf2aqb2b);C:\WINDOWS\system32\drivers\pf2aqb2b.sys [2008-06-06 18:47] R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 11:18] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R1 FNETDEVI;FNETDEVI;C:\WINDOWS\system32\drivers\FNETDEVI.SYS [2007-12-25 13:39] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 14:13] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 06:51] R3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 18:07] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 04:45] S2 ahfprog;ahfP Service;C:\WINDOWS\system32\ahfp.exe [2007-12-30 10:42] S2 pr2aqb2b;Lettriq Drivers Auto Removal (pr2aqb2b);C:\WINDOWS\system32\pr2aqb2b.exe svc [] S2 PTWsvc;PCTimeWatch;C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2007-08-13 01:10] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15] S3 PsSdk41;PsSdk41;C:\WINDOWS\system32\Drivers\pssdk41.sys [2008-05-11 11:03] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2007-02-13 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-10 09:00] 2008-07-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42] 2008-08-08 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe HKLM-Run-lphcpf3j0elt3 - C:\WINDOWS\system32\lphcpf3j0elt3.exe HKLM-Run-SMrhctf3j0elt3 - C:\Program Files hctf3j0elt3 hctf3j0elt3.exe HKLM-Run-45ca4452 - C:\WINDOWS\system32 vhjkajf.dll HKLM-Run-BM46f977ce - C:\WINDOWS\system32\opqcbwfo.dll Notify-winjyp32 - winjyp32.dll . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\oyn4aykf.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.exalead.com/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-10 13:53:33 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-10 13:58:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-10 11:58:00 Pre-Run: 8,685,658,112 octets libres Post-Run: 8,727,330,816 octets libres 288 --- E O F --- 2008-08-06 17:07:32

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 


File:: 
C:\WINDOWS\system32\vevogdid.exe 
C:	emp\Perflib_Perfdata_620.dat 
C:\WINDOWS\system32	mp.reg 
C:\WINDOWS\system32\VCCLSID.exe 
C:\WINDOWS\system32\SrchSTS.exe 
C:\WINDOWS\system32\VACFix.exe 
C:\WINDOWS\system32\IEDFix.exe 
C:\WINDOWS\system32\IEDFix.C.exe 
C:\WINDOWS\system32\404Fix.exe 
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe 
C:\WINDOWS\system32\WS2Fix.exe 

Folder:: 
C:\Toolbar SD 
C:\Program Files\PandoBar
C:\PROGRA~1\EFFACE~1
C:\Program Files\Fichiers communs\BOONTY Shared

Registry:: 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"=- 
[-HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"=- 
[-HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Efface Historique 2.1"=-

Driver:: 
Boonty Games






Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

pablomica · Answer

ComboFix 08-08-09.06 - Paul 2008-08-10 14:27:02.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1475 [GMT 2:00] Endroit: C:\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\PROGRA~1\EFFACE~1 C:\PROGRA~1\EFFACE~1\EffaceHistorique.exe C:\Program Files\PandoBar C:\Program Files\PandoBar\bar\1.bin\NPPANDBR.DLL C:\Program Files\PandoBar\bar\1.bin\P4FFXTBR.JAR C:\Program Files\PandoBar\bar\1.bin\P4FFXTBR.MANIFEST C:\Program Files\PandoBar\bar\1.bin\P4HIGHIN.EXE C:\Program Files\PandoBar\bar\1.bin\P4NTSTBR.JAR C:\Program Files\PandoBar\bar\1.bin\P4NTSTBR.MANIFEST C:\Program Files\PandoBar\bar\1.bin\P4PLUGIN.DLL C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EE9392 C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EE978A.bin C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EE9B52.bin C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EE9CBA.bin C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EE9ECD.bin C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EEA015.bin C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EEA19C.bin C:\Program Files\PandoBar\bar\Cache\[u]0[/u]1EEA2E4.bin C:\Program Files\PandoBar\bar\Cache\files.ini C:\Program Files\PandoBar\bar\History\search2 C:\Program Files\PandoBar\bar\Settings\prevcfg2.htm C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL C:\temp\Perflib_Perfdata_620.dat C:\Toolbar SD C:\Toolbar SD\Back.cmd C:\Toolbar SD\Backup-TB\DOCUME~1\paul\LOCALS~1\Temp\fhg.inf C:\Toolbar SD\Backup-TB\DOCUME~1\paul\LOCALS~1\Temp\l3codeca.acm C:\Toolbar SD\Backup-TB\Program Files\Fichiers communs\WhenU\DTAdapter.exe C:\Toolbar SD\Backup-TB\Program Files\Fichiers communs\WhenU\DTPlugin.dll C:\Toolbar SD\Backup-TB\Program Files\MOZILL~1\EXTENS~1\chrome.manifest C:\Toolbar SD\Backup-TB\Program Files\MOZILL~1\EXTENS~1\install.rdf C:\Toolbar SD\Backup-TB\Reg\HKCU_Run.reg C:\Toolbar SD\Backup-TB\Reg\HKLM_BHO.reg C:\Toolbar SD\Backup-TB\Reg\HKLM_Classes.reg C:\Toolbar SD\Backup-TB\Reg\HKLM_Run.reg C:\Toolbar SD\Backup-TB\Reg\HKLM_ToolBar.reg C:\Toolbar SD\Backup-TB\Reg\HKLM_Uninstall.reg C:\Toolbar SD\Backup-TB\WINDOWS\Fonts\acrsec.fon C:\Toolbar SD\Backup-TB\WINDOWS\smdat32a.sys C:\Toolbar SD\Backup-TB\WINDOWS\smdat32m.sys C:\Toolbar SD\DemP.cmd C:\Toolbar SD\DirectFix.cmd C:\Toolbar SD\Fich.cmd C:\Toolbar SD\FixExt.cmd C:\Toolbar SD\KILL.cmd C:\Toolbar SD\Langues.cmd C:\Toolbar SD\osVer.exe C:\Toolbar SD\paths.bat C:\Toolbar SD\Process.exe C:\Toolbar SD\Rech.cmd C:\Toolbar SD\RegP2.txt C:\Toolbar SD\RegP3.txt C:\Toolbar SD\RegP4.txt C:\Toolbar SD\RegP5.txt C:\Toolbar SD\RegPCU.txt C:\Toolbar SD\RegPLM.txt C:\Toolbar SD\RegTBSD.reg C:\Toolbar SD\sed.exe C:\Toolbar SD\setpath.exe C:\Toolbar SD\ToolBar S&D.lnk C:\Toolbar SD\ToolBarSD.cmd C:\Toolbar SD\ToolBarSD.ico C:\Toolbar SD\Uninstal.exe C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\IEDFix.C.exe C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\vevogdid.exe C:\WINDOWS\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))))))) . 2079-12-31 19:00 . 2004-08-27 11:18 97,920 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys 2079-12-31 19:00 . 2004-05-20 12:35 10,240 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys 2058-07-06 08:20 . 2007-08-06 16:57 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2058-07-06 08:20 . 2007-08-06 16:57 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-08-10 14:22 . 2008-08-10 14:22 16,384 --a----t- C:\temp\Perflib_Perfdata_638.dat 2008-08-10 01:48 . 2008-08-10 13:23 94,208 --a------ C:\WINDOWS\system32\23.tmp 2008-08-10 01:24 . 2008-08-10 01:24 d-------- D:\Documents and Settings\paul\Application Data\Malwarebytes 2008-08-10 01:24 . 2008-08-10 01:24 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-10 01:24 . 2008-08-10 01:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-10 01:24 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 01:24 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 01:22 . 2008-08-10 01:22 d-------- C:\_OTMoveIt 2008-08-10 01:00 . 2008-08-10 01:00 d-------- C:\Lop SD 2008-08-09 23:47 . 2008-08-09 23:47 d-------- C:\Program Files\Trend Micro 2008-08-09 22:40 . 2008-08-09 22:40 d-------- C:\Program Files\Lettriq 2008-08-09 22:19 . 2008-08-09 22:19 d-------- C:\Program Files\GUILD WARS 2008-08-08 12:17 . 2008-08-08 12:17 d-------- C:\Program Files\GameSpy 2008-08-07 16:46 . 2008-08-07 16:46 dr-h----- D:\Documents and Settings\paul\Application Data\SecuROM 2008-08-07 16:46 . 2008-08-07 16:47 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-07 15:58 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2008-08-07 15:58 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-08-07 15:58 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-08-07 15:58 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-08-07 15:58 . 2008-08-07 15:58 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-07 15:58 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2008-08-07 15:58 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2008-08-07 15:58 . 2008-08-07 15:58 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-08-07 15:58 . 2008-08-07 15:58 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-08-07 15:58 . 2008-08-07 15:58 22,328 --a------ D:\Documents and Settings\paul\Application Data\PnkBstrK.sys 2008-08-07 15:58 . 2008-08-07 15:58 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-06 19:58 . 2008-08-06 19:59 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-06 19:56 . 2008-08-06 19:56 d-------- C:\Program Files\Corel 2008-08-04 18:51 . 2008-08-04 18:51 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-08-04 18:51 . 2008-08-04 18:51 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-08-04 16:10 . 2008-08-04 16:10 d-------- C:\Hiajckthis 2008-08-04 15:30 . 2008-08-04 15:30 d-------- C:\Program Files\eX-Sense 2008-08-04 15:30 . 2008-08-04 15:30 73,216 --a------ C:\WINDOWS\temp.002 2008-08-04 15:23 . 2008-08-04 15:23 73,216 --a------ C:\WINDOWS\temp.001 2008-08-04 15:23 . 2008-08-04 15:23 1,685 --a------ C:\WINDOWS\ST6UNST.000 2008-08-04 15:14 . 2008-08-04 15:14 73,216 --a------ C:\WINDOWS\temp.000 2008-08-04 13:39 . 2008-08-04 13:39 d--hs---- C:\FOUND.000 2008-08-03 18:23 . 2008-08-03 18:23 d-------- C:\Program Files\NCSoft 2008-08-03 18:19 . 2008-08-03 18:21 d-------- D:\Documents and Settings\paul\Application Data\GetRightToGo 2008-08-01 11:38 . 2008-08-01 11:38 d--hs---- C:\FOUND.027 2008-07-26 12:25 . 2008-07-26 12:25 d-------- C:\Program Files\MSXML 6.0 2008-07-26 12:20 . 2008-07-26 12:21 d-------- C:\Program Files\MSXML 4.0 2008-07-25 15:19 . 2008-07-25 15:20 d-------- C:\Program Files\Project64 1.6 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 15:48 --------- d-----w D:\Documents and Settings\paul\Application Data\OpenOffice.org2 2008-08-04 13:30 311,296 ------w C:\WINDOWS\Setup1.exe 2008-07-25 20:59 --------- d-----w D:\Documents and Settings\paul\Application Data\teamspeak2 2008-07-03 15:24 --------- d-----w D:\Documents and Settings\paul\Application Data\Canneverbe_Limited 2008-07-03 15:24 --------- d-----w C:\Program Files\CDBurnerXP 2008-07-02 15:50 --------- d-----w D:\Documents and Settings\paul\Application Data\ATI 2008-07-02 15:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\ATI 2008-07-02 15:43 --------- d-----w C:\Program Files\ATI Technologies 2008-06-26 14:59 --------- d-----w D:\Documents and Settings\paul\Application Data\MegauploadToolbar 2008-06-26 10:24 --------- d-----w D:\Documents and Settings\paul\Application Data\Megaupload 2008-06-26 10:24 --------- d-----w C:\Program Files\MegauploadToolbar 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-15 16:46 --------- d-----w D:\Documents and Settings\paul\Application Data\Mumble 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-14 15:17 73,216 ------w C:\WINDOWS\ST6UNST.EXE 2008-06-14 15:17 --------- d-----w C:\Program Files\Outlook Express Quick Backup 2008-06-14 13:26 --------- d-----w C:\Program Files\Steam 2008-06-06 16:48 415,088 ----a-w C:\WINDOWS\system32\pr2aqb2b.exe 2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-06-02 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 09:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-17 21:17 190024] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "Steam"="c:\program files\steam\steam.exe" [2008-06-14 15:34 1271032] "Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2008-07-30 01:46 763392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 09:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 09:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 09:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 09:01 67584] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 16:05 344064] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-08 22:31 180269] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 15:39 707360] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624] "WiPen"="C:\Program Files\WiPen\wpmanage.exe" [2005-10-06 14:13 566272] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 90112 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 09:00 15360] D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ PC TimeWatch Tray Icon.lnk - C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe [2007-05-12 12:03:10 553984] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\adslTV\adslTV.exe"= "C:\Program Files\HomePlayer1.4\HomePlayer.exe"= "C:\Program Files\Microsoft LifeCam\LifeCam.exe"= "C:\Program Files\Microsoft LifeCam\LifeExp.exe"= "C:\Program Files\mIRC\mirc.exe"= "C:\Program Files\Messenger\Msmsgs.exe"= "C:\Program Files\FlashGet\flashget.exe"= "C:\WINDOWS\system32\muzapp.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "C:\WINDOWS\system32\winver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26541:TCP"= 26541:TCP:BitComet 26541 TCP "26541:UDP"= 26541:UDP:BitComet 26541 UDP R0 pe3aqb2b;Lettriq Environment Driver (pe3aqb2b);C:\WINDOWS\system32\drivers\pe3aqb2b.sys [2008-06-06 18:47] R0 pf2aqb2b;Lettriq File System Driver (pf2aqb2b);C:\WINDOWS\system32\drivers\pf2aqb2b.sys [2008-06-06 18:47] R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 11:18] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R1 FNETDEVI;FNETDEVI;C:\WINDOWS\system32\drivers\FNETDEVI.SYS [2007-12-25 13:39] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 14:13] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 06:51] R3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 18:07] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 04:45] S2 ahfprog;ahfP Service;C:\WINDOWS\system32\ahfp.exe [2007-12-30 10:42] S2 pr2aqb2b;Lettriq Drivers Auto Removal (pr2aqb2b);C:\WINDOWS\system32\pr2aqb2b.exe svc [] S2 PTWsvc;PCTimeWatch;C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2007-08-13 01:10] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-05-17 14:15] S3 PsSdk41;PsSdk41;C:\WINDOWS\system32\Drivers\pssdk41.sys [2008-05-11 11:03] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2007-02-13 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-10 09:00] 2008-07-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42] 2008-08-08 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [] . . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\paul\Application Data\Mozilla\Firefox\Profiles\oyn4aykf.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.exalead.com/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-10 14:28:20 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv" . Temps d'accomplissement: 2008-08-10 14:29:04 ComboFix-quarantined-files.txt 2008-08-10 12:28:52 ComboFix2.txt 2008-08-10 11:58:04 Pre-Run: 8,651,431,936 octets libres Post-Run: 8,631,795,712 octets libres 304 --- E O F --- 2008-08-06 17:07:32

Utilisateur anonyme · Answer

un nouveau rapport hijackthis et on termine

pablomica · Answer

voila le rapport  c'est bon ? 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:49, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\WiPen\wpmanage.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\steam\steamapps\sniper_91\counter-strike source\hl2.exe
C:\program files\steam\GameOverlayUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [WiPen] C:\Program Files\WiPen\wpmanage.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FEAAB54-B2EE-4793-AE01-0F4DD7122B75}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CCS\Services\Tcpip\..\{48D6C6D5-AE07-44B2-BE16-991E41A0231E}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Lettriq Drivers Auto Removal (pr2aqb2b) (pr2aqb2b) - Vocabelum Inc - C:\WINDOWS\system32\pr2aqb2b.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

réouvre hijackthis
fis scan only
coches ces lignes :

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing) 

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx 


tu les coches et tu clic sur fix checked 


ensuite :

Démarrer > executer > tape : services.msc 

- Clic droit sur le service cité - Google Updater Service 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

fais la meme chose pour : Service de l'iPod 


ensuite désinstal java car pas a jours et telechrage et instal cette version :

https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com&File=jre-6u7-windows-i586-p-s.exe&AuthParam=1580978146_46494a57fbc0e7c89e79cfb72e28cd3a&ext=.exe



ensuite :

regarde ceci concernant avast : 

antivir vs avast : 

-> http://forum.malekal.com/ftopic3528.php 


alors je te conseille de le desinstaller et d´installer antivir a la place 

Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59 

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility



ensuite :


* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

pablomica · Answer

voila j'ai fait tout sa mais je n'est pas eu de rapport a la racine C: de mon disque dure en tout cas mon pc a l'aire daller beaucoup mieux 

Ccleaner a effacer 5 truc et en a supprimer 5 mais pas de rapport ...

Il y a autre chose a faire ?

merci

Utilisateur anonyme · Answer

oui tu peux faire ceci et ça sera good , et tu pourras mettre resolu 

Désactive et réactive ta restauration system

Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

pablomica · Answer

voila c'est fait un grand merci a toi "Chiquitine29" sans toi je c'est pas ce que j'aurais fait !!! 

merci beaucoup .

PS : Une derniere question si mon antivirus (antivir) detecte des virus il faud faire quoi ? ( supprimer ou ne rien faire ou mettre en quarantaine ? )

Utilisateur anonyme · Answer

tu mets en quarantaine et tu vide la quarantaine le lendemain si tout va bien

@++

pablomica · Answer

oki merci comment on fait pour mettre resolu au message stp ?

encore merci de ton aide :)

+++

Aider moi SVP virus antivirus XP 2008

31 réponses

Discussions similaires