page qui ouvre seul

Question

Bonjour,

J ai un probleme depuis quelque jours. j ai des pages web qui ouvre seul et meme quand je ne fais pas de net
je suis entrain de devenir dingue avec toute ces page inutile aidez moi s.vp.

je vous donne ce qui mon ordi contient:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:42:33, on 2008-08-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userints.exe,
O2 - BHO: bannerstyles browser enhancer - {28a21e57-fe54-51a5-fb40-e7b4a42a8149} - C:\WINDOWS\system32\fqefvltvsjp.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{05cac7d7-0448-8b17-6131-3658607c9ffd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\fqefvltvsjp.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: deskperf32 - C:\WINDOWS\SYSTEM32\deskperf32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxcy_device -   - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

sofi@ne · Answer

bonjour ton problème vient de la fix les
O4 - HKLM\..\Run: [{05cac7d7-0448-8b17-6131-3658607c9ffd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\fqefvltvsjp.dll" DllStart
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
cordialement
sofi@ne

kaleenna · Answer

merci Sofi@ne pour la reponse mais comment je fais pour me debarrasser de ca

sofi@ne · Answer

tu fix les probleme avec HijackThis 
tu ouvre HijackThis 
tu clkic sur Do a system scan only
tu coche les case a goche des problem 
O4 - HKLM\..\Run: [{05cac7d7-0448-8b17-6131-3658607c9ffd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\fqefvltvsjp.dll" DllStart 
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL 
 et tu clic sur le button fix cheked

kaleenna · Answer

ok je vais le faire merci et je te renvois une copie pour confirmer que le probleme est reglé

kaleenna · Answer

voici j ai fais ce que tu ma dit et voici le resultatavec Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:21:06, on 2008-08-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userints.exe,
O2 - BHO: bannerstyles browser enhancer - {28a21e57-fe54-51a5-fb40-e7b4a42a8149} - C:\WINDOWS\system32\fqefvltvsjp.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{05cac7d7-0448-8b17-6131-3658607c9ffd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\fqefvltvsjp.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: deskperf32 - C:\WINDOWS\SYSTEM32\deskperf32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxcy_device -   - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

sofi@ne · Answer

ton rapport indique que ces probleme son toujour present 
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O4 - HKLM\..\Run: [{05cac7d7-0448-8b17-6131-3658607c9ffd}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\fqefvltvsjp.dll" DllStart
suit les etape que je tu dit desactive la restoration systeme desinstal ta toolbar ASKbar  je croit que c'est elle qui a un probleme fait un sacn anti virus telecharge Malwarebytes' Anti-Malware met le a jour et fait un scan en suit fix les probleme signale

kaleenna · Answer

ok la j ai descativer le syteme  et j ai scanner  maintenant je suis rendu a faire l analyse avec malwarebytes
aussitot que c est fin je reviens te montrer ce que j ai fais.
p.s. j iamerais preciser que je suis pas tres caller avec les ordi et j apprecie beaucoup ton aide

sofi@ne · Answer

Pas de probleme tu vas apprendre nous somme la pour ça :-)

kaleenna · Answer

j ai encore des pages blanche qui ouvre seul j ai toute fais ce que tu ma dit sofi@ne e tle probleme perciste
 voici le dernier hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:41, on 2008-08-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userints.exe,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: deskperf32 - C:\WINDOWS\SYSTEM32\deskperf32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxcy_device -   - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

sofi@ne · Answer

Ton rapport est sain alore fait ce qui suit
desactive tes protection anti virus
telecharge smitfraudfix_2.336 et combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et fait un scan kon tu  utilisera combofix c normale si les icon et l'arrier plan dispare

kaleenna · Answer

Bonjour, voila j ai fais l analyse avec Combofix et voici le resultat et j ai toujours des pages blanche qui ouvre seule ComboFix 08-08-17.03 - Redg et Dodo 2008-08-18 9:03:31.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.218 [GMT -4:00] Endroit: C:\Documents and Settings\Redg et Dodo\Mes documents\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Redg et Dodo\UserData C:\Documents and Settings\Redg et Dodo\UserData\3HF70KGD\advstNetId[1].xml C:\Documents and Settings\Redg et Dodo\UserData\BMXUYZY8\Tdy58[1].xml C:\Documents and Settings\Redg et Dodo\UserData\BMXUYZY8\Tdy58[2].xml C:\Documents and Settings\Redg et Dodo\UserData\index.dat C:\Documents and Settings\Redg et Dodo\UserData\PGYISQEP\oWindowsUpdate[1].xml C:\Documents and Settings\Redg et Dodo\UserData\RUF2VBQG\oWindowsUpdate[1].xml C:\WINDOWS\308.exe C:\WINDOWS\system32\AJiPYcfe.ini C:\WINDOWS\system32\AJiPYcfe.ini2 C:\WINDOWS\system32\chtbuxkn.ini C:\WINDOWS\system32\DgPVCfhk.ini C:\WINDOWS\system32\DgPVCfhk.ini2 C:\WINDOWS\system32\KkmTuvut.ini C:\WINDOWS\system32\KkmTuvut.ini2 C:\WINDOWS\system32\kononaby.ini C:\WINDOWS\system32\MSCdNnmp.ini C:\WINDOWS\system32\MSCdNnmp.ini2 C:\WINDOWS\system32 efhctuv.ini C:\WINDOWS\system32 exgpahd.ini C:\WINDOWS\system32\pVDKnUvw.ini C:\WINDOWS\system32\pVDKnUvw.ini2 C:\WINDOWS\system32\pwfkravk.ini C:\WINDOWS\system32\QWGQsBeg.ini C:\WINDOWS\system32\QWGQsBeg.ini2 C:\WINDOWS\system32 getbhjp.ini C:\WINDOWS\system32\vkrmwuhk.ini C:\WINDOWS\system32\xiquhwnr.ini C:\WINDOWS\system32\xjvlxedi.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))))))) . 2008-08-18 06:37 . 2008-08-10 18:06 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-08-18 01:31 . 2008-08-18 05:38 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-15 03:11 . 2007-07-09 09:11 584,192 -----c--- C:\WINDOWS\system32\dllcache pcrt4.dll 2008-08-15 02:23 . 2008-05-01 10:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-15 01:50 . 2004-08-19 19:05 46,298 --a------ C:\WINDOWS\system32\ieuinit.inf 2008-08-15 01:50 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig 2008-08-15 01:50 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat 2008-08-15 00:46 . 2004-08-19 19:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2008-08-15 00:46 . 2004-08-19 19:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-08-14 23:35 . 2008-08-14 23:35 d-------- C:\Program Files\SystemRequirementsLab 2008-08-14 23:07 . 2008-08-15 02:25 d-------- C: emporaire 2008-08-14 23:07 . 2008-08-14 23:07 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-14 22:37 . 2008-08-14 22:37 d-------- C:\NVIDIA 2008-08-14 22:00 . 2008-08-14 22:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-14 21:59 . 2008-08-14 21:59 d-------- C:\Program Files\Zone Labs 2008-08-14 21:57 . 2008-08-18 07:36 d-------- C:\WINDOWS\Internet Logs 2008-08-12 22:27 . 2008-08-17 22:43 d-------- C:\Documents and Settings\Redg et Dodo\Application Data\OpenOffice.org2 2008-08-11 12:25 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-08-11 12:25 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-08-11 12:25 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-08-11 12:25 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-08-11 12:25 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-08-11 12:25 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-08-11 12:25 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-08-11 12:25 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-08-10 20:54 . 2008-08-16 22:36 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-10 19:48 . 2008-08-15 00:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-10 19:34 . 2008-08-10 19:34 d-------- C:\Documents and Settings\Redg et Dodo\Application Data\Nero 2008-08-10 19:31 . 2008-08-10 19:31 d-------- C:\Program Files\Nero 2008-08-10 19:31 . 2008-08-10 19:33 d-------- C:\Program Files\Fichiers communs\Nero 2008-08-10 19:31 . 2008-08-10 19:31 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-08-10 18:06 . 2008-08-10 18:06 d-------- C:\Program Files\AskTBar 2008-08-09 15:52 . 2008-08-09 15:52 d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$ 2008-08-09 15:17 . 2008-08-09 15:17 d-------- C:\Program Files\OpenOffice.org 2.4 2008-08-09 14:47 . 2008-08-09 14:47 d-------- C:\Program Files\DVD Shrink 2008-08-09 14:47 . 2008-08-09 14:47 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-08-09 04:33 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-09 02:11 . 2008-08-09 02:11 d-------- C:\fsaua.data 2008-08-09 01:26 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-08-09 01:14 . 2003-04-24 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-09 01:13 . 2001-08-23 17:47 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2008-08-09 01:11 . 2004-08-19 19:09 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2008-08-09 01:10 . 2008-04-11 14:51 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll 2008-08-09 01:10 . 2004-08-19 19:09 281,600 --a------ C:\WINDOWS\system32\mstask.dll 2008-08-09 01:10 . 2004-08-19 19:09 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2008-08-09 01:10 . 2004-08-19 19:09 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll 2008-08-09 01:10 . 2004-08-19 19:09 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2008-08-09 01:10 . 2004-08-19 19:09 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2008-08-09 01:06 . 2004-08-04 02:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2008-08-09 01:06 . 2006-06-14 04:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-08-09 01:05 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-09 01:05 . 2004-08-04 01:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-09 01:04 . 2004-08-04 02:07 59,264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys 2008-08-09 01:04 . 2004-08-19 19:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-08-09 01:03 . 2004-08-19 18:54 58,496 --a------ C:\WINDOWS\system32\drivers edbook.sys 2008-08-09 01:01 . 2004-08-19 19:10 40,840 --a------ C:\WINDOWS\system32\drivers ermdd.sys 2008-08-05 13:38 . 2008-08-13 22:03 d-------- C:\Program Files\StuffPlug3 2008-07-24 10:10 . 2008-07-24 12:26 d-------- C:\Program Files\Norton Security Scan 2008-07-23 13:20 . 2008-07-23 13:20 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-07-21 22:49 . 2008-07-21 22:49 268 --ah----- C:\sqmdata04.sqm 2008-07-21 22:49 . 2008-07-21 22:49 244 --ah----- C:\sqmnoopt04.sqm 2008-07-19 10:29 . 2008-07-19 10:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-07-18 14:39 . 2008-07-18 14:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR 2008-07-18 11:17 . 2008-07-18 11:19 d-------- C:\Program Files\Fichiers communs\Adobe 2008-07-18 11:14 . 2008-07-19 10:51 d-------- C:\Documents and Settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 13:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-18 11:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-18 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-18 11:12 --------- d-----w C:\Program Files\Google 2008-08-18 10:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-18 05:40 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\LimeWire 2008-08-18 01:54 1,499,136 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-08-17 22:08 --------- d-----w C:\Program Files\lx_cats 2008-08-17 21:46 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\FaxCtr 2008-08-17 19:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-15 05:14 1,359,360 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-08-15 03:07 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-15 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-05 17:51 --------- d-----w C:\Program Files\WordBiz 2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-25 00:58 --------- d-----w C:\Program Files\LimeWire 2008-07-23 22:03 --------- d-----w C:\Program Files\Java 2008-07-23 05:00 --------- d-----w C:\Program Files\Slingo Quest 2008-07-20 17:06 --------- d-----w C:\Program Files\around the world in 80 days 2008-07-17 06:22 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-07-16 10:19 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\GameHouse 2008-07-16 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data 7-89-o9-3r-4t-r9 2008-07-16 07:40 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\Mysteryville2 2008-07-16 07:33 --------- d-----w C:\Program Files\Mysteryville 2 2008-07-16 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games 2008-07-16 06:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear 2008-07-16 01:21 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\funkitron 2008-07-16 01:20 --------- d-----w C:\Program Files\slingo 2008-07-15 08:33 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\Zylom 2008-07-15 07:06 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\.wyzo 2008-07-15 00:31 --------- d-----w C:\Program Files\Lexmark Toolbar 2008-07-15 00:28 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2008-07-15 00:28 --------- d-----w C:\Program Files\Lexmark 3400 Series 2008-07-15 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr 2008-07-15 00:26 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-07-11 14:58 --------- d-----w C:\Program Files\AnalogX 2008-07-10 02:51 --------- d-----w C:\Program Files\MSXML 4.0 2008-07-10 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-07-10 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard 2008-07-10 01:18 --------- d-----w C:\Program Files\Fichiers communs\iS3 2008-07-09 23:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-07-09 22:45 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\Malwarebytes 2008-07-09 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-09 13:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-09 13:05 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll 2008-07-09 13:05 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll 2008-07-09 13:05 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-07-09 13:05 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-07-09 13:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-09 02:47 --------- d-----w C:\Program Files\Trend Micro 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2008-07-05 04:07 --------- d-----w C:\Program Files\Logitech 2008-07-05 04:07 --------- d-----w C:\Program Files\Fichiers communs\FotoWire 2008-07-05 04:07 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\FotoWire 2008-07-05 04:01 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-07-04 08:58 --------- d-----w C:\Program Files\Norton Internet Security 2008-07-04 08:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-04 08:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-04 08:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-04 08:48 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-04 08:48 --------- d-----w C:\Program Files\Symantec 2008-07-03 23:06 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\Symantec 2008-07-03 23:00 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-03 01:39 --------- d-----w C:\Program Files\CCleaner 2008-07-03 01:38 --------- d-----w C:\Program Files\Yahoo! 2008-07-02 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-07-02 04:42 --------- d-----w C:\Program Files\Gamenext 2008-07-02 04:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-01 04:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY 2008-07-01 04:46 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared 2008-07-01 03:00 192,512 ----a-w C:\WINDOWS\off-road-uninst.exe 2008-06-30 01:30 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\Flood Light Games 2008-06-30 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-06-28 18:19 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-06-28 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-06-27 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games 2008-06-27 17:51 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\eGames 2008-06-27 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\eGames 2008-06-27 16:46 --------- d-----w C:\Documents and Settings\Redg et Dodo\Application Data\PlayFirst 2008-06-27 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-06-27 04:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Legacy Interactive 2008-06-26 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-06-26 20:54 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-06-26 19:30 --------- d-----w C:\Program Files\Ghost Navigator2_8_2 2008-06-26 16:55 --------- d-----w C:\Program Files\UbiSoft 2008-06-26 02:17 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-06-24 20:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 07:32 --------- d-----w C:\Program Files orpark 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 12:41 --------- d-----w C:\Program Files\Windows Live 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-13 18:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-06-13 18:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll . ------- Sigcheck ------- 2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys 2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys 2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-18 01:31 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 12:02 286720] "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 01:10 98304] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 04:11 290816] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 14:38 65536] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472] "SoundMan"="SOUNDMAN.EXE" [2003-11-13 06:23 62464 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32 wiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360] "NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 14:19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\deskperf32] 2004-07-17 04:25 11776 C:\WINDOWS\system32\deskperf32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.enc"= ITIG726.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "2874:TCP"= 2874:TCP:messenger "3616:TCP"= 3616:TCP:messenger "3648:TCP"= 3648:TCP:messenger "8872:TCP"= 8872:TCP:messenger "1416:TCP"= 1416:TCP:messenger "8568:TCP"= 8568:TCP:messenger "7368:TCP"= 7368:TCP:messenger "2246:TCP"= 2246:TCP:messenger R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42] R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 15:23] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 01:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 02:08] S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-01 00:46] S4 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-05 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Redg et Dodo.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 13:19] 2008-08-18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ZylomGamesPlayer.inf C:\WINDOWS\Downloaded Program Files\CONFLICT.2\zylomgamesplayer.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 09:07:24 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-18 9:09:28 ComboFix-quarantined-files.txt 2008-08-18 13:09:24 Pre-Run: 65,328,431,104 octets libres Post-Run: 65,288,708,096 octets libres 319 --- E O F --- 2008-08-17 18:24:40

sofi@ne · Answer

combofix et clean fait un scan smitfraudfix_2.336 et spybot - Search & Destroy si non la drenier chose a fair c de telecharger ce programme il arrete les pop up et les fenetre qui tu gene  Pop-Up Stopper Free
 http://www.panicware.com/  
desole mais je fait de mon mieux 
cordialement
sofi@ne

sofi@ne · Answer

kaleenna suit ce qui ce passe ici si ton probleme perciste http://www.commentcamarche.net/forum/affich 7955244 fenetres intempestives

Hadrienen · Answer

Salut, quel est ton Antivirus?

kaleenna · Answer

j avais norton2008 et je les enlever pour installer avast pourquoi mon antivirus n est pas bon?
ou si tu as mieux dit le moi

Hadrienen · Answer

Sur ton rapport, je ne vois que du Norton...pas d'avast...

alors tu vas faire 2 chose de l'une :

1)voici pour désinstaller proprement et complètement et SIMPLEMENT norton . 
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_­Removal_Tool.exe

Redémarre

2)Pour désinstaller Avast telecharge cet outil 

https://www.avast.com/fr-fr/uninstall-utility 

Redémarre


3)Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->https://www.01net.com/ 

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/ 
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

kaleenna · Answer

et les page blanche vont arreter de souvrir seul
en changant d anti-virus

Hadrienen · Answer

On verra par la suite, on annalysera tout comme il faut.

kaleenna · Answer

ok mais la je commence a grrrrrrrrrrrrrr car juste a vouloir te repondre j ai 30 pages qui ont ouvert
je vais essayer se que tu ma dit et je te reviens apres.

Hadrienen · Answer

d'ac.

kaleenna · Answer

je  ai presque fini d installer l antivirus que tu ma conseiller apres je fais une analyse ?

Hadrienen · Answer

heu oui STP analyse avec Antivir

Après je te dirai quoi faire.

kaleenna · Answer

voila l analyse es t terminée je t envoie le rapport





Avira AntiVir Personal
Report file date: 18 août 2008  11:50

Scanning for 1562121 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    SALON-MVNX7FXUF

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes  12/08/2008 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  26/06/2008 14:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 13:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 18:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 13:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 16:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 19:54:15
ANTIVIR2.VDF  : 7.0.6.10     2587136 Bytes  14/08/2008 15:42:24
ANTIVIR3.VDF  : 7.0.6.30      146944 Bytes  18/08/2008 15:42:25
Engineversion : 8.1.1.19  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  09/07/2008 14:46:50
AESCRIPT.DLL  : 8.1.0.63      311673 Bytes  18/08/2008 15:42:32
AESCN.DLL     : 8.1.0.23      119156 Bytes  18/08/2008 15:42:32
AERDL.DLL     : 8.1.0.20      418165 Bytes  09/07/2008 14:46:50
AEPACK.DLL    : 8.1.2.1       364917 Bytes  18/08/2008 15:42:31
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes  18/08/2008 15:42:30
AEHEUR.DLL    : 8.1.0.47     1368437 Bytes  18/08/2008 15:42:30
AEHELP.DLL    : 8.1.0.15      115063 Bytes  09/07/2008 14:46:50
AEGEN.DLL     : 8.1.0.35      315764 Bytes  18/08/2008 15:42:28
AEEMU.DLL     : 8.1.0.7       430452 Bytes  18/08/2008 15:42:27
AECORE.DLL    : 8.1.1.8       172406 Bytes  18/08/2008 15:42:26
AEBB.DLL      : 8.1.0.1        53617 Bytes  24/04/2008 14:50:42
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 14:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 15:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes  18/08/2008 15:42:26
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 17:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 14:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 18:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 23:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 18:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 18:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 19:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 18 août 2008  11:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'lxcycoms.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcymon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ARK5.tmp
      [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [WARNING]   An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]   The file could not be deleted!
    [NOTE]      Attempting to perform action using the ARK lib.
    [NOTE]      The file was moved to '4ac25a6a.qua'!
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\AcesSquare\fr-FR\acessquare.1.0.1.fr-FR.cab
    [0] Archive type: CAB (Microsoft)
    --> fmod.dll
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\BigIslandBlends\fr-FR\bigislandblends.1.0.0.fr-FR.cab
    [0] Archive type: CAB (Microsoft)
    --> BigIslandBlends.dll
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080818-070055-729.dll
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE]      The file was moved to '490c9e47.qua'!
C:\QooBox\Quarantine\C\WINDOWS\308.exe.vir
    [DETECTION] Is the TR/Agent.8192.292 Trojan
    [NOTE]      The file was moved to '48e19e38.qua'!
C:\System Volume Information\_restore{30036372-E149-43DF-BD73-D8801AC66423}\RP2\A0000009.exe
    [DETECTION] Is the TR/Agent.8192.292 Trojan
    [NOTE]      The file was moved to '48d99e41.qua'!
C:\System Volume Information\_restore{30036372-E149-43DF-BD73-D8801AC66423}\RP6\A0003350.dll
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE]      The file was moved to '48d99e87.qua'!


End of the scan: 18 août 2008  12:20
Used time: 29:54 Minute(s)

The scan has been done completely.

   4988 Scanning directories
 287624 Files were scanned
      5 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      5 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 287618 Files not concerned
   3811 Archives were scanned
      5 Warnings
      5 Notes

Hadrienen · Answer

Supprime tout ce que tu as trouvé. (dans quarantaine)


Télécharge maintenant Navilog1 depuis-ce lien : 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, DoubleClic-droit sur le raccourci Navilog1 présent sur ton bureau 

Au menu principal, Fais le choix 1 
Laisse toi guider et patiente. 
Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche le blocnote va s'ouvrir. 
Copie-colle l'intégralité du rapport dans une réponse. 
Referme le blocnote 
Le rapport fixnavi.txt est en outre sauvegardé a la racine du disque 

Tuto : http://www.malekal.com/Adware.Magic_Control.php

kaleenna · Answer

ok je le fais toute suite

kaleenna · Answer

voila le rapport du navilog


Search Navipromo version 3.6.4 commencé le 2008-08-18 à 12:48:19,03

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Redg et Dodo" 

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Redg et Dodo\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Redg et Dodo\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Redg et Dodo\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Redg et Dodo\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Redg et Dodo\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-08-18 à 12:51:57,18 ***

kaleenna · Answer

Hadrienen27 je vais revenir plus car la je suis fatigué et si tu me mais une solution je vais l essayer tantot
je te remercie pour tout ce que tu a fais je vous trouve sympa et patient avec nous  je vous leve mon chapeau et continuer votre beau travail

Hadrienen · Answer

Les pages blanches continues?

Installe IE 7

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

Redémarre l'ordi.


peux tu me faire un rapport HijackThis stp?

kaleenna · Answer

n me revoila et j ai encore des pages blanche qui ouvre seule.
voici mon rapport hajackthis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:21, on 2008-08-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: deskperf32 - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcy_device -   - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\System32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hadrienen · Answer

Suis mon post d'avant STP

Page qui ouvre seul - Page 2

Discussions similaires

Newsletters