Warning, spyware detected on your computer !

cartouches27 Messages postés 30 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Depuis plusieurs semaines j'ai des messages qui s'affichent sur mon pc : " your computer is infected, windows has detected spyware infection ! ... click here to protect your computer from spyware ! et normalement ça installe xp security center.

Mais maintenant j'ai un message en fond d'écran avec " warning, spyware detected on your computer ! ".

Je ne suis pas très calé en informatique, pourriez-vous m'aider à nettoyer tout ça ?

Merci.
Configuration: Windows XP
Internet Explorer 6.0

14 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    c'est pas gagné pour quoi ton windows n'est pas a jour???? il faut avoir le sp2

    bon il y a du boulot!!!

    1/ installe un parefeu:
    KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    zonealarm

    2/
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    3/ vire ad aware qui est depassé surtout que tu as la version de l'année derniere.. et
    colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    4/ installe un antivirus : antivir et colle le rapport

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    5/ mets a jour java:
    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    6: remets un rapport hijackhtis
    1
  2. ~Slash~ Messages postés 128 Date d'inscription   Statut Membre Dernière intervention   33
     
    Salut,
    pour moi ce sont les logiciels que j utilise et tou marche tres bien:
    1) telecharge Spybot Search&Destroy https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
    2) Installe le et met le a jour.
    3) Tu as quoi comme antivirus ??????
    4) Utilise aussi CCleaner, ce n est pas en rapport direct avec les spyware mais sa aide a garde ton ordinateur en bonne sante : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    5) Utilise au minimum un deuxieme anti-spyware :
    http://www.infos-du-net.com/telecharger/Ad-Aware,0301-9812.html
    6) Met tout a jour.

    Tu devrait plus trop avoir de probleme maintenant :).

    PS: prend aussi un bon firewall.
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/(...)

    manuel :
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    __________________

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Télécharger sur le bureau
    Navilog.zip
    = Double-Clic navilog1.zip
    = Extraire tout sur le bureau
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1

    un rapport : fixnavi.txt dans C : va se creer
    le copier/coller dans ton prochain message.
    0
  4. cartouches27 Messages postés 30 Statut Membre
     
    En attendant vos manipulations, voici un rapport d'un scan rapide a squared :

    Version - a-squared Free 3.5
    Dernière mise à jour : 20/08/2008 10:49:38

    Paramètres des balayages :

    Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
    Balaye dans les archives : Marche
    Analyse heuristique : Marche
    Balaye dans les ADS : Marche

    Début du balayage : 21/08/2008 17:18:37

    [1736] C:\WINDOWS\System32\aspimgr.exe Objets détectés : Backdoor.Win32.Agent.ktm
    C:\Documents and Settings\Nourdine\Cookies\nourdine@adserver.bluestar-interactive[2].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@adtech[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@advertising[2].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@atdmt[2].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@commentcamarche[2].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@metriweb[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@smartadserver[1].txt Objets détectés : Trace.TrackingCookie
    C:\Documents and Settings\Nourdine\Cookies\nourdine@weborama[1].txt Objets détectés : Trace.TrackingCookie
    C:\WINDOWS\karina.dat Objets détectés : Backdoor.Win32.Small.eug
    C:\WINDOWS\system32\aspimgr.exe Objets détectés : Backdoor.Win32.Agent.ktm
    C:\WINDOWS\system32\karina.dat Objets détectés : Backdoor.Win32.Small.eug
    C:\WINDOWS\system32\winivstr.exe Objets détectés : Riskware.FraudTool.Win32.XPSecurityCenter.p

    Analysé

    Fichiers : 65495
    Traces : 430921
    Cookies : 340
    Processus : 37

    Objets trouvés

    Fichiers : 4
    Traces : 0
    Cookies : 8
    Processus : 1
    Clés de Registre : 0

    Fin du balayage : 21/08/2008 17:35:11
    Temps du balayage : 0:16:34
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cartouches27 Messages postés 30 Statut Membre
     
    Je n'arrive pas installer hijackthis ainsi que navilog !
    0
  7. cartouches27 Messages postés 30 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 18:05:55, on 21/08/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\System32\aspimgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\APPS\OD2\OD2DLEngine.exe
    C:\APPS\OD2\OD2State.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\braviax.exe
    C:\WINDOWS\System32\lphcp9aj0ep6n.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Nourdine\Bureau\hijack this\eden.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
    R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe
    O4 - HKLM\..\Run: [lphcp9aj0ep6n] C:\WINDOWS\System32\lphcp9aj0ep6n.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: *.od2.com
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\karina.dat
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service de transfert intelligent en arrière-plan BITSMSIServer (BITSMSIServer) - Unknown owner - C:\WINDOWS\System32\1042d.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Connexions réseau NetmanERSvc (NetmanERSvc) - Unknown owner - C:\WINDOWS\System32\actxprxyk.exe (file missing)
    O23 - Service: Connexion secondaire seclogonUPS (seclogonUPS) - Unknown owner - C:\WINDOWS\System32\adsnty.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNaawservice (WmdmPmSNaawservice) - Unknown owner - C:\WINDOWS\System32\1042h.exe (file missing)
    0
  8. cartouches27 Messages postés 30 Statut Membre
     
    Pour l'installation de navilog, j'ai un ecran bleu avec le message suivant :

    paths incorrect fix interrompus !!!
    0
  9. cartouches27 Messages postés 30 Statut Membre
     
    [b]SDFix: Version 1.218 [/b]
    Run by Nourdine on 21/08/2008 at 19:20

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\Nourdine\Bureau\SDFix

    [b]Checking Services [/b]:

    [b]Name [/b]:
    aspimgr

    [b]Path [/b]:
    C:\WINDOWS\System32\aspimgr.exe

    aspimgr - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default ScreenSaver value
    Resetting AppInit_DLLs value

    Rebooting

    [b]Infected beep.sys Found![/b]

    beep.sys File Locations:

    "C:\WINDOWS\system32\dllcache\beep.sys" 27136 13/08/2008 00:05
    "C:\WINDOWS\system32\drivers\beep.sys" 27136 13/08/2008 00:05

    Infected File Listed Below:

    C:\WINDOWS\system32\dllcache\beep.sys
    C:\WINDOWS\system32\drivers\beep.sys

    File copied to Backups Folder
    Attempting to replace beep.sys with original version

    Original beep.sys Restored

    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 07/08/2008 16:27
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 07/08/2008 16:27

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\lphcp9aj0ep6n.exe - Deleted
    C:\WINDOWS\system32\blphcp9aj0ep6n.scr - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt10.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt11.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt12.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt14.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt15.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt16.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt17.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt19.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1B.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt2.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt3.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt4.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt5.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt6.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt7.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt8.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt9.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttA.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttB.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttC.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttD.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttF.tmp - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttB.tmp.vbs - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\.ttD.tmp.vbs - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries1.zip - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries2.zip - Deleted
    C:\DOCUME~1\Nourdine\LOCALS~1\Temp\Binaries3.zip - Deleted
    C:\WINDOWS\braviax.exe - Deleted
    C:\WINDOWS\buritos.exe - Deleted
    C:\WINDOWS\karina.dat - Deleted
    C:\WINDOWS\s32.txt - Deleted
    C:\WINDOWS\system32\aspimgr.exe - Deleted
    C:\WINDOWS\system32\braviax.exe - Deleted
    C:\WINDOWS\system32\buritos.exe - Deleted
    C:\WINDOWS\system32\delself.bat - Deleted
    C:\WINDOWS\system32\karina.dat - Deleted
    C:\WINDOWS\system32\winivstr.exe - Deleted
    C:\WINDOWS\ws386.ini - Deleted

    Folder C:\Documents and Settings\Nourdine\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    C:\WINDOWS
    :sarg0s.sys 116224
    Total size: 116224 bytes.
    WINDOWS: deleted 116224 bytes in 1 streams.

    Checking for remaining Streams

    C:\WINDOWS
    No streams found.

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 19:28:09
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\Nourdine\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Tue 24 Jul 2007 193 A.SHR --- "C:\BOOT.BAK"
    Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Fri 27 Jun 2008 20,480 A.SH. --- "C:\WINDOWS\system32\1036t.dll"
    Fri 27 Jun 2008 41,984 ..SHR --- "C:\WINDOWS\system32\1042d.exe"
    Wed 2 Feb 2000 36,864 ..SHR --- "C:\WINDOWS\system32\soni32drv.dll"
    Sun 20 Jan 2008 48,128 ...H. --- "C:\Documents and Settings\Nourdine\Bureau\Taxi1\~WRL0403.tmp"
    Sun 20 Jan 2008 48,128 ...H. --- "C:\Documents and Settings\Nourdine\Bureau\Taxi1\~WRL0777.tmp"
    Fri 12 Mar 2004 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

    [b]Finished![/b]
    0
  10. cartouches27 Messages postés 30 Statut Membre
     
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1076
    Windows 5.1.2600 Service Pack 1

    19:58:28 21/08/2008
    mbam-log-08-21-2008 (19-58-19).txt

    Type de recherche: Examen rapide
    Eléments examinés: 46690
    Temps écoulé: 4 minute(s), 10 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\1036t.dll (Trojan.FakeAlert) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\1036t.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\1042d.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Nourdine\Local Settings\Temporary Internet Files\Content.IE5\GX2FWT6R\Install[1].exe (Rogue.Installer) -> No action taken.
    C:\WINDOWS\system32\phcp9aj0ep6n.bmp (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Nourdine\Local Settings\Temporary Internet Files\oxapa.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\sbl.sys (Trojan.Agent) -> No action taken.
    0
  11. cartouches27
     
    Avira AntiVir Personal
    Report file date: jeudi 21 août 2008 20:28

    Scanning for 1369550 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 1) [5.1.2600]
    Boot mode: Normally booted
    Username: Nourdine
    Computer name: SN202685270000

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
    ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
    Engineversion : 8.1.1.19
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, A:, F:, G:, H:, I:, D:, E:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 21 août 2008 20:28

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'OD2State.exe' - '1' Module(s) have been scanned
    Scan process 'OD2DLEngine.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
    Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    37 processes with 37 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!
    Boot sector 'F:\'
    [INFO] In the drive 'F:\' no data medium is inserted!
    Boot sector 'G:\'
    [INFO] In the drive 'G:\' no data medium is inserted!
    Boot sector 'H:\'
    [INFO] In the drive 'H:\' no data medium is inserted!
    Boot sector 'I:\'
    [INFO] In the drive 'I:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '61' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Nourdine\Bureau\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/.tt1.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    --> backups/.tt2.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    --> backups/.tt4.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    --> backups/.tt7.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    --> backups/.ttB.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    --> backups/.ttD.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    --> backups/aspimgr.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
    --> backups/beep.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    --> backups/braviax.exe
    [DETECTION] Is the TR/Dldr.JKDM.6 Trojan
    --> backups/buritos.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> backups/karina.dat
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> backups/movedfile.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    --> backups/winivstr.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE] The file was moved to '4910b781.qua'!
    C:\Documents and Settings\Nourdine\Bureau\SDFix\backups\catchme.zip
    [0] Archive type: ZIP
    --> beep.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    --> beep.sys.1
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was moved to '4921b785.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000004.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was moved to '48ddb9cb.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000007.exe
    [DETECTION] Is the TR/Dldr.JKDM.6 Trojan
    [NOTE] The file was moved to '48ddb9cf.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000008.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48ddb9d2.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000009.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
    [NOTE] The file was moved to '48ddb9d4.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000010.exe
    [DETECTION] Is the TR/Dldr.JKDM.6 Trojan
    [NOTE] The file was moved to '48ddb9d5.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000011.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48ddb9d7.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000013.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE] The file was moved to '48ddb9d9.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000021.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ddb9de.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000022.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ddb9e0.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000023.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ddb9e1.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000024.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ddb9e3.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000025.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ddb9e5.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000026.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ddb9e7.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000027.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.ktm back-door program
    [NOTE] The file was moved to '48ddb9e9.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000028.sys
    [DETECTION] Is the TR/Rootkit.Gen Trojan
    [NOTE] The file was moved to '48ddb9ec.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000030.exe
    [DETECTION] Is the TR/Dldr.JKDM.6 Trojan
    [NOTE] The file was moved to '48ddb9ee.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000031.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48ddb9f0.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP0\A0000036.exe
    [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE] The file was moved to '48ddb9f1.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1\A0000121.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48ddb9f6.qua'!
    C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP1\A0000122.exe
    [DETECTION] Is the TR/Drop.Softomat.AN Trojan
    [NOTE] The file was moved to '48ddb9f8.qua'!
    C:\WINDOWS\brasd32.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '490eba40.qua'!
    C:\WINDOWS\vroksdd.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491cba45.qua'!
    C:\WINDOWS\~tmp2064.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
    [NOTE] The file was moved to '491aba4d.qua'!
    C:\WINDOWS\system32\soni32drv.dll
    [DETECTION] Is the TR/PSW.OnlineGames.arqb Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b430200.qua'!
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    System error [21]: Le périphérique n'est pas prêt.

    End of the scan: jeudi 21 août 2008 20:59
    Used time: 30:56 Minute(s)

    The scan has been done completely.

    4545 Scanning directories
    254244 Files were scanned
    39 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    26 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    254203 Files not concerned
    8253 Archives were scanned
    7 Warnings
    26 Notes
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as viré ce qui a été trouvé par malwarebyte????

    __________
    Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!

    __________
    recolle un hijackhtis

    a plyus
    0
  13. cartouches27
     
    Merci beaucoup jlpjlp pour ton aide; grâce à tes conseils, je n'ai plus les messages d'erreurs, ni le fond d'ecran.
    Encore merci et continue comme ça.

    Voici un scan hijack :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:30:16, on 21/08/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\APPS\OD2\OD2DLEngine.exe
    C:\APPS\OD2\OD2State.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
    R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: *.od2.com
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service de transfert intelligent en arrière-plan BITSMSIServer (BITSMSIServer) - Unknown owner - C:\WINDOWS\System32\1042d.exe (file missing)
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Connexions réseau NetmanERSvc (NetmanERSvc) - Unknown owner - C:\WINDOWS\System32\actxprxyk.exe (file missing)
    O23 - Service: Connexion secondaire seclogonUPS (seclogonUPS) - Unknown owner - C:\WINDOWS\System32\adsnty.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNaawservice (WmdmPmSNaawservice) - Unknown owner - C:\WINDOWS\System32\1042h.exe (file missing)
    0
  14. cartouches27
     
    Non je n'ai pas viré les virus de malwaebyte, je les ai mis en quarantaine; dois-je les virés ?
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vie ce qui est dans le dossier backup en allant dans poste de travail puis

    C:\Documents and Settings\Nourdine\Bureau\SDFix\backups

    _______________________

    ton windows est legal: ? si oui mets a jour windows: DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE et installe le SP2

    sinon mets absolument un des parefeufeu proposés
    _______________________

    vire ce qui est en quarantaine dans antivir, et malwarebyte antimalware

    ______________________

    mets a jour java:

    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
    ______________________

    recolles un nouveau hijackhtis
    0