Bagle, sans doute ;) Résolu

Question

Bonjour,
 voila j'ai un problème lié à la sécurité de mon pc,il m'est impossible d'activermon windefender ainsi que mon pare feu et tous ce qui est du domaine de protection.Lorsque j'essaie d'activer windefender j ai un bref message d erreur qui disparait quasi instantanement, impossible d'activer spyboot, ccleaner,avastet d'installer un logiciel de verification (accé refusé) ect...
J ai donc besoin de votre aide merci

Utilisateur anonyme · Answer

Salut,

Telecharge FindyKill

Fais un clic droit sur le lien, enregister sous .....sur le bureau

---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.rar

Dezippe le sur le bureau

Entre dans le dossier FindyKill 

double clic sur FindyKill.exe

choisi l option 1 (recherche)

un rapport va s ouvrir, post le dans ta prochaine réponse stp

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

tylooo1 · Answer

Bonjour, voila le rapport findykill

 
               ** Rapport FindyKill ** 
 
 
+-  Presence des fichiers dans C: 
 
 
+-  Presence des fichiers dans C:\Windows\Prefetch 
 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Present!! 
C:\Windows\Prefetch\MDELK.EXE-????????.pf Present!! 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Present!! 
 
+-  Presence des fichiers dans C:\Windows\system32 
 
C:\Windows\system32\mdelk.exe Present!! 
C:\Windows\system32\wintems.exe Present!! 
C:\Windows\system32\ban_list.txt Present!! 
 
+-  Presence des fichiers dans C:\Windows\system32\drivers 
 
C:\Windows\system32\drivers\mdelk.exe Present!! 
C:\Windows\system32\drivers\srosa.sys Present!! 
C:\Windows\system32\drivers\hldrrr.exe Present!! 
C:\Windows\system32\drivers\downld Present!! 
 
+-  Presence des fichiers dans C:\Users\Cyrille\AppData\Roaming 
 
C:\Users\Cyrille\AppData\Roaming\m\flec006.exe Present!! 
C:\Users\Cyrille\AppData\Roaming\m\list.oct Present!! 
C:\Users\Cyrille\AppData\Roaming\m\data.oct Present!! 
C:\Users\Cyrille\AppData\Roaming\m\srvlist.oct Present!! 
C:\Users\Cyrille\AppData\Roaming\m\shared Present!! 
C:\Users\Cyrille\AppData\Roaming\m Present!! 


+-  Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Defender    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    LogitechCommunicationsManager    REG_SZ    "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    LogitechQuickCamRibbon    REG_SZ    "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    StartCCC    REG_SZ    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    TrueImageMonitor.exe    REG_SZ    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    AcronisTimounterMonitor    REG_SZ    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    Acronis Scheduler2 Service    REG_SZ    "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    RemoteControl    REG_SZ    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    AVG8_TRAY    REG_SZ    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    avast!    REG_SZ    "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ehTray.exe    REG_SZ    C:\Windows\ehome\ehTray.exe
    ISUSPM Startup    REG_SZ    C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe -startup
    mceguuo    REG_SZ    "c:\users\cyrille\appdata\local\mceguuo.exe" mceguuo
    BitTorrent DNA    REG_SZ    "C:\Program Files\DNA\btdna.exe"
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CLSID


+-  Registre, recherche Srosa :


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    NextInstance    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    NextInstance    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x1
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\srosa.sys
    DisplayName    REG_SZ    Megadrv3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa\Enum

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x1
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\srosa.sys
    DisplayName    REG_SZ    Megadrv3


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x1
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\srosa.sys
    DisplayName    REG_SZ    Megadrv3

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa\Enum

HKEY_CURRENT_USER\Software\DateTime4
    uid    REG_SZ    93141896
    port    REG_DWORD    0x3ded
    wdrn    REG_DWORD    0x1


HKEY_CURRENT_USER\Software\FirtR
    Fir076syj0Run    REG_DWORD    0x1


HKEY_CURRENT_USER\Software\FirstRRRun
    First12Ru123n    REG_DWORD    0x1


HKEY_CURRENT_USER\Software\MuleAppData
    ListTime    REG_DWORD    0x1c
    FileTime    REG_DWORD    0x1c
    ServerTime    REG_DWORD    0x1c

 
 
     ! Recherche realisée avec success ! 
 
 
                                      Recherche executée le 28/08/2008 a 12:15:00,90 
 dans l'attente de reponses...

Utilisateur anonyme · Answer

réouvre findykill,

choisi cette fois ci l option 2 (suppression)

il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

un rapport va s ouvrir, post le dans ta prochaine réponse stp

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

tylooo1 · Answer

Voila le second rapport, merci de votre aide


 
 
 
     /!\..Des fichiers ont été supprimé au 1er redémarrage../!\ 
 
 
 
                	/!\..... NETTOYAGE ...../!\ 
 
 
 
 
 +-  Suppression des fichiers dans C: 
 
 
 +-  Suppression des fichiers dans C:\Windows\Prefetch 
 
Supprime ! de C:\Windows\Prefetch\MDELK.EXE-????????.pf 
Supprime ! de C:\Windows\Prefetch\FLEC006.EXE-????????.pf 
 
 +-  Suppression des fichiers dans C:\Windows\system32 
 
Supprime ! de C:\Windows\system32\mdelk.exe 
Supprime ! de C:\Windows\system32\wintems.exe 
Echec de la supression!! C:\Windows\system32\wintems.exe  
Supprime ! de C:\Windows\system32\ban_list.txt 
 
 +-  Suppression des fichiers dans C:\Windows\system32\drivers 
 
Supprime ! de C:\Windows\system32\drivers\srosa.sys 
Supprime ! de C:\Windows\system32\drivers\hldrrr.exe 
Echec de la supression!! C:\Windows\system32\drivers\hldrrr.exe  
Supprime ! de C:\Windows\system32\drivers\downld 
 
 +-  Suppression des fichiers dans C:\Users\Cyrille\AppData\Roaming 
 
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m\flec006.exe 
Echec de la supression!! C:\Users\Cyrille\AppData\Roaming\m\flec006.exe  
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m\list.oct 
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m\data.oct 
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m\srvlist.oct 
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m\shared

Utilisateur anonyme · Answer

tu as eu le message "nettoyage effectué" ?? 

le rapport n est pas complet ...

tylooo1 · Answer

Il me dit que le nettoyage et effectué, qu'il va ouvrir le rapport mais rien depuis 5 minutes,c'est normal?

Utilisateur anonyme · Answer

appuis sur entré .. et le rapport va s ouvrir

Utilisateur anonyme · Answer

sinon ferme la fentre 

ensuite va dans ordinateur
entre dans le disque C
post le rapport FindyKill.txt en entier stp

tylooo1 · Answer

** Rapport FindyKill ** 
 
 
 
     /!\..Des fichiers ont été supprimé au 1er redémarrage../!\ 
 
 
 
                	/!\..... NETTOYAGE ...../!\ 
 
 
 
 
 +-  Suppression des fichiers dans C: 
 
 
 +-  Suppression des fichiers dans C:\Windows\Prefetch 
 
 
 +-  Suppression des fichiers dans C:\Windows\system32 
 
Supprime ! de C:\Windows\system32\wintems.exe 
 
 +-  Suppression des fichiers dans C:\Windows\system32\drivers 
 
Supprime ! de C:\Windows\system32\drivers\hldrrr.exe 
 
 +-  Suppression des fichiers dans C:\Users\Cyrille\AppData\Roaming 
 
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m\flec006.exe 
Supprime ! de C:\Users\Cyrille\AppData\Roaming\m 
 
 +-  Suppression des clefs du registre.. 
 
 
 +-  Suppression des clefs du registre effectuée ! 
 
 
 
                  /!\..... vERIFICATION...../!\ 
 
 
 
 
 +-  Recherche des fichiers dans C: 
 
 
 +-  Recherche des fichiers dans C:\Windows\Prefetch 
 
 
 +-  Recherche des fichiers dans C:\Windows\system32 
 
 
 +-  Recherche des fichiers dans C:\Windows\system32\drivers 
 
 
 +-  Recherche des fichiers dans C:\Users\Cyrille\AppData\Roaming 
 
 
 
 +-  Affichage des dosiers cachés réparé 
 
 
 +-  Service de sécurité Windows redémarré 
 
 
        ! Nettoyage realisé avec succès ! 
 
 
					   Suppression executée le 28/08/2008 a 13:04:34,10

Utilisateur anonyme · Answer

ok parfait

Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

apres on fait le point sur le pc , regarde si ton antivirus est ok ou pas et dis moi

tylooo1 · Answer

Voila


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:28, on 28/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie	bsecu.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00BC28D1-8F23-451B-AB95-7D976C608277} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie	bsecu.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {61D1EA3E-A930-4BEB-B16B-D7212B5C5A4C} - (no file)
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie	bsecu.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4797] command /c del "C:\Users\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC863] cmd /c del "C:\Users\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6041] command /c del "C:\Users\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe -startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB8401] command /c del "C:\Users\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3974] cmd /c del "C:\Users\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7775] command /c del "C:\Users\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\Documents and Settings\Cyrille\Desktop\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC3A7D37-FB8A-4489-B41A-F3E0A7E8E038}: NameServer = 89.2.0.1,89.2.0.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O21 - SSODL: okmdepgb - {CF9E9AE5-8725-4630-977C-D8CCC4735B60} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

Utilisateur anonyme · Answer

ok


voila le suite :

1) désinstal spybot, tu le réinstallera apres désinfection 

2) instal un antivirus , je te conseil antivir , gratuit en anglais mais simple

Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59 

3) redémarre les services :

Démarrer >accesoire puis executer > tape : services.msc 

- double Clic sur le service cité - windows defender 


type de démarrge le mettre en automatique 
clic sur appliquer 
en haut a gauche clic sur demarrer le service 


idem pour parefeu windows, windows upadate et centre de securité

ensuite :


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 
Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

tylooo1 · Answer

Voila le rapport, c'etait pas trop long pour toi j'espère


Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.2093 [GMT 2:00]
Endroit: C:\Users\Cyrille\Downloads\ComboFix.exe
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Users\Cyrille\AppData\Local\mceguuo.dat
C:\Users\Cyrille\AppData\Local\mceguuo.exe
C:\Users\Cyrille\AppData\Local\mceguuo_nav.dat
C:\Users\Cyrille\AppData\Local\mceguuo_navps.dat
C:\Windows\eqbx.exe
C:\Windows\system32\aeeadae7_z.dll
C:\Windows\system32\bfbnsdpi.ini
C:\Windows\system32\fwcomgif.ini
C:\Windows\system32\gddgsxkd.ini
C:\Windows\system32\lirkwkmf.ini
C:\Windows\system32\olvhpmng.ini
C:\Windows\system32\rtl60.bpl
C:\Windows\system32\vnplpiey.ini
C:\Windows\system32\xxxnphmn.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-28 to 2008-08-28  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 12:07	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\DNA
2008-08-28 11:33	---------	d-----w	C:\ProgramData\Avira
2008-08-28 11:33	---------	d-----w	C:\Program Files\Avira
2008-08-28 11:28	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-28 11:27	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-08-28 11:22	---------	d-----w	C:\Program Files\Trend Micro
2008-08-28 05:32	---------	d-----w	C:\ProgramData\Google Updater
2008-08-28 00:52	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-28 00:47	---------	d-----w	C:\Program Files\Norton Security Scan
2008-08-28 00:44	---------	d-----w	C:\Program Files\Rockstar Games
2008-08-27 23:23	---------	d-----w	C:\ProgramData\Lavasoft
2008-08-26 19:30	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Azureus
2008-08-25 22:03	---------	d-----w	C:\Program Files\Microsoft Virtual PC
2008-08-25 22:01	---------	d-----w	C:\ProgramData\avg8
2008-08-25 21:57	---------	d-----w	C:\Program Files\eChanblard
2008-08-24 14:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-24 14:38	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\InstallShield
2008-08-23 10:07	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BitTorrent
2008-08-22 21:02	---------	d---a-w	C:\ProgramData\TEMP
2008-08-20 22:27	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-08-14 15:23	---------	d-----w	C:\Program Files\BitTorrent
2008-08-14 15:22	---------	d-----w	C:\Program Files\DNA
2008-08-13 10:01	---------	d-----w	C:\Program Files\Windows Mail
2008-08-13 08:47	---------	d-----w	C:\ProgramData\Microsoft Help
2008-08-11 20:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\PeerNetworking
2008-08-09 22:11	---------	d-----w	C:\ProgramData\Downloaded Installations
2008-08-09 09:07	---------	d-----w	C:\ProgramData\WindowsSearch
2008-08-09 00:02	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-08-07 22:55	---------	d-----w	C:\Program Files\Runtime Software
2008-08-07 19:26	---------	d-----w	C:\Program Files\Google
2008-08-06 11:56	---------	d-----w	C:\ProgramData\Media Center Programs
2008-08-05 10:30	---------	d-----w	C:\Program Files\CyberLink
2008-08-03 10:34	---------	d-----w	C:\Program Files\Ubisoft
2008-08-01 15:10	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-29 15:57	---------	d-----w	C:\Program Files\FTPExpert
2008-07-28 00:32	---------	d-----w	C:\Program Files\Common Files\AVSMedia
2008-07-28 00:13	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\STOIK
2008-07-25 22:21	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Acronis
2008-07-25 13:31	---------	d-----w	C:\ProgramData\Acronis
2008-07-25 13:30	441,760	----a-w	C:\Windows\system32\drivers\timntr.sys
2008-07-25 13:30	44,384	----a-w	C:\Windows\system32\drivers\tifsfilt.sys
2008-07-25 13:30	368,480	----a-w	C:\Windows\system32\drivers\tdrpman.sys
2008-07-25 13:30	132,224	----a-w	C:\Windows\system32\drivers\snapman.sys
2008-07-25 13:30	---------	d-----w	C:\Program Files\Common Files\Acronis
2008-07-25 13:30	---------	d-----w	C:\Program Files\Acronis
2008-07-25 13:25	---------	d-----w	C:\Program Files\AviSynth 2.5
2008-07-23 13:27	---------	d-----w	C:\Program Files\SoftwarePassport
2008-07-23 13:26	---------	d-----w	C:\Program Files\Mindscape
2008-07-22 11:34	---------	d-----w	C:\Program Files\IZArc
2008-07-22 11:09	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-07-21 18:08	---------	d-----w	C:\ProgramData\InstallShield
2008-07-21 18:07	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-19 23:50	---------	d-----w	C:\Program Files\OpenOffice.org 2.4
2008-07-19 23:49	---------	d-----w	C:\Program Files\Java
2008-07-19 23:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\LimeWire
2008-07-18 23:47	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-18 18:39	587,264	---ha-w	C:\Windows\WLXPGSS.SCR
2008-07-15 10:43	---------	d-----w	C:\Program Files\SlySoft
2008-07-14 14:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\GRETECH
2008-07-14 14:48	---------	d-----w	C:\ProgramData\GRETECH
2008-07-14 14:47	---------	d-----w	C:\Program Files\GRETECH
2008-07-12 20:38	---------	d-----w	C:\Program Files\Creative
2008-07-12 20:37	---------	d-----w	C:\Program Files\Mafia
2008-07-11 22:13	---------	d-----w	C:\Program Files\Piratrax
2008-07-11 18:02	---------	dc----w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-11 18:02	---------	d-----w	C:\Program Files\Pcsx2_0.9.4
2008-07-11 17:41	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BSplayer
2008-07-11 17:31	---------	d-----w	C:\Program Files\Registry Easy
2008-07-11 15:31	---------	d-----w	C:\Program Files\Common Files\Adobe AIR
2008-07-11 14:39	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BSplayer Pro
2008-07-10 23:37	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\fltk.org
2008-07-10 22:35	---------	d-----w	C:\Program Files\RomStation
2008-07-10 09:16	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\InterTrust
2008-07-10 09:16	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-09 18:08	---------	d-----w	C:\ProgramData\Ubisoft
2008-07-09 11:27	---------	d-----w	C:\Program Files\MSBuild
2008-07-09 11:27	---------	d-----w	C:\Program Files\Microsoft Works
2008-07-09 11:26	---------	d-----w	C:\Program Files\Microsoft.NET
2008-07-09 00:17	---------	d-----w	C:\ProgramData\Symantec
2008-07-08 16:30	---------	d-----w	C:\Program Files\FolderSize
2008-07-08 12:32	---------	d-----w	C:\Program Files\Defraggler
2008-07-07 23:16	---------	d-----w	C:\ProgramData\Yahoo! Companion
2008-07-07 23:12	---------	d-----w	C:\Program Files\Yahoo!
2008-07-07 23:00	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Auslogics
2008-07-07 23:00	---------	d-----w	C:\Program Files\Auslogics
2008-07-07 21:47	---------	d-----w	C:\Program Files\Project64 1.6
2008-07-07 18:23	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Download Manager
2008-07-05 09:26	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Uniblue
2008-07-03 18:29	---------	d-----w	C:\Program Files\KONAMI
2008-07-03 14:04	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ESTsoft
2008-07-03 14:04	---------	d-----w	C:\Program Files\ESTsoft
2008-07-02 16:22	---------	d-----w	C:\Program Files\securedie
2008-07-02 15:45	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ImgBurn
2008-07-02 11:02	2,560	---ha-w	C:\Windows\_MSRSTRT.EXE
2008-07-02 11:01	---------	d-----w	C:\Program Files\Secured eMule
2008-07-02 10:56	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ErrorSmart
2008-07-02 10:43	---------	d-----w	C:\Program Files\Azureus
2008-07-02 08:34	---------	d-----w	C:\Program Files\Common Files\Logitech
2008-07-02 08:01	---------	d-----w	C:\ProgramData\PC Drivers HeadQuarters
2008-07-02 07:32	---------	d-----w	C:\Program Files\Conduit
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "C:\Program Files\securedie\tbsecu.dll" [2007-09-06 12:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 12:28	1453080	-ra------	C:\Program Files\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd36797a-70f3-4acd-8825-623d3b896881}"= "C:\Program Files\securedie\tbsecu.dll" [2007-09-06 12:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "C:\Program Files\securedie\tbsecu.dll" [2007-09-06 12:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2004-08-09 06:03 221184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-14 17:22 341824]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8401"="command" [X]
"SpybotDeletingD3974"="del" [X]
"SpybotDeletingB7775"="command" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-23 01:52 2616512]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-22 22:02 909096]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-22 19:26 136472]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-08-28 12:42 75392]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA4797"="command" [X]
"SpybotDeletingC863"="del" [X]
"SpybotDeletingA6041"="command" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2583701152-1007577926-4045379130-1000]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{43D61948-2FC2-452E-838C-C25AAE296EC1}C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe"= UDP:C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe:eMule
"UDP Query User{2342DF4A-153D-4830-9C23-0C3C4645E7A4}C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe"= TCP:C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe:eMule
"{7079FD9A-53B0-4EA8-B925-4E1A3A992DD6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{62A2CDC3-7680-44CD-BB01-E95B2A5D6588}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9C6DA761-0EB3-4810-B019-01E03B5725E4}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{0D43D2C3-E070-42B7-9AC7-E5032EB92840}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{E10AE7DB-CA15-4A3C-ACE1-FC43B85C0FB5}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"{7B128BC2-3370-4EE9-8A83-EFFFBB69D5B3}"= UDP:443:TCP port 443 ooVoo
"{F7156248-62DA-4ED5-BB7B-CEACAC555968}"= TCP:443:UDP port 443 ooVoo
"{56144CB5-78C5-4244-8D6A-B1D8572E18BB}"= UDP:37674:TCP port 37674 ooVoo
"{5E17F1AE-ABE1-4605-9F88-BC5E204052E1}"= TCP:37674:UDP port 37674 ooVoo
"{DC1748BA-253F-4712-AA6A-BBE29F948CD6}"= TCP:37675:UDP port 37675 ooVoo
"TCP Query User{54CF68EC-BBD5-4934-ABDA-5B2F46C14945}C:\program files\oovoo\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{59DC3A1F-E9ED-4A07-8FC8-F51AE997B755}C:\program files\oovoo\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{A833043F-809A-4EA7-A161-364CF42D3F38}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F54341D5-414A-481E-BA1A-4614A7C7F54A}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{56C5105B-0218-4F53-9C09-1CE3CCAC1985}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{533237A3-47BB-4BA7-9F17-DACE5A4858DD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{EC19D54E-7FBD-4F60-A93F-F6E44C23095A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E9A6FC66-8627-498F-B919-06EC708C0CA9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E152F4BB-2D84-41E9-9839-E11C643BD5A3}C:\users\cyrille\program files\dna\btdna.exe"= UDP:C:\users\cyrille\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5414075E-02BB-4EEE-AD54-93EFC6C2E07B}C:\users\cyrille\program files\dna\btdna.exe"= TCP:C:\users\cyrille\program files\dna\btdna.exe:btdna.exe
"{EF3DC8C4-97DA-406F-B03B-FECFDE85339B}"= UDP:C:\Users\Cyrille\Desktop\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{9F6B3A59-7009-4043-8144-3266EBB3C92B}"= TCP:C:\Users\Cyrille\Desktop\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{8B2BCDC4-6CEF-465B-B84A-7220170199D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A3215C7B-3E1D-4C62-A655-17F002FFF498}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{5E356094-14A8-49E8-8ABC-C8B2F40ADF55}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C3A23C3B-4971-411E-9BBD-AA6B41E04A12}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{776116FA-A024-4AA7-9F66-8C236BAFB58F}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{A39051B9-2DE9-4144-B971-DD0C66A89475}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"TCP Query User{39EBCCC4-9CE8-4A93-9013-CF1C387629BC}C:\users\cyrille\appdata\local\emule\emule.exe"= UDP:C:\users\cyrille\appdata\local\emule\emule.exe:emule.exe
"UDP Query User{A235952F-1E04-4DE8-AB59-74BC28E8DC9B}C:\users\cyrille\appdata\local\emule\emule.exe"= TCP:C:\users\cyrille\appdata\local\emule\emule.exe:emule.exe
"{E5769D4F-0E2B-4322-895A-1157D46E4F36}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E4C6AA67-AF67-4F26-8FCE-6E1368E040C9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{FCE88D98-9C06-4116-BEB9-F41580EA5D3A}C:\users\cyrille\program files\bittorrent\bittorrent.exe"= UDP:C:\users\cyrille\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{C91B18AF-60AB-4054-AD66-F704FE73B35B}C:\users\cyrille\program files\bittorrent\bittorrent.exe"= TCP:C:\users\cyrille\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{1B5AD8FD-D1EF-486F-8DCB-1AF27C1BC9EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{421C8B02-767B-48FF-AF09-14E63734AEF0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{40737326-508B-40B2-A9CA-B2D38F7E2CF3}"= UDP:C:\Users\Cyrille\Desktop\Jeux pc\PES2008.exe:Pro Evolution Soccer 2008
"{650F0099-5465-410D-9B77-D0ECC8D809F7}"= TCP:C:\Users\Cyrille\Desktop\Jeux pc\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-25 15:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-04-30 17:39]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-23 02:22]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 04:00]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8ebe45-5394-11dd-aa14-001d60b428b0}]
\shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-06-21 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-07-03 C:\Windows\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-mceguuo - c:\users\cyrille\appdata\local\mceguuo.exe
HKLM-Run-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
SSODL-okmdepgb-{CF9E9AE5-8725-4630-977C-D8CCC4735B60} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\4y7i5rfg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ustart.org
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1249.1854\npCIDetect11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
.:\$0!\|0\0$
C:\Windows\system32\$\\|0!\|0\0$
C:\Windows\system32\config\$\\|0!\|0\0$
C:\Windows\system32\csrss.exe\$0!\|0\0$
C:\Windows\system32\drivers\$\\|0!\|0\0$
C:\Windows\system32\hal.dll\$0!\|0\0$
C:\Windows\system32\lsass.exe\$0!\|0\0$
C:\Windows\system32\ntdll.dll\$0!\|0\0$
C:\Windows\system32\services.exe\$0!\|0\0$
C:\Windows\system32\smss.exe\$0!\|0\0$
C:\Windows\system32\svchost.exe\$0!\|0\0$
C:\Windows\system32\userinit.exe\$0!\|0\0$
C:\Windows\system32\wbem\$\\|0!\|0\0$
C:\Windows\system32\winlogon.exe\$0!\|0\0$
C:\boot.ini\$0!\|0\0$
C:\ntdetect.com\$0!\|0\0$
C:\ntldr\$0!\|0\0$
C:\Windows\$\\|0!\|0\0$
C:\Windows\explorer.exe\$0!\|0\0$

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
C:\Windows\_MSRSTRT.EXE
C:
tdetect.com

Folder:: 
C:\Program Files\securedie
C:\Program Files\Conduit 
C:\Program Files\Secured eMule

Registry:: 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
"{cd36797a-70f3-4acd-8825-623d3b896881}"=-
[-HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"{cd36797a-70f3-4acd-8825-623d3b896881}"=- 
[-HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"{CD36797A-70F3-4ACD-8825-623D3B896881}"=- 
[-HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}] 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"SpybotDeletingB8401"=-
"SpybotDeletingD3974"=-
"SpybotDeletingB7775"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"SpybotDeletingA4797"=-
"SpybotDeletingC863"=-
"SpybotDeletingA6041"=-





Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

tylooo1 · Answer

ComboFix 08-08-27.05 - Cyrille 2008-08-28 15:11:19.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.2200 [GMT 2:00]
Endroit: C:\Users\Cyrille\Downloads\ComboFix.exe
Command switches used :: C:\Users\Cyrille\Desktop\CFScript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\Windows\_MSRSTRT.EXE
C:\ntdetect.com	:#:
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Conduit
C:\Program Files\Conduit\Community Alerts\Alert.dll
C:\Program Files\Secured eMule
C:\Program Files\Secured eMule\secp.exe
C:\Program Files\securedie
C:\Program Files\securedie\INSTALL.LOG
C:\Program Files\securedie\tbsecu.dll
C:\Program Files\securedie\toolbar.cfg
C:\Program Files\securedie\UNWISE.EXE
C:\Windows\_MSRSTRT.EXE
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Users\Cyrille\AppData\Local\mceguuo.dat
C:\Users\Cyrille\AppData\Local\mceguuo.exe
C:\Users\Cyrille\AppData\Local\mceguuo_nav.dat
C:\Users\Cyrille\AppData\Local\mceguuo_navps.dat
C:\Windows\eqbx.exe
C:\Windows\system32\aeeadae7_z.dll
C:\Windows\system32\bfbnsdpi.ini
C:\Windows\system32\fwcomgif.ini
C:\Windows\system32\gddgsxkd.ini
C:\Windows\system32\lirkwkmf.ini
C:\Windows\system32\olvhpmng.ini
C:\Windows\system32\rtl60.bpl
C:\Windows\system32\vnplpiey.ini
C:\Windows\system32\xxxnphmn.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-28 to 2008-08-28  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 14:04	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\DNA
2008-08-28 12:51	---------	d-----w	C:\Program Files\CCleaner
2008-08-28 11:33	---------	d-----w	C:\ProgramData\Avira
2008-08-28 11:33	---------	d-----w	C:\Program Files\Avira
2008-08-28 11:28	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-28 11:27	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-08-28 11:22	---------	d-----w	C:\Program Files\Trend Micro
2008-08-28 05:32	---------	d-----w	C:\ProgramData\Google Updater
2008-08-28 00:52	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-28 00:47	---------	d-----w	C:\Program Files\Norton Security Scan
2008-08-28 00:44	---------	d-----w	C:\Program Files\Rockstar Games
2008-08-27 23:23	---------	d-----w	C:\ProgramData\Lavasoft
2008-08-26 19:30	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Azureus
2008-08-25 22:03	---------	d-----w	C:\Program Files\Microsoft Virtual PC
2008-08-25 22:01	---------	d-----w	C:\ProgramData\avg8
2008-08-25 21:57	---------	d-----w	C:\Program Files\eChanblard
2008-08-24 14:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-24 14:38	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\InstallShield
2008-08-23 10:07	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BitTorrent
2008-08-22 21:02	---------	d---a-w	C:\ProgramData\TEMP
2008-08-20 22:27	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-08-14 15:23	---------	d-----w	C:\Program Files\BitTorrent
2008-08-14 15:22	---------	d-----w	C:\Program Files\DNA
2008-08-13 10:01	---------	d-----w	C:\Program Files\Windows Mail
2008-08-13 08:47	---------	d-----w	C:\ProgramData\Microsoft Help
2008-08-11 20:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\PeerNetworking
2008-08-09 22:11	---------	d-----w	C:\ProgramData\Downloaded Installations
2008-08-09 09:07	---------	d-----w	C:\ProgramData\WindowsSearch
2008-08-09 00:02	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-08-07 22:55	---------	d-----w	C:\Program Files\Runtime Software
2008-08-07 19:26	---------	d-----w	C:\Program Files\Google
2008-08-06 11:56	---------	d-----w	C:\ProgramData\Media Center Programs
2008-08-05 10:30	---------	d-----w	C:\Program Files\CyberLink
2008-08-03 10:34	---------	d-----w	C:\Program Files\Ubisoft
2008-08-01 15:10	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-29 15:57	---------	d-----w	C:\Program Files\FTPExpert
2008-07-28 00:32	---------	d-----w	C:\Program Files\Common Files\AVSMedia
2008-07-28 00:13	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\STOIK
2008-07-25 22:21	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Acronis
2008-07-25 13:31	---------	d-----w	C:\ProgramData\Acronis
2008-07-25 13:30	441,760	----a-w	C:\Windows\system32\drivers\timntr.sys
2008-07-25 13:30	44,384	----a-w	C:\Windows\system32\drivers\tifsfilt.sys
2008-07-25 13:30	368,480	----a-w	C:\Windows\system32\drivers\tdrpman.sys
2008-07-25 13:30	132,224	----a-w	C:\Windows\system32\drivers\snapman.sys
2008-07-25 13:30	---------	d-----w	C:\Program Files\Common Files\Acronis
2008-07-25 13:30	---------	d-----w	C:\Program Files\Acronis
2008-07-25 13:25	---------	d-----w	C:\Program Files\AviSynth 2.5
2008-07-23 13:27	---------	d-----w	C:\Program Files\SoftwarePassport
2008-07-23 13:26	---------	d-----w	C:\Program Files\Mindscape
2008-07-22 21:41	131,072	----a-r	C:\Windows\System32\VMSB1.BIN
2008-07-22 21:41	131,072	----a-r	C:\Windows\System32\VMS.BIN
2008-07-22 11:34	---------	d-----w	C:\Program Files\IZArc
2008-07-22 11:09	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-07-21 18:08	---------	d-----w	C:\ProgramData\InstallShield
2008-07-21 18:07	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-19 23:50	---------	d-----w	C:\Program Files\OpenOffice.org 2.4
2008-07-19 23:49	---------	d-----w	C:\Program Files\Java
2008-07-19 23:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\LimeWire
2008-07-18 23:47	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-18 18:39	587,264	---ha-w	C:\Windows\WLXPGSS.SCR
2008-07-16 01:32	2,048	----a-w	C:\Windows\System32\tzres.dll
2008-07-15 10:43	---------	d-----w	C:\Program Files\SlySoft
2008-07-14 14:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\GRETECH
2008-07-14 14:48	---------	d-----w	C:\ProgramData\GRETECH
2008-07-14 14:47	---------	d-----w	C:\Program Files\GRETECH
2008-07-12 20:38	---------	d-----w	C:\Program Files\Creative
2008-07-12 20:37	---------	d-----w	C:\Program Files\Mafia
2008-07-11 22:13	---------	d-----w	C:\Program Files\Piratrax
2008-07-11 18:02	---------	dc----w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-11 18:02	---------	d-----w	C:\Program Files\Pcsx2_0.9.4
2008-07-11 17:41	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BSplayer
2008-07-11 17:31	---------	d-----w	C:\Program Files\Registry Easy
2008-07-11 15:31	---------	d-----w	C:\Program Files\Common Files\Adobe AIR
2008-07-11 14:39	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BSplayer Pro
2008-07-10 23:37	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\fltk.org
2008-07-10 22:35	---------	d-----w	C:\Program Files\RomStation
2008-07-10 09:16	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\InterTrust
2008-07-10 09:16	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-09 18:08	---------	d-----w	C:\ProgramData\Ubisoft
2008-07-09 11:27	---------	d-----w	C:\Program Files\MSBuild
2008-07-09 11:27	---------	d-----w	C:\Program Files\Microsoft Works
2008-07-09 11:26	---------	d-----w	C:\Program Files\Microsoft.NET
2008-07-09 00:17	---------	d-----w	C:\ProgramData\Symantec
2008-07-08 16:30	---------	d-----w	C:\Program Files\FolderSize
2008-07-08 12:32	---------	d-----w	C:\Program Files\Defraggler
2008-07-07 23:16	---------	d-----w	C:\ProgramData\Yahoo! Companion
2008-07-07 23:12	---------	d-----w	C:\Program Files\Yahoo!
2008-07-07 23:00	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Auslogics
2008-07-07 23:00	---------	d-----w	C:\Program Files\Auslogics
2008-07-07 21:47	---------	d-----w	C:\Program Files\Project64 1.6
2008-07-07 18:23	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Download Manager
2008-07-05 09:26	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Uniblue
2008-07-03 18:47	107,888	----a-w	C:\Windows\System32\CmdLineExt.dll
2008-07-03 18:29	---------	d-----w	C:\Program Files\KONAMI
2008-07-03 14:04	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ESTsoft
2008-07-03 14:04	---------	d-----w	C:\Program Files\ESTsoft
2008-07-02 15:45	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ImgBurn
2008-07-02 10:56	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ErrorSmart
2008-07-02 10:43	---------	d-----w	C:\Program Files\Azureus
2008-07-02 08:34	---------	d-----w	C:\Program Files\Common Files\Logitech
.

(((((((((((((((((((((((((((((   snapshot@2008-08-28_14.26.40.11   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 12:23:38	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-28 14:19:47	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-28 14:19:47	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-28 12:23:38	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-28 14:19:57	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-28 14:19:57	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-28 11:07:50	101,052	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-08-28 14:13:45	101,052	----a-w	C:\Windows\System32\perfc009.dat
- 2008-08-28 11:07:50	123,350	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-08-28 14:13:45	123,350	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-08-28 11:07:50	586,980	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-08-28 14:13:45	586,980	----a-w	C:\Windows\System32\perfh009.dat
- 2008-08-28 11:07:50	669,328	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-08-28 14:13:45	669,328	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-08-28 10:21:50	8,706	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2583701152-1007577926-4045379130-1000_UserData.bin
+ 2008-08-28 13:03:04	8,918	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2583701152-1007577926-4045379130-1000_UserData.bin
- 2008-08-28 11:05:16	69,916	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-28 13:03:03	70,358	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-28 11:05:11	49,026	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-28 13:03:03	49,830	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2004-08-09 06:03 221184]
"mceguuo"="c:\users\cyrille\appdata\local\mceguuo.exe" [BU]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-14 17:22 341824]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-23 01:52 2616512]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-22 22:02 909096]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-22 19:26 136472]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [BU]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-08-28 12:42 75392]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2583701152-1007577926-4045379130-1000]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{43D61948-2FC2-452E-838C-C25AAE296EC1}C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe"= UDP:C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe:eMule
"UDP Query User{2342DF4A-153D-4830-9C23-0C3C4645E7A4}C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe"= TCP:C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe:eMule
"{7079FD9A-53B0-4EA8-B925-4E1A3A992DD6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{62A2CDC3-7680-44CD-BB01-E95B2A5D6588}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9C6DA761-0EB3-4810-B019-01E03B5725E4}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{0D43D2C3-E070-42B7-9AC7-E5032EB92840}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{E10AE7DB-CA15-4A3C-ACE1-FC43B85C0FB5}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"{7B128BC2-3370-4EE9-8A83-EFFFBB69D5B3}"= UDP:443:TCP port 443 ooVoo
"{F7156248-62DA-4ED5-BB7B-CEACAC555968}"= TCP:443:UDP port 443 ooVoo
"{56144CB5-78C5-4244-8D6A-B1D8572E18BB}"= UDP:37674:TCP port 37674 ooVoo
"{5E17F1AE-ABE1-4605-9F88-BC5E204052E1}"= TCP:37674:UDP port 37674 ooVoo
"{DC1748BA-253F-4712-AA6A-BBE29F948CD6}"= TCP:37675:UDP port 37675 ooVoo
"TCP Query User{54CF68EC-BBD5-4934-ABDA-5B2F46C14945}C:\program files\oovoo\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{59DC3A1F-E9ED-4A07-8FC8-F51AE997B755}C:\program files\oovoo\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{A833043F-809A-4EA7-A161-364CF42D3F38}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F54341D5-414A-481E-BA1A-4614A7C7F54A}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{56C5105B-0218-4F53-9C09-1CE3CCAC1985}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{533237A3-47BB-4BA7-9F17-DACE5A4858DD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{EC19D54E-7FBD-4F60-A93F-F6E44C23095A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E9A6FC66-8627-498F-B919-06EC708C0CA9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E152F4BB-2D84-41E9-9839-E11C643BD5A3}C:\users\cyrille\program files\dna\btdna.exe"= UDP:C:\users\cyrille\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5414075E-02BB-4EEE-AD54-93EFC6C2E07B}C:\users\cyrille\program files\dna\btdna.exe"= TCP:C:\users\cyrille\program files\dna\btdna.exe:btdna.exe
"{EF3DC8C4-97DA-406F-B03B-FECFDE85339B}"= UDP:C:\Users\Cyrille\Desktop\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{9F6B3A59-7009-4043-8144-3266EBB3C92B}"= TCP:C:\Users\Cyrille\Desktop\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{8B2BCDC4-6CEF-465B-B84A-7220170199D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A3215C7B-3E1D-4C62-A655-17F002FFF498}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{5E356094-14A8-49E8-8ABC-C8B2F40ADF55}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C3A23C3B-4971-411E-9BBD-AA6B41E04A12}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{776116FA-A024-4AA7-9F66-8C236BAFB58F}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{A39051B9-2DE9-4144-B971-DD0C66A89475}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"TCP Query User{39EBCCC4-9CE8-4A93-9013-CF1C387629BC}C:\users\cyrille\appdata\local\emule\emule.exe"= UDP:C:\users\cyrille\appdata\local\emule\emule.exe:emule.exe
"UDP Query User{A235952F-1E04-4DE8-AB59-74BC28E8DC9B}C:\users\cyrille\appdata\local\emule\emule.exe"= TCP:C:\users\cyrille\appdata\local\emule\emule.exe:emule.exe
"{E5769D4F-0E2B-4322-895A-1157D46E4F36}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E4C6AA67-AF67-4F26-8FCE-6E1368E040C9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{FCE88D98-9C06-4116-BEB9-F41580EA5D3A}C:\users\cyrille\program files\bittorrent\bittorrent.exe"= UDP:C:\users\cyrille\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{C91B18AF-60AB-4054-AD66-F704FE73B35B}C:\users\cyrille\program files\bittorrent\bittorrent.exe"= TCP:C:\users\cyrille\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{1B5AD8FD-D1EF-486F-8DCB-1AF27C1BC9EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{421C8B02-767B-48FF-AF09-14E63734AEF0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{40737326-508B-40B2-A9CA-B2D38F7E2CF3}"= UDP:C:\Users\Cyrille\Desktop\Jeux pc\PES2008.exe:Pro Evolution Soccer 2008
"{650F0099-5465-410D-9B77-D0ECC8D809F7}"= TCP:C:\Users\Cyrille\Desktop\Jeux pc\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-25 15:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-04-30 17:39]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-23 02:22]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 04:00]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8ebe45-5394-11dd-aa14-001d60b428b0}]
\shell\AutoRun\command - K:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-06-21 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-07-03 C:\Windows\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -

SSODL-okmdepgb-{CF9E9AE5-8725-4630-977C-D8CCC4735B60} - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 17:03:57
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\Cyrille\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm 472 bytes
C:\Users\Cyrille\AppData\Local\Microsoft\Portable Devices\wpdlog03.sqm 472 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-28 17:06:05 - machine was rebooted [Cyrille]
ComboFix-quarantined-files.txt  2008-08-28 15:06:00

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 277,661,507,584 octets libres

318	--- E O F ---	2008-08-23 23:09:01

Utilisateur anonyme · Answer

Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

tyloo1 · Answer

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1092
Windows 6.0.6001 Service Pack 1

19:10:36 28/08/2008
mbam-log-08-28-2008 (19-10-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 102474
Temps écoulé: 34 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\eqbx.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

refais un scan hijackthis, post le rapport et dis moi comment va le pc stp

tylooo1 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:49, on 28/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\Explorer.exe
C:\Program Files\eChanblard\emule.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe -startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

Utilisateur anonyme · Answer

fais un clic droit sur hijackthis
choisi executer en tant qu admistrateur
fais scan only
coches ces ligne :

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) 

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: (no name) - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - (no file) 
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) 

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) 


Tu les coches et tu clic sur fix checked 

ensuite tu as des traces d avast :

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility


ensuite :

Démarrer > Accessoire > executer > tape : services.msc 

- Clic droit sur le service cité -  AVG Free8 WatchDog 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

ensuite désinstal adobe reader  car pas a jours et telecharge et instal cette version :

http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe


ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo): 


http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/


ensuite :


* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

tylooo1 · Answer

ComboFix 08-08-27.05 - Cyrille 2008-08-28 15:11:19.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.2200 [GMT 2:00]
Endroit: C:\Users\Cyrille\Downloads\ComboFix.exe
Command switches used :: C:\Users\Cyrille\Desktop\CFScript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\Windows\_MSRSTRT.EXE
C:\ntdetect.com	:#:
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Conduit
C:\Program Files\Conduit\Community Alerts\Alert.dll
C:\Program Files\Secured eMule
C:\Program Files\Secured eMule\secp.exe
C:\Program Files\securedie
C:\Program Files\securedie\INSTALL.LOG
C:\Program Files\securedie\tbsecu.dll
C:\Program Files\securedie\toolbar.cfg
C:\Program Files\securedie\UNWISE.EXE
C:\Windows\_MSRSTRT.EXE
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Users\Cyrille\AppData\Local\mceguuo.dat
C:\Users\Cyrille\AppData\Local\mceguuo.exe
C:\Users\Cyrille\AppData\Local\mceguuo_nav.dat
C:\Users\Cyrille\AppData\Local\mceguuo_navps.dat
C:\Windows\eqbx.exe
C:\Windows\system32\aeeadae7_z.dll
C:\Windows\system32\bfbnsdpi.ini
C:\Windows\system32\fwcomgif.ini
C:\Windows\system32\gddgsxkd.ini
C:\Windows\system32\lirkwkmf.ini
C:\Windows\system32\olvhpmng.ini
C:\Windows\system32\rtl60.bpl
C:\Windows\system32\vnplpiey.ini
C:\Windows\system32\xxxnphmn.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-28 to 2008-08-28  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 14:04	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\DNA
2008-08-28 12:51	---------	d-----w	C:\Program Files\CCleaner
2008-08-28 11:33	---------	d-----w	C:\ProgramData\Avira
2008-08-28 11:33	---------	d-----w	C:\Program Files\Avira
2008-08-28 11:28	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-28 11:27	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-08-28 11:22	---------	d-----w	C:\Program Files\Trend Micro
2008-08-28 05:32	---------	d-----w	C:\ProgramData\Google Updater
2008-08-28 00:52	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-28 00:47	---------	d-----w	C:\Program Files\Norton Security Scan
2008-08-28 00:44	---------	d-----w	C:\Program Files\Rockstar Games
2008-08-27 23:23	---------	d-----w	C:\ProgramData\Lavasoft
2008-08-26 19:30	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Azureus
2008-08-25 22:03	---------	d-----w	C:\Program Files\Microsoft Virtual PC
2008-08-25 22:01	---------	d-----w	C:\ProgramData\avg8
2008-08-25 21:57	---------	d-----w	C:\Program Files\eChanblard
2008-08-24 14:39	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-24 14:38	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\InstallShield
2008-08-23 10:07	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BitTorrent
2008-08-22 21:02	---------	d---a-w	C:\ProgramData\TEMP
2008-08-20 22:27	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-08-14 15:23	---------	d-----w	C:\Program Files\BitTorrent
2008-08-14 15:22	---------	d-----w	C:\Program Files\DNA
2008-08-13 10:01	---------	d-----w	C:\Program Files\Windows Mail
2008-08-13 08:47	---------	d-----w	C:\ProgramData\Microsoft Help
2008-08-11 20:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\PeerNetworking
2008-08-09 22:11	---------	d-----w	C:\ProgramData\Downloaded Installations
2008-08-09 09:07	---------	d-----w	C:\ProgramData\WindowsSearch
2008-08-09 00:02	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-08-07 22:55	---------	d-----w	C:\Program Files\Runtime Software
2008-08-07 19:26	---------	d-----w	C:\Program Files\Google
2008-08-06 11:56	---------	d-----w	C:\ProgramData\Media Center Programs
2008-08-05 10:30	---------	d-----w	C:\Program Files\CyberLink
2008-08-03 10:34	---------	d-----w	C:\Program Files\Ubisoft
2008-08-01 15:10	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-29 15:57	---------	d-----w	C:\Program Files\FTPExpert
2008-07-28 00:32	---------	d-----w	C:\Program Files\Common Files\AVSMedia
2008-07-28 00:13	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\STOIK
2008-07-25 22:21	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Acronis
2008-07-25 13:31	---------	d-----w	C:\ProgramData\Acronis
2008-07-25 13:30	441,760	----a-w	C:\Windows\system32\drivers\timntr.sys
2008-07-25 13:30	44,384	----a-w	C:\Windows\system32\drivers\tifsfilt.sys
2008-07-25 13:30	368,480	----a-w	C:\Windows\system32\drivers\tdrpman.sys
2008-07-25 13:30	132,224	----a-w	C:\Windows\system32\drivers\snapman.sys
2008-07-25 13:30	---------	d-----w	C:\Program Files\Common Files\Acronis
2008-07-25 13:30	---------	d-----w	C:\Program Files\Acronis
2008-07-25 13:25	---------	d-----w	C:\Program Files\AviSynth 2.5
2008-07-23 13:27	---------	d-----w	C:\Program Files\SoftwarePassport
2008-07-23 13:26	---------	d-----w	C:\Program Files\Mindscape
2008-07-22 21:41	131,072	----a-r	C:\Windows\System32\VMSB1.BIN
2008-07-22 21:41	131,072	----a-r	C:\Windows\System32\VMS.BIN
2008-07-22 11:34	---------	d-----w	C:\Program Files\IZArc
2008-07-22 11:09	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-07-21 18:08	---------	d-----w	C:\ProgramData\InstallShield
2008-07-21 18:07	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-19 23:50	---------	d-----w	C:\Program Files\OpenOffice.org 2.4
2008-07-19 23:49	---------	d-----w	C:\Program Files\Java
2008-07-19 23:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\LimeWire
2008-07-18 23:47	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-18 18:39	587,264	---ha-w	C:\Windows\WLXPGSS.SCR
2008-07-16 01:32	2,048	----a-w	C:\Windows\System32\tzres.dll
2008-07-15 10:43	---------	d-----w	C:\Program Files\SlySoft
2008-07-14 14:48	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\GRETECH
2008-07-14 14:48	---------	d-----w	C:\ProgramData\GRETECH
2008-07-14 14:47	---------	d-----w	C:\Program Files\GRETECH
2008-07-12 20:38	---------	d-----w	C:\Program Files\Creative
2008-07-12 20:37	---------	d-----w	C:\Program Files\Mafia
2008-07-11 22:13	---------	d-----w	C:\Program Files\Piratrax
2008-07-11 18:02	---------	dc----w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-11 18:02	---------	d-----w	C:\Program Files\Pcsx2_0.9.4
2008-07-11 17:41	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BSplayer
2008-07-11 17:31	---------	d-----w	C:\Program Files\Registry Easy
2008-07-11 15:31	---------	d-----w	C:\Program Files\Common Files\Adobe AIR
2008-07-11 14:39	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\BSplayer Pro
2008-07-10 23:37	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\fltk.org
2008-07-10 22:35	---------	d-----w	C:\Program Files\RomStation
2008-07-10 09:16	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\InterTrust
2008-07-10 09:16	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-07-09 18:08	---------	d-----w	C:\ProgramData\Ubisoft
2008-07-09 11:27	---------	d-----w	C:\Program Files\MSBuild
2008-07-09 11:27	---------	d-----w	C:\Program Files\Microsoft Works
2008-07-09 11:26	---------	d-----w	C:\Program Files\Microsoft.NET
2008-07-09 00:17	---------	d-----w	C:\ProgramData\Symantec
2008-07-08 16:30	---------	d-----w	C:\Program Files\FolderSize
2008-07-08 12:32	---------	d-----w	C:\Program Files\Defraggler
2008-07-07 23:16	---------	d-----w	C:\ProgramData\Yahoo! Companion
2008-07-07 23:12	---------	d-----w	C:\Program Files\Yahoo!
2008-07-07 23:00	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Auslogics
2008-07-07 23:00	---------	d-----w	C:\Program Files\Auslogics
2008-07-07 21:47	---------	d-----w	C:\Program Files\Project64 1.6
2008-07-07 18:23	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Download Manager
2008-07-05 09:26	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\Uniblue
2008-07-03 18:47	107,888	----a-w	C:\Windows\System32\CmdLineExt.dll
2008-07-03 18:29	---------	d-----w	C:\Program Files\KONAMI
2008-07-03 14:04	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ESTsoft
2008-07-03 14:04	---------	d-----w	C:\Program Files\ESTsoft
2008-07-02 15:45	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ImgBurn
2008-07-02 10:56	---------	d-----w	C:\Users\Cyrille\AppData\Roaming\ErrorSmart
2008-07-02 10:43	---------	d-----w	C:\Program Files\Azureus
2008-07-02 08:34	---------	d-----w	C:\Program Files\Common Files\Logitech
.

(((((((((((((((((((((((((((((   snapshot@2008-08-28_14.26.40.11   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 12:23:38	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-28 14:19:47	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-28 14:19:47	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-28 12:23:38	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-28 14:19:57	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-28 14:19:57	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-28 11:07:50	101,052	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-08-28 14:13:45	101,052	----a-w	C:\Windows\System32\perfc009.dat
- 2008-08-28 11:07:50	123,350	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-08-28 14:13:45	123,350	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-08-28 11:07:50	586,980	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-08-28 14:13:45	586,980	----a-w	C:\Windows\System32\perfh009.dat
- 2008-08-28 11:07:50	669,328	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-08-28 14:13:45	669,328	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-08-28 10:21:50	8,706	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2583701152-1007577926-4045379130-1000_UserData.bin
+ 2008-08-28 13:03:04	8,918	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2583701152-1007577926-4045379130-1000_UserData.bin
- 2008-08-28 11:05:16	69,916	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-28 13:03:03	70,358	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-28 11:05:11	49,026	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-28 13:03:03	49,830	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\isuspm.exe" [2004-08-09 06:03 221184]
"mceguuo"="c:\users\cyrille\appdata\local\mceguuo.exe" [BU]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-14 17:22 341824]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-23 01:52 2616512]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-22 22:02 909096]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-22 19:26 136472]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [BU]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-08-28 12:42 75392]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2583701152-1007577926-4045379130-1000]
"EnableNotificationsRef"=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{43D61948-2FC2-452E-838C-C25AAE296EC1}C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe"= UDP:C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe:eMule
"UDP Query User{2342DF4A-153D-4830-9C23-0C3C4645E7A4}C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe"= TCP:C:\users\cyrille\desktop\windows.old\program files\echanblard\emule.exe:eMule
"{7079FD9A-53B0-4EA8-B925-4E1A3A992DD6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{62A2CDC3-7680-44CD-BB01-E95B2A5D6588}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9C6DA761-0EB3-4810-B019-01E03B5725E4}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{0D43D2C3-E070-42B7-9AC7-E5032EB92840}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{E10AE7DB-CA15-4A3C-ACE1-FC43B85C0FB5}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"{7B128BC2-3370-4EE9-8A83-EFFFBB69D5B3}"= UDP:443:TCP port 443 ooVoo
"{F7156248-62DA-4ED5-BB7B-CEACAC555968}"= TCP:443:UDP port 443 ooVoo
"{56144CB5-78C5-4244-8D6A-B1D8572E18BB}"= UDP:37674:TCP port 37674 ooVoo
"{5E17F1AE-ABE1-4605-9F88-BC5E204052E1}"= TCP:37674:UDP port 37674 ooVoo
"{DC1748BA-253F-4712-AA6A-BBE29F948CD6}"= TCP:37675:UDP port 37675 ooVoo
"TCP Query User{54CF68EC-BBD5-4934-ABDA-5B2F46C14945}C:\program files\oovoo\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{59DC3A1F-E9ED-4A07-8FC8-F51AE997B755}C:\program files\oovoo\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{A833043F-809A-4EA7-A161-364CF42D3F38}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F54341D5-414A-481E-BA1A-4614A7C7F54A}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{56C5105B-0218-4F53-9C09-1CE3CCAC1985}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{533237A3-47BB-4BA7-9F17-DACE5A4858DD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{EC19D54E-7FBD-4F60-A93F-F6E44C23095A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E9A6FC66-8627-498F-B919-06EC708C0CA9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E152F4BB-2D84-41E9-9839-E11C643BD5A3}C:\users\cyrille\program files\dna\btdna.exe"= UDP:C:\users\cyrille\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5414075E-02BB-4EEE-AD54-93EFC6C2E07B}C:\users\cyrille\program files\dna\btdna.exe"= TCP:C:\users\cyrille\program files\dna\btdna.exe:btdna.exe
"{EF3DC8C4-97DA-406F-B03B-FECFDE85339B}"= UDP:C:\Users\Cyrille\Desktop\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{9F6B3A59-7009-4043-8144-3266EBB3C92B}"= TCP:C:\Users\Cyrille\Desktop\PES2008\PES2008.exe:Pro Evolution Soccer 2008
"{8B2BCDC4-6CEF-465B-B84A-7220170199D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A3215C7B-3E1D-4C62-A655-17F002FFF498}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{5E356094-14A8-49E8-8ABC-C8B2F40ADF55}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C3A23C3B-4971-411E-9BBD-AA6B41E04A12}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{776116FA-A024-4AA7-9F66-8C236BAFB58F}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{A39051B9-2DE9-4144-B971-DD0C66A89475}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"TCP Query User{39EBCCC4-9CE8-4A93-9013-CF1C387629BC}C:\users\cyrille\appdata\local\emule\emule.exe"= UDP:C:\users\cyrille\appdata\local\emule\emule.exe:emule.exe
"UDP Query User{A235952F-1E04-4DE8-AB59-74BC28E8DC9B}C:\users\cyrille\appdata\local\emule\emule.exe"= TCP:C:\users\cyrille\appdata\local\emule\emule.exe:emule.exe
"{E5769D4F-0E2B-4322-895A-1157D46E4F36}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E4C6AA67-AF67-4F26-8FCE-6E1368E040C9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{FCE88D98-9C06-4116-BEB9-F41580EA5D3A}C:\users\cyrille\program files\bittorrent\bittorrent.exe"= UDP:C:\users\cyrille\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{C91B18AF-60AB-4054-AD66-F704FE73B35B}C:\users\cyrille\program files\bittorrent\bittorrent.exe"= TCP:C:\users\cyrille\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{1B5AD8FD-D1EF-486F-8DCB-1AF27C1BC9EE}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{421C8B02-767B-48FF-AF09-14E63734AEF0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{40737326-508B-40B2-A9CA-B2D38F7E2CF3}"= UDP:C:\Users\Cyrille\Desktop\Jeux pc\PES2008.exe:Pro Evolution Soccer 2008
"{650F0099-5465-410D-9B77-D0ECC8D809F7}"= TCP:C:\Users\Cyrille\Desktop\Jeux pc\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-25 15:30]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-04-30 17:39]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-23 02:22]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-27 04:00]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a8ebe45-5394-11dd-aa14-001d60b428b0}]
\shell\AutoRun\command - K:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-06-21 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-07-03 C:\Windows\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -

SSODL-okmdepgb-{CF9E9AE5-8725-4630-977C-D8CCC4735B60} - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 17:03:57
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\Cyrille\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm 472 bytes
C:\Users\Cyrille\AppData\Local\Microsoft\Portable Devices\wpdlog03.sqm 472 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-28 17:06:05 - machine was rebooted [Cyrille]
ComboFix-quarantined-files.txt  2008-08-28 15:06:00

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 277,661,507,584 octets libres

318	--- E O F ---	2008-08-23 23:09:01

Utilisateur anonyme · Answer

tu t es trompé de rapport il faut : TCleaner.txt

va dans ordinateur, entre dans le disques c et post le rapport TCleaner.txt ou dis moi si hijackthis combofix ont disparu

tylooo1 · Answer

-->- Recherche: 

C:\Qoobox: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Menu Démarrer\Programs\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Menu Démarrer\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Start Menu\Programmes\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Start Menu\Programs\HijackThis: trouvé !
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Cyrille\Desktop\Raccourcis\HijackThis.lnk: trouvé !
C:\Users\Cyrille\Downloads\ComboFix.exe: trouvé !
C:\Users\Cyrille\Downloads\HJTInstall.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Cyrille\Desktop\Raccourcis\HijackThis.lnk: supprimé !
C:\Users\Cyrille\Downloads\ComboFix.exe: Erreur de suppression !
C:\Users\Cyrille\Downloads\HJTInstall.exe: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: Erreur de suppression !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Utilisateur anonyme · Answer

si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu

Bagle, sans doute ;)

24 réponses

Votre réponse

Discussions similaires

Newsletters