Virus/spyware ? Fermé

Question

Bonjour,
J'ai un virus/spyware dans mon autre ordi depuis hier et je n'arrive pas a la supprimer, j'ai fait un scan avast en mode sans echec mais il a "juste" trouvé 14204 fichiers infectés, mais le virus est tjrs là ... alors j'ai utiliser malwarebytes pour le virer mais il ne lance pas, j'ai utilisé spyhunter 3, il se lance fait un scan, trouve 180 fichiers infectés mais pour les supprimer je doit m'enregistrer mais le virus a bloqué ma connexion internet et en plus c'est pas payant, alors j'ai utilisé hijackthis, il s'installe mais ne se lance pas comme malwarebytes. 
Je ne sais plus quoi faire ... Aidez moi siou plait !!
Merci !

Utilisateur anonyme · Answer

Salut 

j'ai utilisé hijackthis, il s'installe mais ne se lance pas comme malwarebytes.

Quel est le message d erreure stp ??

gael31390 · Answer

Il ne met aucun message d'erreur, je lance l'application le ptit sablier tourne et voila c'est fini, il fait pareil avec mozilla/IE le ptit sablier et puis plus rien, alors la connexion internet est là puisque jsuis dans ma chambre branché en wifi mais mozilla s'ouvre pas ...

Utilisateur anonyme · Answer

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

gael31390 · Answer

ok jvais le faire, merci bcp !

gael31390 · Answer

je fais ça en mode sans echec ? ou normal

Utilisateur anonyme · Answer

en mode normal

gael31390 · Answer

je lance combofix et il me dit qu'il a detecté la presence d'un rootkit et qu'il doit redémarer donc il l'a fait mais remet le message .... jfais quoi ?

PS : j'ai une page du virus qui s'affiche et dont le nom est Xp antivirus 2008, qui me demande de l'installer ...

Utilisateur anonyme · Answer

accepte le redémarrage  et post le rapport stp

gael31390 · Answer

ué y redemarre mais il remet le message comme quoi il detecte un rootkit ( jsais pas ce que c'est )

Utilisateur anonyme · Answer

va dasn poste de travail
entre dans le disques C 
si present post Combofix.txt ou dis moi

gael31390 · Answer

nan il n'y est pas.

C'est pas XP antivirus 2008, c'est antivirus XP 2008.

Utilisateur anonyme · Answer

refais le scan comobofix en mode sans echec dans ce cas et post le rapport stp

gael31390 · Answer

ok

gael31390 · Answer

jlai fait au redemarage il m'a indiqué que le fichier combofix.exe été endomagé et illisible et qu'il fallait que je l'ance l'utilitaire CHKDSK, ce que j'ai fait et il en est a 30% de la deuxième étape.

gael31390 · Answer

je pense qu'il a fait le rapport car la barre d'avancement est allé a fond et m'a demandé de rebooter et là le fichier machin ...

gael31390 · Answer

voila CHKDSK a fini, le message d'erreur a disparu mais je n'ai plus aucun icone ni la barre des taches. Alors danhs le gestionnaires des taches j'ai voulu lancer explorer.exe mais il est deja lancé, alors j'attend.

Utilisateur anonyme · Answer

au pire des cas redémarre le pc

gael31390 · Answer

ué ça y est c'est en cour.

Utilisateur anonyme · Answer

-;)

gael31390 · Answer

bon combofix caffouille sévère il me dit que le fichier C:\327882R2FWJFW est endomagé donc combofix peut pas marché, alors y me dit de lancer CHKDSK, ce que je fais mais il est en lecture seule, je connais pas c'truc, jsais pas m'en servir, et il me dit que des fichier ne peuvent etre crées ( surement le log ) qu'il faut que je ferme tte les applications que je redémarre et que je recommence l'installation .

gael31390 · Answer

que faire docteur ? ^^ et a chaque fois que je redémarre je le fais en mode sans echec ?

Utilisateur anonyme · Answer

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

gael31390 · Answer

ok jfais ça, merci bcp !

gael31390 · Answer

il me remarque que le fichier C:/... est endommagé et illisible, qu'il faut que j'utilise CHKDSK. Tu sais pas t'en servir toi de ça ?

Utilisateur anonyme · Answer

apparemment c est ton disque qui est malade

gael31390 · Answer

parce que jsuis en train de lire un sujet sur la commande chkdsk, et il dise que si on y incrémente la commande /f, il repère et corrige les erreurs sur le disque, j'essaye ?

et j'ai essayé de lui faire corriger les erreurs dans le dossier C:\32788... et il me dit que le chemin n'est pas bon ...

Utilisateur anonyme · Answer

oui essai la commande /f

gael31390 · Answer

bein la commande a peut etre marchée, car j'ai relancer toolscleaner2 et il ne ma pas mis de messager d'erreur ( là il cherche ) et jme suis dit que vu que l'on sait que c'est antivirus xp 2008 qui fait chier, j'ai fait une recherche sur internet et il dise d'utiliser RogueRemover pour le desinstaller.

gael31390 · Answer

Tu l'a deja utilisé toolscleaner ? tu sais quel tps il met a faire la recherche ? car là il est bloqué en position recherche, ( pas de souris juste le sablier fixe ) et sinon y a revo uninstaller pour le virer. ça peut marcher ?




Une question qui a rien a voir, vu que je vien de craker ds ma chambre Xp pro, l'ordi sait quand je veux installer windows media player 11 que c'est pas l'original, y a pas un moyen de passe au travers pour l'installer ?

Utilisateur anonyme · Answer

malewarebyte le vire c est sur ....

Utilisateur anonyme · Answer

Une question qui a rien a voir, vu que je vien de craker ds ma chambre Xp pro, l'ordi sait quand je veux installer windows media player 11 que c'est pas l'original, y a pas un moyen de passe au travers pour l'installer ?

Je ne peux te repondre sorry

gael31390 · Answer

ué mais y veux pas se lancer ^^ juste il s'installe.


ça y est toolscleaner a fini, il a afficher 4 ligne dont a chaque fois dans les ligne le nom hijackthis ... alors dans le doute j'ai supprimé.

gael31390 · Answer

ok pas grave.

Utilisateur anonyme · Answer

ok passe malewarebyte maintenant

gael31390 · Answer

c'est bon malwarebytes est en train de scanner mes 3 partitions du DD.

gael31390 · Answer

En tout cas merci beaucoup !!!!

Utilisateur anonyme · Answer

de rein a tout a l heure

gael31390 · Answer

Bon le scan été en cours/avait trouvé 30 fichiers infectés et quand jsuis allé voir si tout ce passé bien mon pere ma dit que l'ordi devait redémarer car il y avait un prob, donc j'ai relancer le scan et je vais surveillé. Pendant l'installation il y a eu un ptit prob avec 2/3 fichiers, j'ai fais ok il a continué a installé, donc jvais voir ça.

gael31390 · Answer

voila le scan a fini, j'ai tout supprimé mais je crois que ça ne lui a pas plus car il ma affiché ( ne repond pas ) donc j'ai laisser et il a quitté donc je le redémarre.

gael31390 · Answer

bon il a redémarré et c'est tjrs pareil,et a chaque fois je suis obligé de le réinstaller y me met les 4 identiques messages d'erreur je vais dans quarantaine je supprime tt et je ferme je le relance y faut que je le réinstalle, apres jfais un scan rapide y met trouve 100 fichier infectés alors je fais tout supprimé et y balance tout ça en quarantaine puis il plante alors je le réinstalle et je vide la quarantaine et je refais un scan et c'est repartie !

Jvais essayé de tt mettre en quarantaine 1 par 1 pour pas qu'il plante je supprime et je reboot. Et jvais regarder la télé et jverrai ça plus tard. j'en ai ma claque de cte merde ! Je reprendré apres la télé.

A+

gael31390 · Answer

Alors j'ai fais un scan en mode sans echec et il a marché, ma donné ce rapport : 


Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

22:50:01 28/08/2008
mbam-log-08-28-2008 (22-50-01).txt

Type de recherche: Examen rapide
Eléments examinés: 98343
Temps écoulé: 22 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 36
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e4c942f-e8bb-49c8-afb9-645ccd0c9630} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e4c942f-e8bb-49c8-afb9-645ccd0c9630} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf4bff2b-b9c5-4c11-ab65-b3baccbf2c6e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ecd99db2-abfa-46ae-a7ee-16d0ddb78258} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{733E9132-53CA-4C97-9AC9-145C4502FA20} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48a7a70a-e118-4506-a373-c9d4e8a212a1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7fbb2d91-9964-4196-bac5-d5e751762ec3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fbb2d91-9964-4196-bac5-d5e751762ec3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	dssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE	dss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Rununner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc74fj0e56c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc34fj0e56c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32	rrcuk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ubphqhf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhqhpbun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dao2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnxscoba.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnmnnvnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32hricvyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\update2.408.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\3RTQAYZ0\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\JD05HCNE\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\LTH1RB63\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\SUA7A9JN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	dssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers	dssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\alt.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\crock+mock.config (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM5b61ad01.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM5b61ad01.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc74fj0e56c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc74fj0e56c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc74fj0e56c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttAF.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\dat6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gael\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Maintenant l'ordi a redémarré et le message antivirus xp 2008 a disparru, le fond d'écran aussi, 2 messages d'erreur au demarage je fais ok c'est réglé, par contre tjrs pas internet ...

Utilisateur anonyme · Answer

réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

gael31390 · Answer

Bon l'ordi ne demarre pas en mode normal  ( ça rame bcp trop ) donc je fais tout en mode sans echec, et la il a redémarré et combofix me prepare le rapport a son rythme ... ^^ donc j'attend j'attend ...

gael31390 · Answer

Voila combofix a fini son rapport en mode sans echec que voici : ComboFix 08-08-28.06 - Administrateur 2008-08-29 11:59:34.2 - NTFSx86 MINIMAL Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\#SharedObjects\HJYN2XNN\iforex.com C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\#SharedObjects\HJYN2XNN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\akaya\Cookies\akaya@clicksor[2].txt C:\Documents and Settings\akaya\Cookies\akaya@edt02[1].txt C:\Documents and Settings\akaya ew.txt C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Gael ew.txt C:\Documents and Settings\Laurent\Application Data\Adobe\crc.dat C:\Documents and Settings\Laurent ew.txt C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\bin.clearspring.com C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\bin.clearspring.com\clearspring.sol C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\iforex.com C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings iphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings iphaine\Cookies iphaine@edt02[2].txt C:\Documents and Settings iphaine ew.txt C:\Program Files\Fichiers communs\WinSoftware C:\WINDOWS\exefld C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\urlmsnlink.dat E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_tdssserv ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))))))) . 2008-08-28 23:34 . 2008-08-28 23:34 d-------- C:\Program Files\RevoUninstaller 2008-08-28 22:26 . 2008-08-28 22:26 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-28 21:43 . 2008-08-28 23:34 d-------- C:\Program Files\VS Revo Group 2008-08-28 21:42 . 2008-08-28 21:42 d-------- C:\Program Files\RogueRemover FREE 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 12:49 . 2008-08-28 16:06 d-------- C:\Program Files\Trend Micro 2008-08-28 11:53 . 2008-08-28 12:22 d-------- C:\Program Files\Enigma Software Group 2008-08-27 13:18 . 2008-08-28 12:49 345 --ahs---- C:\WINDOWS\system32\jjkkj.ini 2008-08-27 13:13 . 2008-08-27 13:13 178,176 --a------ C:\WINDOWS\system32\drivers\NVNVRZRJ.sys 2008-08-27 13:13 . 2008-08-27 13:13 110,080 --a------ C:\WINDOWS\stfMeane1001186.exe 2008-08-27 13:13 . 2008-08-27 13:13 136 --a------ C:\WINDOWS\system32\C0.tmp 2008-08-27 13:13 . 2008-08-27 13:13 29 --a------ C:\WINDOWS\system32\ippffrri.tmp 2008-08-27 13:13 . 2008-08-27 13:13 18 --a------ C:\WINDOWS\system32\C6.tmp 2008-08-27 13:02 . 2008-08-27 13:52 d-------- C:\Documents and Settings\Laurent\Application Data\Azureus 2008-08-27 13:02 . 2008-08-27 13:02 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-13 22:45 . 2008-08-13 22:49 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-03 16:24 . 2008-08-03 16:24 d-------- C:\Program Files\Google 2008-08-03 12:46 . 2008-08-03 12:46 d-------- C:\Program Files\iPod 2008-08-01 16:40 . 2008-08-01 16:40 d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2 2008-08-01 16:40 . 2008-08-01 16:41 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-08-01 16:35 . 2008-08-28 12:23 d-------- C:\Program Files\songbird . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office 2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2 2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre 2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique 2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet 2008-08-27 11:52 --------- d-----w C:\Documents and Settings iphaine\Application Data\OpenOffice.org2 2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2 2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer 2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-16 13:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 10:02 --------- d-----w C:\Program Files\Java 2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus 2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT 2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour 2008-07-25 09:27 --------- d-----w C:\Program Files\Safari 2008-07-08 20:50 --------- d-----w C:\Documents and Settings iphaine\Application Data\Apple Computer 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-06 13:54 --------- d-----w C:\Documents and Settings iphaine\Application Data\Vso 2008-07-06 13:52 --------- d-----w C:\Documents and Settings iphaine\Application Data\VSO_HWE 2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso 2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE 2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-06 13:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys 2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT 2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings iphaine\Application Data\GDIPFONTCACHEV1.DAT 2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT 2007-02-18 19:16 54 ----a-w C:\Program Files\delir.gio 2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat 2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat 2006-05-18 15:02 31 ----a-w C:\Documents and Settings iphaine\getfile.dat 2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe 2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE 2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll 2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys 2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys 2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll 2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll 2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe 2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe 2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe 2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe 2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080] "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248] "avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008] "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344] "SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888] "iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe] "JWOSetup"="JWOSetup.exe" [2007-01-09 15:25 102400 C:\WINDOWS\JWOSetup.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040] D:\Gael\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2007-07-28 13:57:51 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=trrcuk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP40"= vp4vfw.dll "vidc.iv41"= ir41_32.dll "MSACM.CEGSM"= mobilev.acm "vidc.MJPG"= M3JPEG32.dll "vidc.dmb1"= M3JPEG32.dll "vidc.jpeg"= M3JPEG32.dll "vidc.mxmc"= MimicICM.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup [HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk] path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk backup=C:\WINDOWS\pss\Groom Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] --a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\CIMSVR.exe"= "C:\WINDOWS\system32\dplaysvr.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "D:\Gael\battlefield 2\BF2.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "D:\Gael\Mes Programmes\azureus\Azureus.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "D:\Gael\Mes Programmes\emule\eMule\emule.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "D:\Gael\Mes Programmes\skype\Phone\Skype.exe"= "D:\Gael\Mes Programmes\adsltv\adsltv.exe"= "D:\Gael\Mes Programmes\adsltv\vlc.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "D:\Gael\itunes\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10520:TCP"= 10520:TCP:BitComet 10520 TCP "10520:UDP"= 10520:UDP:BitComet 10520 UDP R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] S0 fbsbod;fbsbod;C:\WINDOWS\system32\drivers lcxgnww.sys [] S0 Gjl58;Gjl58;C:\WINDOWS\system32\Drivers\Gjl58.sys [] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S2 HDDTService;HDD Temperature;D:\Gael\Mes Programmes\HDDTSvc.exe [] S2 NVNVRZRJ;NVNVRZRJ;C:\WINDOWS\system32\drivers\NVNVRZRJ.sys [2008-08-27 13:13] S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll [] S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-09-11 17:59] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29] S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35] S3 IACtrl;IA Analysing v2.0;D:\Gael\Mes Programmes\iA-FR\IACtrl.exe [] S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58] S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-28 C:\WINDOWS\Tasks\8766042391D9DE33.job - c:\docume~1\laurent\applic~1\ballon~1\REFSIGNLONG.exe [] 2008-08-28 C:\WINDOWS\Tasks\AEBB77B49184F480.job - c:\docume~1\gael\applic~1\ballon~1\REFSIGNLONG.exe [] 2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-08-28 C:\WINDOWS\Tasks\F24E101B90DDFAE7.job - c:\docume~1 iphaine\applic~1\ballon~1\REFSIGNLONG.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{66C2FF28-9CD1-83A8-8D50-950AEA564FB3} - C:\DOCUME~1 iphaine\APPLIC~1\REGS16~1\Bat loud.exe HKLM-Run-Windows - C:\WINDOWS\WinSecurity\services.exe HKLM-Run-58529e9d - C:\WINDOWS\system32 ubphqhf.dll HKLM-Run-Cmaudio - cmicnfg.cpl HKLM-Run-CorelDRAW Graphics Suite 11b - (no file) Notify-iifgfdd - iifgfdd.dll MSConfigStartUp-HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe MSConfigStartUp-HP Software Update - C:\Documents and Settings iphaine\Mes documents\Mes images\appareil photos\HP Software Update\HPWuSchd2.exe MSConfigStartUp-I downloaded pirated Software from P2P - C:\WINDOWS\system32\Roller Coaster Tycoon 3 soaked .exe MSConfigStartUp-MoneyAgent - C:\Program Files\Microsoft Money\System\mnyexpr.exe MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe MSConfigStartUp-Wallpaper - D:\Gael\Mes Programmes\wallpaper\Wallpaper.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\w3rzrkji.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 12:05:11 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] " Windows"="C:\WINDOWS\WinSecurity\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HDDTService] "ImagePath"="D:\Gael\Mes Programmes\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService" . Temps d'accomplissement: 2008-08-29 12:12:08 ComboFix-quarantined-files.txt 2008-08-29 10:11:09 Pre-Run: 28,423,114,752 octets libres Post-Run: 28,406,034,432 octets libres 305 --- E O F --- 2008-08-13 20:49:22

gael31390 · Answer

bon l'ordi ne démarre plus du tout en mode normal, la fenetre avec les différents comptes souvre, et puis voila, je clic sur un compte et ça ne fait rien mm le bouton en bas a gauche ( arreter le systeme ) ne marche pas ...

Utilisateur anonyme · Answer

C LA galere le mode sans echec est ok lui ? 

si oui o,  continue le nettoyage (car il en reste) et apres on va fait une restauration si encore soucis 

dis moi si t es ok STP

gael31390 · Answer

En mode sans echec ça marche nickel mais jpeut pas ouvrir le mode normal ...
Je continu en mode sans echec a faire le nettoyage avec qui ?

Utilisateur anonyme · Answer

avec moi je suis là tout l apres midi 

on finit le nettoyage apre on soccupe du dysfonctionnement


Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

gael31390 · Answer

voici le log : 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:42, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hugedomains.com/domain_profile.cfm?d=antivirgear&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [ Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe"  /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin
pjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin
pjpi160_07.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: trrcuk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Temperature (HDDTService) - Unknown owner - D:\Gael\Mes Programmes\HDDTSvc.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: IA Analysing v2.0 (IACtrl) - Unknown owner - D:\Gael\Mes Programmes\iA-FR\IACtrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

* Télécharge FixWareout de ce site sur le bureau: 
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
 

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish. 
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal. 

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)

gael31390 · Answer

Voila le log : 

Username "Administrateur" - 29/08/2008 15:33:06 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check


System was rebooted successfully. 
 
~~~~~ Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
"CHotkey"="mHotkey.exe"
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe\""
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe"
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
" Windows"="C:\WINDOWS\WinSecurity\services.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe"
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
"avast!"="D:\Gael\Avast\ashDisp.exe"
"eCarteBleue-LP-P1"="\"C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe\"  /dontopenmycards"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"JWOSetup"="JWOSetup.exe -en"
"SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe -i"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
"QuickTime Task"="\"D:\Gael\itunes\Quicktime\QTTask.exe\" -atboottime"
"iTunesHelper"="\"D:\Gael\itunes\iTunesHelper.exe\""
"HKPHALKM"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,48,4b,50,48,41,4c,4b,\
4d,2e,65,78,65,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 


File:: 
C:\WINDOWS\system32\jjkkj.ini 
C:\WINDOWS\system32\drivers\NVNVRZRJ.sys 
C:\WINDOWS\imsins.BAK 
C:\Program Files\delir.gio 
C:\WINDOWS\system32\drivers
lcxgnww.sys 
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe 
C:\WINDOWS\system32\es.dll 
C:\WINDOWS\system32\Drivers\Gjl58.sys
D:\Gael\Mes Programmes\iA-FR\IACtrl.exe 
D:\Gael\Mes Programmes\HDDTSvc.exe 
C:\WINDOWS\WinSecurity\services.exe
C:\WINDOWS\JWOSetup.exe
C:\WINDOWS\stfMeane1001186.exe 
C:\WINDOWS\system32\C0.tmp 
C:\WINDOWS\system32\ippffrri.tmp 
C:\WINDOWS\system32\C6.tmp 

Folder:: 
C:\Program Files\delir.gio
C:\WINDOWS\WinSecurity
D:\Gael\Mes Programmes\iA-FR
C:\Program Files\Fichiers communs\BOONTY Shared

Registry:: 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys] 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Windows"=-
"JWOSetup"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun] 
" Windows"=-

Driver::
fbsbod
Gjl58
Boonty Games
HDDTService
IACtrl

DirLook:: 
C:\Documents and Settings\Gael\Application Data\Vso 
C:\Documents and Settings\Gael\Application Data\VSO_HWE 





Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

gael31390 · Answer

bon combofix est en train de préparer le log mais avant il a démarré en mode normal, et je pouvais cliquer sur les différents comptes, j'ai d'ailleurs redémarré l'ordi avec le bouton en bas a gauche qui a marché, et ce n'était pas lent, mais j'ai préférer redémarrer en mode sans echec pour finir le travail.

Utilisateur anonyme · Answer

oki 

le soucis étai là:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBo­ot\Minimal\Gjl58.sys]

gael31390 · Answer

bon le rapport hijackthis est fait par contre combofix n'a jamais voulu me donner ce log alors j'ai redémarré et j'ai relancé un scan.

Utilisateur anonyme · Answer

OK , je m absente 30 min et j eregarde tes rapports

gael31390 · Answer

Vas-y , le combofix il n'a jamais voulu le pondre alors jte met le hijackthis ( tu veux le combofix ? ) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39, on 2008-08-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hugedomains.com/domain_profile.cfm?d=antivirgear&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe"  /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin
pjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin
pjpi160_07.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

gael31390 · Answer

voila le log combofix mais après redémarrage de l'ordi, pas a juste après le scan avec le fichier que j'ai du faire glisser : ComboFix 08-08-28.06 - Administrateur 2008-08-29 16:53:13.5 - NTFSx86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.753 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Program Files\delir.gio C:\Program Files\delir.gio\ C:\Program Files\Fichiers communs\BOONTY Shared C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe C:\WINDOWS\imsins.BAK C:\WINDOWS\JWOSetup.exe C:\WINDOWS\stfMeane1001186.exe C:\WINDOWS\system32\C0.tmp C:\WINDOWS\system32\C6.tmp C:\WINDOWS\system32\drivers\NVNVRZRJ.sys C:\WINDOWS\system32\es.dll C:\WINDOWS\system32\ippffrri.tmp C:\WINDOWS\system32\jjkkj.ini C:\WINDOWS\WinSecurity C:\WINDOWS\WinSecurity\mssock1.dli C:\WINDOWS\WinSecurity\mssock2.dli C:\WINDOWS\WinSecurity\mssock3.dli C:\WINDOWS\WinSecurity\socket1.ifo C:\WINDOWS\WinSecurity\socket2.ifo C:\WINDOWS\WinSecurity\socket3.ifo C:\WINDOWS\WinSecurity\starter.run C:\WINDOWS\WinSecurity\sysonce.tst C:\WINDOWS\WinSecurity\winmem1.ory C:\WINDOWS\WinSecurity\winmem2.ory C:\WINDOWS\WinSecurity\winmem3.ory . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))))))) . 2008-08-29 15:32 . 2008-08-29 15:42 d-------- C:\fixwareout 2008-08-28 23:34 . 2008-08-28 23:34 d-------- C:\Program Files\RevoUninstaller 2008-08-28 22:26 . 2008-08-28 22:26 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-28 21:43 . 2008-08-28 23:34 d-------- C:\Program Files\VS Revo Group 2008-08-28 21:42 . 2008-08-28 21:42 d-------- C:\Program Files\RogueRemover FREE 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 12:49 . 2008-08-29 15:13 d-------- C:\Program Files\Trend Micro 2008-08-28 11:53 . 2008-08-28 12:22 d-------- C:\Program Files\Enigma Software Group 2008-08-27 13:02 . 2008-08-27 13:52 d-------- C:\Documents and Settings\Laurent\Application Data\Azureus 2008-08-27 13:02 . 2008-08-27 13:02 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-03 16:24 . 2008-08-03 16:24 d-------- C:\Program Files\Google 2008-08-03 12:46 . 2008-08-03 12:46 d-------- C:\Program Files\iPod 2008-08-01 16:40 . 2008-08-01 16:40 d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2 2008-08-01 16:40 . 2008-08-01 16:41 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-08-01 16:35 . 2008-08-28 12:23 d-------- C:\Program Files\songbird . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office 2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2 2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre 2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique 2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet 2008-08-27 11:52 --------- d-----w C:\Documents and Settings iphaine\Application Data\OpenOffice.org2 2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2 2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer 2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-16 13:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 10:02 --------- d-----w C:\Program Files\Java 2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus 2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT 2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour 2008-07-25 09:27 --------- d-----w C:\Program Files\Safari 2008-07-08 20:50 --------- d-----w C:\Documents and Settings iphaine\Application Data\Apple Computer 2008-07-06 13:54 --------- d-----w C:\Documents and Settings iphaine\Application Data\Vso 2008-07-06 13:52 --------- d-----w C:\Documents and Settings iphaine\Application Data\VSO_HWE 2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso 2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE 2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-06 13:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys 2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT 2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings iphaine\Application Data\GDIPFONTCACHEV1.DAT 2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT 2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat 2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat 2006-05-18 15:02 31 ----a-w C:\Documents and Settings iphaine\getfile.dat 2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe 2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE 2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll 2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys 2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys 2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll 2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll 2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe 2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe 2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe 2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe 2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-29_12.10.40.29 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-10-20 18:02:28 174,592 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe + 2000-08-31 06:00:00 106,496 ----a-w C:\WINDOWS\sed.exe - 2008-08-29 09:49:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-08-29 14:37:26 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-08-29 09:49:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-29 14:37:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-08-29 09:49:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-29 14:37:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080] "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248] "avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008] "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344] "SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888] "iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040] D:\Gael\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2007-07-28 13:57:51 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP40"= vp4vfw.dll "vidc.iv41"= ir41_32.dll "MSACM.CEGSM"= mobilev.acm "vidc.MJPG"= M3JPEG32.dll "vidc.dmb1"= M3JPEG32.dll "vidc.jpeg"= M3JPEG32.dll "vidc.mxmc"= MimicICM.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup [HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk] path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk backup=C:\WINDOWS\pss\Groom Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] --a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\CIMSVR.exe"= "C:\WINDOWS\system32\dplaysvr.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "D:\Gael\battlefield 2\BF2.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "D:\Gael\Mes Programmes\azureus\Azureus.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "D:\Gael\Mes Programmes\emule\eMule\emule.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "D:\Gael\Mes Programmes\skype\Phone\Skype.exe"= "D:\Gael\Mes Programmes\adsltv\adsltv.exe"= "D:\Gael\Mes Programmes\adsltv\vlc.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "D:\Gael\itunes\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10520:TCP"= 10520:TCP:BitComet 10520 TCP "10520:UDP"= 10520:UDP:BitComet 10520 UDP R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S2 NVNVRZRJ;NVNVRZRJ;C:\WINDOWS\system32\drivers\NVNVRZRJ.sys [] S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll [] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29] S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35] S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58] S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-28 C:\WINDOWS\Tasks\8766042391D9DE33.job - c:\docume~1\laurent\applic~1\ballon~1\REFSIGNLONG.exe [] 2008-08-28 C:\WINDOWS\Tasks\AEBB77B49184F480.job - c:\docume~1\gael\applic~1\ballon~1\REFSIGNLONG.exe [] 2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-08-28 C:\WINDOWS\Tasks\F24E101B90DDFAE7.job - c:\docume~1 iphaine\applic~1\ballon~1\REFSIGNLONG.exe [] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\w3rzrkji.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 16:55:39 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-08-29 17:00:43 ComboFix-quarantined-files.txt 2008-08-29 14:59:41 ComboFix2.txt 2008-08-29 10:12:09 Pre-Run: 27,818,983,424 octets libres Post-Run: 27,800,674,304 octets libres 279 --- E O F --- 2008-08-13 20:49:22

Utilisateur anonyme · Answer

* Télécharge SDFix depuis ce lien : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
* Enregistre SDFix sur ton bureau 
* Double-clique sur l'icone SDFix 
* Une fenêtre s'ouvre, laisse les options telles quelles puis clique sur le bouton InstallSDFix . 

Pour la suite le nettoyage se fait en mode sans échec. 

Pour redémarrer en mode sans échec : 

* Redémarre ton PC, avant le logo Windows et après le changement du premier écran 
* Tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier. 
* Pour plus d'informations, voir la page comment redémarrer en mode sans échec 

* Une fois en mode sans échec, clique sur le menu Démarrer puis Exécuter et colle la commande suivant : 
C:\SDFix\RunThis.bat 
* Cliquez sur OK. 
* Une fenêtre noire s'ouvre vous donnant la version du Fix. 
* Appuyez sur la touche Y (pour yes) du clavier et appuyez sur Entrée 

*A ce moment le bureau (Menu Démarrer etc.) va disparaître. 

* Le Fix commence son travail, cela peut durer une trentaines de minutes 
* Une fois les opérations de nettoyage effectuées... SDFix signale que l'ordinateur doit être redémarré : 

>>>The PC Will now restart 

* Appuie sur une touche du clavier 

* L'ordinateur va redémarrer normalement. 
* Avant d'arriver sur le bureau, une nouvelle fenêtre de SDFix va s'ouvrir. Ca peut durer cinq minutes... 

>> Le rapport SDFix s'ouvre alors fais un copier coller et envoi le.

gael31390 · Answer

je fais ça en mode normal ( mtn qui remarche ) et je coupe avast, ou je fais ça en mode sans echec ?

gael31390 · Answer

j'ai rien dit j'avais pas vu.

gael31390 · Answer

bon il est en train de faire le rapport, mais il met du tps !

Utilisateur anonyme · Answer

ok

gael31390 · Answer

Et voila le rapport, mais tjrs pas internet ... :


[b]SDFix: Version 1.220 [/b]
Run by Administrateur on 29/08/2008 at 17:51

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\23.tmp - Deleted
C:\2A.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 18:17:42
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,44,77,6e,e2,16,a9,3e,78,96,c5,7e,56,cd,ee,e1,a8,63,ff,74,ef,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:22,95,58,f1,b7,61,66,f1,af,26,66,3d,f6,87,0c,d8,a2,4c,9f,bc,a9,..
"a0"=hex:20,01,00,00,53,d3,f3,49,39,c2,f0,39,47,34,82,a1,65,d1,a9,85,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,e6,23,8a,69,37,78,0e,e9,7f,9b,95,90,d4,66,a3,b3,bb,e1,ca,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,44,77,6e,e2,16,a9,3e,78,96,c5,7e,56,cd,ee,e1,a8,63,ff,74,ef,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:22,95,58,f1,b7,61,66,f1,af,26,66,3d,f6,87,0c,d8,a2,4c,9f,bc,a9,..
"a0"=hex:20,01,00,00,53,d3,f3,49,39,c2,f0,39,47,34,82,a1,65,d1,a9,85,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,e6,23,8a,69,37,78,0e,e9,7f,9b,95,90,d4,66,a3,b3,bb,e1,ca,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:1e,44,77,6e,e2,16,a9,3e,78,96,c5,7e,56,cd,ee,e1,a8,63,ff,74,ef,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:22,95,58,f1,b7,61,66,f1,af,26,66,3d,f6,87,0c,d8,a2,4c,9f,bc,a9,..
"a0"=hex:20,01,00,00,53,d3,f3,49,39,c2,f0,39,47,34,82,a1,65,d1,a9,85,d5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1e,e6,23,8a,69,37,78,0e,e9,7f,9b,95,90,d4,66,a3,b3,bb,e1,ca,a6,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\CIMSVR.exe"="C:\WINDOWS\system32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Gael\battlefield 2\BF2.exe"="D:\Gael\battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\Gael\Mes Programmes\azureus\Azureus.exe"="D:\Gael\Mes Programmes\azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Gael\Mes Programmes\emule\eMule\emule.exe"="D:\Gael\Mes Programmes\emule\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Gael\Mes Programmes\skype\Phone\Skype.exe"="D:\Gael\Mes Programmes\skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Gael\Mes Programmes\adsltv\adsltv.exe"="D:\Gael\Mes Programmes\adsltv\adsltv.exe:*:Enabled:adsltv"
"D:\Gael\Mes Programmes\adsltv\vlc.exe"="D:\Gael\Mes Programmes\adsltv\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Gael\itunes\iTunes.exe"="D:\Gael\itunes\iTunes.exe:*:Enabled:iTunes"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 21 Feb 2007        10,752 A..H. --- "C:\Program Files\MSN Messenger\WINHTTP.dll"
Sun 26 Nov 2006             8 ..SHR --- "C:\WINDOWS\system32\3E4521AF55.sys"
Fri 30 Nov 2007           104 ..SHR --- "C:\WINDOWS\system32\55AF21453E.sys"
Fri  4 Jan 2008         5,746 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 22 Aug 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun  6 Jul 2008        55,296 ...H. --- "C:\Documents and Settings\Laurent\Bureau\~WRL0002.tmp"
Thu  6 Dec 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 10 Dec 2005            96 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Fri 29 Aug 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp"
Fri 29 Aug 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71dbbbe29103410f2afc92925fe4a5f7\BIT3.tmp"

[b]Finished![/b]

Utilisateur anonyme · Answer

j ai entendu pour internet 

c est plutot normal je vais t expliquer pourquoi 

refais un scan hijackthis et post le rapport

gael31390 · Answer

et hop : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:10, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Gael\Avast\aswUpdSv.exe
D:\Gael\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Remote Task Manager\RTMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
D:\Gael\Avast\ashMaiSv.exe
D:\Gael\Avast\ashWebSv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Gael\Avast\ashDisp.exe
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tcljxzcrcdchtwqj.com/JKnJWJ0pGXmm9xCaSYkBIs5aZocM8hxewLc3zrOSsezohjvRhRLDXaK_HZ2vRg0P.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe"  /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Toolless] C:\DOCUME~1\Laurent\APPLIC~1\BALLON~1\Idle Plan.exe
O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O15 - Trusted Zone: https://sts.lecnam.net/idp/profile/SAML2/Redirect/SSO?execution=e1s1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

Il reste des infection et ton detournement de DNS qui nous ramène en pologne d ou tes soucis de connexions

réouvre hijackthis
fais scan only
coche ces lignes :


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) 

O15 - Trusted Zone: https://sts.lecnam.net/idp/profile/SAML2/Redirect/SSO?execution=e1s1 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254 
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254 
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254 
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254 
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254 
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254 


tu les coches et tu clic sur fix checked 


ensuite :

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt)

gael31390 · Answer

le voila : 



   --------------------\  Lop S&D 4.2.3-6   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Laurent ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 (Activated)

   "C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
   Option : [1] ( 29/08/2008|19:01 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [05/11/2007|20:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
   [21/05/2005|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [28/08/2008|22:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [05/11/2007|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [28/08/2008|12:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

   [13/05/2007|12:22] C:\DOCUME~1\akaya\APPLIC~1\$_hpcst$.hpc
   [09/01/2008|15:29] C:\DOCUME~1\akaya\APPLIC~1\Adobe
   [29/11/2006|00:12] C:\DOCUME~1\akaya\APPLIC~1\AdobeUM
   [09/01/2007|18:07] C:\DOCUME~1\akaya\APPLIC~1\Ahead
   [29/12/2007|19:49] C:\DOCUME~1\akaya\APPLIC~1\Apple Computer
   [03/10/2007|10:38] C:\DOCUME~1\akaya\APPLIC~1\Corel
   [21/05/2005|18:31] C:\DOCUME~1\akaya\APPLIC~1\desktop.ini
   [06/12/2007|21:41] C:\DOCUME~1\akaya\APPLIC~1\EFF
   [22/10/2007|18:42] C:\DOCUME~1\akaya\APPLIC~1\GDIPFONTCACHEV1.DAT
   [20/08/2007|21:28] C:\DOCUME~1\akaya\APPLIC~1\HP
   [16/11/2006|20:27] C:\DOCUME~1\akaya\APPLIC~1\Identities
   [11/12/2007|11:14] C:\DOCUME~1\akaya\APPLIC~1\JustWrite Office
   [11/02/2007|17:25] C:\DOCUME~1\akaya\APPLIC~1\Leadertech
   [18/11/2006|14:15] C:\DOCUME~1\akaya\APPLIC~1\Macromedia
   [26/11/2007|10:43] C:\DOCUME~1\akaya\APPLIC~1\Media Player Classic
   [16/06/2007|18:19] C:\DOCUME~1\akaya\APPLIC~1\Microsoft
   [18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Mozilla
   [06/06/2008|13:53] C:\DOCUME~1\akaya\APPLIC~1\OpenOffice.org2
   [20/12/2006|20:02] C:\DOCUME~1\akaya\APPLIC~1\Sun
   [18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Talkback
   [26/12/2006|22:35] C:\DOCUME~1\akaya\APPLIC~1\vlc
   [13/12/2007|23:08] C:\DOCUME~1\akaya\APPLIC~1\WTablet

   [16/01/2006|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7F8108F6-359E-4BA7-8C2C-E52196483C9C}
   [19/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [19/09/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [01/07/2007|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [25/12/2006|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [27/08/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
   [08/05/2006|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bike ace list meow
   [11/09/2005|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [21/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [21/05/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [23/06/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [18/08/2007|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [17/04/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
   [28/08/2005|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [05/07/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [28/08/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [13/10/2005|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [29/02/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [21/05/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [16/12/2007|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
   [21/05/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [04/01/2006|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
   [03/09/2007|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [10/11/2005|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G4
   [15/02/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [01/08/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SongbirdVLC
   [18/08/2007|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
   [08/12/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [27/07/2007|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WhiteCap (Holiday Edition)
   [22/07/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [01/03/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [21/05/2005|18:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [01/12/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [13/04/2007|22:41] C:\DOCUME~1\Gael\APPLIC~1\$_hpcst$.hpc
   [19/09/2006|20:40] C:\DOCUME~1\Gael\APPLIC~1\ACD Systems
   [09/10/2005|16:20] C:\DOCUME~1\Gael\APPLIC~1\AchrafCherti
   [05/12/2007|20:42] C:\DOCUME~1\Gael\APPLIC~1\Address Book
   [23/06/2008|21:03] C:\DOCUME~1\Gael\APPLIC~1\Adobe
   [13/07/2006|17:22] C:\DOCUME~1\Gael\APPLIC~1\AdobeUM
   [06/08/2005|19:41] C:\DOCUME~1\Gael\APPLIC~1\Ahead
   [19/05/2008|17:02] C:\DOCUME~1\Gael\APPLIC~1\Apple Computer
   [13/04/2007|23:00] C:\DOCUME~1\Gael\APPLIC~1\Arcsoft
   [17/08/2007|15:31] C:\DOCUME~1\Gael\APPLIC~1\Atari
   [23/05/2008|15:24] C:\DOCUME~1\Gael\APPLIC~1\AVSMedia
   [30/07/2008|22:33] C:\DOCUME~1\Gael\APPLIC~1\Azureus
   [08/05/2006|19:20] C:\DOCUME~1\Gael\APPLIC~1\Ballonelies
   [04/06/2008|14:15] C:\DOCUME~1\Gael\APPLIC~1\Blender Foundation
   [01/11/2006|16:15] C:\DOCUME~1\Gael\APPLIC~1\Camfrog
   [22/09/2007|16:39] C:\DOCUME~1\Gael\APPLIC~1\Corel
   [24/05/2005|19:45] C:\DOCUME~1\Gael\APPLIC~1\Cyberlink
   [23/03/2008|22:10] C:\DOCUME~1\Gael\APPLIC~1\DAEMON Tools
   [19/02/2008|16:59] C:\DOCUME~1\Gael\APPLIC~1\DeepBurner
   [12/03/2006|18:01] C:\DOCUME~1\Gael\APPLIC~1\Desktop Sidebar
   [21/05/2005|18:31] C:\DOCUME~1\Gael\APPLIC~1\desktop.ini
   [02/02/2008|19:29] C:\DOCUME~1\Gael\APPLIC~1\Dev-Cpp
   [05/12/2007|20:24] C:\DOCUME~1\Gael\APPLIC~1\Finder Bar
   [11/04/2006|21:08] C:\DOCUME~1\Gael\APPLIC~1\FotoWire
   [22/04/2008|19:51] C:\DOCUME~1\Gael\APPLIC~1\GDIPFONTCACHEV1.DAT
   [22/01/2008|21:57] C:\DOCUME~1\Gael\APPLIC~1\GetRightToGo
   [03/08/2008|16:25] C:\DOCUME~1\Gael\APPLIC~1\Google
   [22/09/2005|19:30] C:\DOCUME~1\Gael\APPLIC~1\Grisbi
   [07/02/2008|20:56] C:\DOCUME~1\Gael\APPLIC~1\gtk-2.0
   [03/07/2005|16:11] C:\DOCUME~1\Gael\APPLIC~1\Help
   [18/08/2007|18:34] C:\DOCUME~1\Gael\APPLIC~1\HP
   [09/04/2007|01:08] C:\DOCUME~1\Gael\APPLIC~1\Identities
   [19/04/2008|13:15] C:\DOCUME~1\Gael\APPLIC~1\JustWrite Office
   [08/05/2006|19:03] C:\DOCUME~1\Gael\APPLIC~1\Lavasoft
   [19/09/2006|20:43] C:\DOCUME~1\Gael\APPLIC~1\Leadertech
   [21/05/2005|20:46] C:\DOCUME~1\Gael\APPLIC~1\Macromedia
   [30/05/2005|13:10] C:\DOCUME~1\Gael\APPLIC~1\Media Player Classic
   [10/12/2007|21:42] C:\DOCUME~1\Gael\APPLIC~1\Microsoft
   [21/05/2005|20:43] C:\DOCUME~1\Gael\APPLIC~1\Mozilla
   [19/08/2005|00:21] C:\DOCUME~1\Gael\APPLIC~1\MSN6
   [23/01/2006|21:27] C:\DOCUME~1\Gael\APPLIC~1\Nvu
   [25/08/2008|18:38] C:\DOCUME~1\Gael\APPLIC~1\OpenOffice.org2
   [22/12/2007|16:58] C:\DOCUME~1\Gael\APPLIC~1\OtakuSoftware
   [03/06/2008|12:11] C:\DOCUME~1\Gael\APPLIC~1\PnkBstrK.sys
   [18/06/2005|22:09] C:\DOCUME~1\Gael\APPLIC~1\Real
   [08/05/2006|19:21] C:\DOCUME~1\Gael\APPLIC~1\Regs 16
   [10/11/2005|21:19] C:\DOCUME~1\Gael\APPLIC~1\River Past G4
   [09/10/2005|15:53] C:\DOCUME~1\Gael\APPLIC~1\RobotProgPrefs
   [15/03/2007|21:30] C:\DOCUME~1\Gael\APPLIC~1\Screenshot Sender
   [12/12/2005|18:32] C:\DOCUME~1\Gael\APPLIC~1\Seven Zip
   [06/06/2008|21:21] C:\DOCUME~1\Gael\APPLIC~1\Skype
   [09/10/2005|15:59] C:\DOCUME~1\Gael\APPLIC~1\Solve Elec Prefs
   [04/07/2005|15:55] C:\DOCUME~1\Gael\APPLIC~1\Sun
   [07/08/2005|13:25] C:\DOCUME~1\Gael\APPLIC~1\Talkback
   [02/06/2007|13:36] C:\DOCUME~1\Gael\APPLIC~1	eamspeak2
   [03/07/2008|14:25] C:\DOCUME~1\Gael\APPLIC~1\vlc
   [03/07/2008|22:37] C:\DOCUME~1\Gael\APPLIC~1\Vso
   [03/07/2008|22:36] C:\DOCUME~1\Gael\APPLIC~1\VSO_HWE
   [15/08/2007|01:27] C:\DOCUME~1\Gael\APPLIC~1\Wallpaper
   [27/08/2008|16:43] C:\DOCUME~1\Gael\APPLIC~1\WTablet

   [18/04/2007|16:34] C:\DOCUME~1\Laurent\APPLIC~1\$_hpcst$.hpc
   [25/06/2005|15:26] C:\DOCUME~1\Laurent\APPLIC~1\.bittorrent
   [29/08/2008|11:10] C:\DOCUME~1\Laurent\APPLIC~1\Adobe
   [16/01/2007|18:44] C:\DOCUME~1\Laurent\APPLIC~1\AdobeUM
   [03/01/2007|20:01] C:\DOCUME~1\Laurent\APPLIC~1\Ahead
   [22/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\Apple Computer
   [27/08/2008|13:52] C:\DOCUME~1\Laurent\APPLIC~1\Azureus
   [08/05/2006|19:23] C:\DOCUME~1\Laurent\APPLIC~1\Ballonelies
   [31/10/2007|20:59] C:\DOCUME~1\Laurent\APPLIC~1\Corel
   [26/09/2007|09:37] C:\DOCUME~1\Laurent\APPLIC~1\Cyberlink
   [21/05/2005|18:31] C:\DOCUME~1\Laurent\APPLIC~1\desktop.ini
   [05/12/2007|20:34] C:\DOCUME~1\Laurent\APPLIC~1\Finder Bar
   [26/07/2008|20:32] C:\DOCUME~1\Laurent\APPLIC~1\GDIPFONTCACHEV1.DAT
   [28/07/2007|14:04] C:\DOCUME~1\Laurent\APPLIC~1\Google
   [02/06/2005|18:58] C:\DOCUME~1\Laurent\APPLIC~1\Help
   [18/08/2007|17:44] C:\DOCUME~1\Laurent\APPLIC~1\HP
   [21/05/2005|17:44] C:\DOCUME~1\Laurent\APPLIC~1\Identities
   [21/05/2005|18:25] C:\DOCUME~1\Laurent\APPLIC~1\InterTrust
   [28/08/2008|23:23] C:\DOCUME~1\Laurent\APPLIC~1\JustWrite Office
   [08/03/2006|16:48] C:\DOCUME~1\Laurent\APPLIC~1\Lavasoft
   [16/04/2008|14:55] C:\DOCUME~1\Laurent\APPLIC~1\Leadertech
   [21/05/2005|19:43] C:\DOCUME~1\Laurent\APPLIC~1\Macromedia
   [28/08/2008|16:13] C:\DOCUME~1\Laurent\APPLIC~1\Malwarebytes
   [27/06/2005|19:31] C:\DOCUME~1\Laurent\APPLIC~1\Media Player Classic
   [18/08/2007|17:29] C:\DOCUME~1\Laurent\APPLIC~1\Microsoft
   [01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Mozilla
   [14/08/2005|13:19] C:\DOCUME~1\Laurent\APPLIC~1\MSN6
   [28/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\OpenOffice.org2
   [17/03/2006|18:38] C:\DOCUME~1\Laurent\APPLIC~1\Real
   [08/05/2006|19:24] C:\DOCUME~1\Laurent\APPLIC~1\Regs 16
   [18/03/2007|15:23] C:\DOCUME~1\Laurent\APPLIC~1\Skype
   [01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Songbird2
   [27/06/2005|20:57] C:\DOCUME~1\Laurent\APPLIC~1\Sun
   [25/09/2005|18:26] C:\DOCUME~1\Laurent\APPLIC~1\Talkback
   [01/04/2007|21:01] C:\DOCUME~1\Laurent\APPLIC~1\vlc
   [11/12/2007|22:09] C:\DOCUME~1\Laurent\APPLIC~1\WTablet
   [20/01/2006|17:36] C:\DOCUME~1\Laurent\APPLIC~1\Xfire

   [21/01/2007|15:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [12/12/2007|20:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
   [14/08/2005|16:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

   [01/07/2005|14:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [01/12/2007|00:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [14/04/2007|11:06] C:\DOCUME~1	iphaine\APPLIC~1\$_hpcst$.hpc
   [24/07/2008|20:41] C:\DOCUME~1	iphaine\APPLIC~1\Adobe
   [28/01/2006|18:00] C:\DOCUME~1	iphaine\APPLIC~1\AdobeUM
   [20/12/2005|13:28] C:\DOCUME~1	iphaine\APPLIC~1\Ahead
   [08/07/2008|22:50] C:\DOCUME~1	iphaine\APPLIC~1\Apple Computer
   [08/05/2006|19:26] C:\DOCUME~1	iphaine\APPLIC~1\Ballonelies
   [08/11/2007|20:44] C:\DOCUME~1	iphaine\APPLIC~1\Corel
   [21/05/2005|18:31] C:\DOCUME~1	iphaine\APPLIC~1\desktop.ini
   [13/04/2008|16:23] C:\DOCUME~1	iphaine\APPLIC~1\GDIPFONTCACHEV1.DAT
   [28/07/2007|14:04] C:\DOCUME~1	iphaine\APPLIC~1\Google
   [30/12/2007|22:06] C:\DOCUME~1	iphaine\APPLIC~1\gtk-2.0
   [19/08/2007|12:04] C:\DOCUME~1	iphaine\APPLIC~1\HP
   [14/08/2005|15:18] C:\DOCUME~1	iphaine\APPLIC~1\Identities
   [14/12/2007|19:42] C:\DOCUME~1	iphaine\APPLIC~1\JustWrite Office
   [18/09/2006|20:36] C:\DOCUME~1	iphaine\APPLIC~1\Leadertech
   [14/08/2005|15:26] C:\DOCUME~1	iphaine\APPLIC~1\Macromedia
   [16/08/2005|18:09] C:\DOCUME~1	iphaine\APPLIC~1\Media Player Classic
   [07/03/2008|20:16] C:\DOCUME~1	iphaine\APPLIC~1\Microsoft
   [14/08/2005|15:18] C:\DOCUME~1	iphaine\APPLIC~1\Mozilla
   [16/12/2007|19:23] C:\DOCUME~1	iphaine\APPLIC~1\NCH Swift Sound
   [27/08/2008|13:52] C:\DOCUME~1	iphaine\APPLIC~1\OpenOffice.org2
   [08/05/2006|19:26] C:\DOCUME~1	iphaine\APPLIC~1\Regs 16
   [23/02/2007|22:21] C:\DOCUME~1	iphaine\APPLIC~1\Skype
   [16/08/2005|13:37] C:\DOCUME~1	iphaine\APPLIC~1\Sun
   [14/08/2005|15:18] C:\DOCUME~1	iphaine\APPLIC~1\Talkback
   [02/04/2007|16:19] C:\DOCUME~1	iphaine\APPLIC~1\vlc
   [06/07/2008|15:54] C:\DOCUME~1	iphaine\APPLIC~1\Vso
   [06/07/2008|15:52] C:\DOCUME~1	iphaine\APPLIC~1\VSO_HWE
   [14/12/2007|19:40] C:\DOCUME~1	iphaine\APPLIC~1\WTablet
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [27/08/2008 16:38][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [29/08/2008 19:00][--ah-----] C:\WINDOWS	asks\F24E101B90DDFAE7.job
   [29/08/2008 19:00][--ah-----] C:\WINDOWS	asks\8766042391D9DE33.job
   [29/08/2008 19:00][--ah-----] C:\WINDOWS	asks\AEBB77B49184F480.job
   [29/08/2008 18:09][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/04/2003 14:00][-r-h-c---] C:\WINDOWS	asks\desktop.ini

   ( 8766042391D9DE33.job )=( c:\docume~1\laurent\applic~1\ballon~1\REFSIGNLONG.exe )
   ( AEBB77B49184F480.job )=( c:\docume~1\gael\applic~1\ballon~1\REFSIGNLONG.exe )
   ( F24E101B90DDFAE7.job )=( c:\docume~1	iphaine\applic~1\ballon~1\REFSIGNLONG.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [09/07/2008|16:57] C:\Program Files\Adobe
   [08/05/2006|19:33] C:\Program Files\Adverts
   [09/10/2005|16:14] C:\Program Files\Agelong Tree
   [19/12/2005|16:46] C:\Program Files\Ahead
   [11/08/2008|17:23] C:\Program Files\Apple Software Update
   [23/05/2008|15:23] C:\Program Files\AVSMedia
   [02/04/2007|21:25] C:\Program Files\Axon Data
   [23/03/2006|17:49] C:\Program Files\Ballonelies
   [02/11/2007|13:30] C:\Program Files\Belkin
   [25/07/2008|11:41] C:\Program Files\Bonjour
   [29/08/2007|22:35] C:\Program Files\Boonty
   [21/05/2005|18:17] C:\Program Files\C-Media 3D Audio
   [16/12/2007|16:41] C:\Program Files\Common Files
   [22/09/2007|17:56] C:\Program Files\Corel
   [12/03/2006|12:56] C:\Program Files\Cyanide
   [21/05/2005|18:23] C:\Program Files\CyberLink
   [15/05/2006|10:49] C:\Program Files\DIFX
   [04/01/2006|11:48] C:\Program Files\directx
   [13/01/2008|14:55] C:\Program Files\DivX
   [31/10/2007|21:00] C:\Program Files\EasyStudio II 1.0
   [18/08/2005|19:03] C:\Program Files\e-Carte Bleue
   [20/03/2008|18:17] C:\Program Files\e-Carte Bleue La Banque Postale
   [04/11/2006|17:31] C:\Program Files\Eidos Interactive
   [28/08/2008|12:22] C:\Program Files\Enigma Software Group
   [16/12/2007|15:59] C:\Program Files\EuroSat
   [07/12/2007|14:59] C:\Program Files\Extrafilm FotoFacil
   [29/08/2008|16:54] C:\Program Files\Fichiers communs
   [21/09/2005|14:15] C:\Program Files\Firefox Setup 1.0.7.exe
   [30/08/2005|10:13] C:\Program Files\Foreignword
   [26/06/2008|10:19] C:\Program Files\Free
   [21/05/2005|18:48] C:\Program Files\Free.fr
   [03/07/2005|15:21] C:\Program Files\gomysoft
   [03/08/2008|16:24] C:\Program Files\Google
   [18/08/2007|17:38] C:\Program Files\Hewlett-Packard
   [21/05/2005|18:24] C:\Program Files\Home Cinema
   [18/08/2007|17:44] C:\Program Files\HP
   [18/08/2007|17:18] C:\Program Files\HP C5180
   [20/06/2005|09:38] C:\Program Files\Illustrate
   [17/09/2007|22:14] C:\Program Files\INFORAD
   [17/09/2007|22:14] C:\Program Files\INFORAD_DRIVERS
   [07/06/2008|17:03] C:\Program Files\InstallShield Installation Information
   [13/08/2008|22:45] C:\Program Files\Internet Explorer
   [03/08/2008|12:46] C:\Program Files\iPod
   [27/08/2008|18:48] C:\Program Files\Jargon Informatique
   [28/08/2005|15:58] C:\Program Files\Jasc Software Inc
   [09/08/2008|12:02] C:\Program Files\Java
   [10/12/2007|21:42] C:\Program Files\JustWrite Office
   [08/03/2006|16:48] C:\Program Files\Lavasoft
   [11/04/2006|21:08] C:\Program Files\Logitech
   [13/06/2005|16:05] C:\Program Files\Maxis
   [19/08/2007|19:37] C:\Program Files\Media Access
   [24/02/2007|19:09] C:\Program Files\MermozDB
   [21/05/2005|17:37] C:\Program Files\microsoft frontpage
   [11/06/2008|21:04] C:\Program Files\Microsoft Games
   [13/12/2007|19:56] C:\Program Files\Microsoft Office
   [05/12/2007|21:03] C:\Program Files\Movie Maker
   [28/08/2008|16:13] C:\Program Files\Mozilla Firefox
   [21/05/2005|17:35] C:\Program Files\MSN Gaming Zone
   [11/04/2008|18:20] C:\Program Files\MSN Messenger
   [18/11/2006|13:02] C:\Program Files\MSXML 4.0
   [04/01/2006|19:11] C:\Program Files\Musicmatch
   [03/04/2006|22:25] C:\Program Files\MySQL
   [16/12/2007|19:26] C:\Program Files\NCH Swift Sound
   [27/08/2008|19:25] C:\Program Files\NetMeeting
   [23/11/2006|21:16] C:\Program Files\Notepad2
   [17/08/2005|13:20] C:\Program Files\NovaLogic
   [23/11/2006|20:46] C:\Program Files\Olympus
   [27/03/2006|12:08] C:\Program Files\Ontrack
   [27/08/2008|19:26] C:\Program Files\OpenOffice.org 2.1
   [04/01/2006|12:19] C:\Program Files\ORB Networks
   [05/12/2007|20:56] C:\Program Files\Outlook Express
   [03/09/2006|18:02] C:\Program Files\PAN vision
   [01/06/2008|00:26] C:\Program Files\PestPatrol
   [27/08/2008|19:27] C:\Program Files\PhotoFiltre
   [03/06/2007|10:38] C:\Program Files\PrintMaster
   [28/11/2005|19:57] C:\Program Files\Prolific
   [18/03/2007|15:29] C:\Program Files\QuickTime
   [11/04/2006|21:08] C:\Program Files\Real
   [26/08/2006|15:45] C:\Program Files\Remote Task Manager
   [28/08/2008|23:34] C:\Program Files\RevoUninstaller
   [10/11/2005|21:18] C:\Program Files\River Past
   [28/08/2008|21:42] C:\Program Files\RogueRemover FREE
   [25/07/2008|11:27] C:\Program Files\Safari
   [10/12/2005|18:40] C:\Program Files\Satsuki Decoder Pack
   [27/11/2005|19:29] C:\Program Files\Serif
   [21/05/2005|17:36] C:\Program Files\Services en ligne
   [03/06/2007|10:35] C:\Program Files\SHARED
   [26/08/2006|00:01] C:\Program Files\SiSoftware
   [21/05/2005|18:55] C:\Program Files\Softwin
   [28/08/2008|12:23] C:\Program Files\songbird
   [26/08/2006|15:33] C:\Program Files\Synergy
   [11/12/2007|19:30] C:\Program Files\Tablet
   [29/08/2008|15:13] C:\Program Files\Trend Micro
   [10/12/2006|16:31] C:\Program Files\Ubisoft
   [11/02/2006|20:59] C:\Program Files\Uninstall Information
   [05/11/2001|10:30] C:\Program Files\UNWISE.EXE
   [28/08/2008|23:34] C:\Program Files\VS Revo Group
   [16/01/2007|19:00] C:\Program Files\vso
   [29/09/2006|17:13] C:\Program Files\VVSN
   [16/11/2006|20:27] C:\Program Files\Web Publish
   [28/06/2005|11:44] C:\Program Files\Windows Journal Viewer
   [01/03/2008|14:48] C:\Program Files\Windows Live
   [21/05/2005|18:35] C:\Program Files\Windows Media Components
   [21/01/2007|15:29] C:\Program Files\Windows Media Connect 2
   [06/12/2007|19:14] C:\Program Files\Windows Media Player
   [05/12/2007|20:49] C:\Program Files\Windows NT
   [05/12/2007|21:03] C:\Program Files\WinOSX
   [27/08/2008|19:30] C:\Program Files\WinRAR
   [26/08/2006|15:36] C:\Program Files\Winsos-Connect
   [21/05/2005|18:23] C:\Program Files\X10 Hardware
   [21/05/2005|17:37] C:\Program Files\xerox
   [21/05/2005|18:02] C:\Program Files\XviD
   [03/07/2005|19:25] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [19/09/2006|20:47] C:\Program Files\Fichiers communs\ACD Systems
   [23/06/2008|14:57] C:\Program Files\Fichiers communs\Adobe
   [19/12/2005|16:46] C:\Program Files\Fichiers communs\Ahead
   [01/07/2007|10:39] C:\Program Files\Fichiers communs\Apple
   [23/05/2008|15:24] C:\Program Files\Fichiers communs\AVSMedia
   [28/09/2006|21:03] C:\Program Files\Fichiers communs\click2learn
   [01/05/2008|13:56] C:\Program Files\Fichiers communs\Designer
   [20/08/2005|14:42] C:\Program Files\Fichiers communs\DirectX
   [11/04/2006|21:08] C:\Program Files\Fichiers communs\FotoWire
   [18/08/2007|17:37] C:\Program Files\Fichiers communs\Hewlett-Packard
   [18/08/2007|17:41] C:\Program Files\Fichiers communs\HP
   [28/08/2005|15:54] C:\Program Files\Fichiers communs\InstallShield
   [11/07/2005|22:53] C:\Program Files\Fichiers communs\Java
   [21/05/2005|18:37] C:\Program Files\Fichiers communs\Logitech
   [23/06/2008|14:40] C:\Program Files\Fichiers communs\Macrovision Shared
   [02/03/2008|17:03] C:\Program Files\Fichiers communs\Microsoft Shared
   [21/05/2005|17:35] C:\Program Files\Fichiers communs\MSSoap
   [14/12/2005|13:28] C:\Program Files\Fichiers communs\ODBC
   [11/04/2006|21:08] C:\Program Files\Fichiers communs\Real
   [10/11/2005|21:18] C:\Program Files\Fichiers communs\River Past
   [21/05/2005|17:36] C:\Program Files\Fichiers communs\Services
   [21/05/2005|18:54] C:\Program Files\Fichiers communs\Softwin
   [18/08/2007|17:42] C:\Program Files\Fichiers communs\Sonic Shared
   [21/05/2005|18:31] C:\Program Files\Fichiers communs\SpeechEngines
   [05/12/2007|20:55] C:\Program Files\Fichiers communs\System
   [16/03/2006|18:42] C:\Program Files\Fichiers communs\Vbox
   [01/03/2008|14:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 44 Processus )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\Gael\APPLIC~1\ballon~1
   C:\DOCUME~1\Laurent\APPLIC~1\ballon~1
   C:\DOCUME~1	iphaine\APPLIC~1\ballon~1
   C:\Program Files\ballon~1
   C:\WINDOWS\system32\drivers\etc\hosts.alu
   C:\WINDOWS\system32\drivers\etc\hosts.ics
   C:\WINDOWS\system32\drivers\etc\hosts.lvv
   C:\WINDOWS\system32\drivers\etc\hosts.owu
   C:\Program Files\Adverts
   C:\WINDOWS\Tasks\8766042391D9DE33.job
   C:\WINDOWS\Tasks\AEBB77B49184F480.job
   C:\WINDOWS\Tasks\F24E101B90DDFAE7.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "Toolless"="C:\DOCUME~1\Laurent\APPLIC~1\BALLON~1\Idle Plan.exe"

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-29 19:02:39
   Windows 5.1.2600 Service Pack 2 NTFS
   detected NTDLL code modification:
   ZwOpenFile
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\Laurent\Application Data\Azureus	orrents\Windows_XP_SP2_Keygen___Key_Changer___Windows_Genuine_Validation-Fenopy.com.torrent
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe


   [F:2][D:3]-> C:\DOCUME~1\Laurent\LOCALS~1\Temp
   [F:1][D:0]-> C:\DOCUME~1\Laurent\Cookies
   [F:6][D:4]-> C:\DOCUME~1\Laurent\LOCALS~1\TEMPOR~1\content.IE5

   --------------------\  Fin du rapport a 19:05:50

Utilisateur anonyme · Answer

Relance Lop S&D 


* Choisis cette fois ci l'Option 2 (Suppression) 
* Ne ferme pas la fenêtre lors de la suppression ! 
* Poste le rapport généré (C:\lopR.txt)

gael31390 · Answer

le rapport que voici : 



   --------------------\  Lop S&D 4.2.3-6   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 3000+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Laurent ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 080826-0] 4.8.1229 (Activated)

   "C:\Lop SD" ( MAJ : 27-08-2008|22:40 )
   Option : [2] ( 29/08/2008|19:19 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.alu
   Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.ics
   Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.lvv
   Supprime! - C:\WINDOWS\system32\drivers\etc\hosts.owu
   Supprime! - C:\WINDOWS\Tasks\8766042391D9DE33.job 
   Supprime! - C:\WINDOWS\Tasks\AEBB77B49184F480.job 
   Supprime! - C:\WINDOWS\Tasks\F24E101B90DDFAE7.job 
   Supprime! - C:\DOCUME~1\Gael\APPLIC~1\ballon~1
   Supprime! - C:\DOCUME~1\Laurent\APPLIC~1\ballon~1
   Supprime! - C:\DOCUME~1	iphaine\APPLIC~1\ballon~1
   Supprime! - C:\Program Files\ballon~1
   Supprime! - C:\Program Files\Adverts
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [05/11/2007|20:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
   [21/05/2005|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [28/08/2008|22:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [05/11/2007|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [28/08/2008|12:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla

   [13/05/2007|12:22] C:\DOCUME~1\akaya\APPLIC~1\$_hpcst$.hpc
   [09/01/2008|15:29] C:\DOCUME~1\akaya\APPLIC~1\Adobe
   [29/11/2006|00:12] C:\DOCUME~1\akaya\APPLIC~1\AdobeUM
   [09/01/2007|18:07] C:\DOCUME~1\akaya\APPLIC~1\Ahead
   [29/12/2007|19:49] C:\DOCUME~1\akaya\APPLIC~1\Apple Computer
   [03/10/2007|10:38] C:\DOCUME~1\akaya\APPLIC~1\Corel
   [21/05/2005|18:31] C:\DOCUME~1\akaya\APPLIC~1\desktop.ini
   [06/12/2007|21:41] C:\DOCUME~1\akaya\APPLIC~1\EFF
   [22/10/2007|18:42] C:\DOCUME~1\akaya\APPLIC~1\GDIPFONTCACHEV1.DAT
   [20/08/2007|21:28] C:\DOCUME~1\akaya\APPLIC~1\HP
   [16/11/2006|20:27] C:\DOCUME~1\akaya\APPLIC~1\Identities
   [11/12/2007|11:14] C:\DOCUME~1\akaya\APPLIC~1\JustWrite Office
   [11/02/2007|17:25] C:\DOCUME~1\akaya\APPLIC~1\Leadertech
   [18/11/2006|14:15] C:\DOCUME~1\akaya\APPLIC~1\Macromedia
   [26/11/2007|10:43] C:\DOCUME~1\akaya\APPLIC~1\Media Player Classic
   [16/06/2007|18:19] C:\DOCUME~1\akaya\APPLIC~1\Microsoft
   [18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Mozilla
   [06/06/2008|13:53] C:\DOCUME~1\akaya\APPLIC~1\OpenOffice.org2
   [20/12/2006|20:02] C:\DOCUME~1\akaya\APPLIC~1\Sun
   [18/11/2006|14:13] C:\DOCUME~1\akaya\APPLIC~1\Talkback
   [26/12/2006|22:35] C:\DOCUME~1\akaya\APPLIC~1\vlc
   [13/12/2007|23:08] C:\DOCUME~1\akaya\APPLIC~1\WTablet

   [16/01/2006|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7F8108F6-359E-4BA7-8C2C-E52196483C9C}
   [19/03/2008|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [19/09/2007|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
   [01/07/2007|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [25/12/2006|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [27/08/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
   [08/05/2006|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bike ace list meow
   [11/09/2005|17:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [21/05/2005|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [21/05/2005|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [23/06/2008|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [18/08/2007|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
   [17/04/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
   [28/08/2005|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [05/07/2005|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [28/08/2008|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [13/10/2005|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [29/02/2008|22:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [21/05/2005|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
   [16/12/2007|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
   [21/05/2005|17:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [04/01/2006|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OrbNetworks
   [03/09/2007|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
   [10/11/2005|21:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G4
   [15/02/2006|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [01/08/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SongbirdVLC
   [18/08/2007|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
   [08/12/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [27/07/2007|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WhiteCap (Holiday Edition)
   [22/07/2006|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [01/03/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [21/05/2005|18:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [01/12/2007|00:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [13/04/2007|22:41] C:\DOCUME~1\Gael\APPLIC~1\$_hpcst$.hpc
   [19/09/2006|20:40] C:\DOCUME~1\Gael\APPLIC~1\ACD Systems
   [09/10/2005|16:20] C:\DOCUME~1\Gael\APPLIC~1\AchrafCherti
   [05/12/2007|20:42] C:\DOCUME~1\Gael\APPLIC~1\Address Book
   [23/06/2008|21:03] C:\DOCUME~1\Gael\APPLIC~1\Adobe
   [13/07/2006|17:22] C:\DOCUME~1\Gael\APPLIC~1\AdobeUM
   [06/08/2005|19:41] C:\DOCUME~1\Gael\APPLIC~1\Ahead
   [19/05/2008|17:02] C:\DOCUME~1\Gael\APPLIC~1\Apple Computer
   [13/04/2007|23:00] C:\DOCUME~1\Gael\APPLIC~1\Arcsoft
   [17/08/2007|15:31] C:\DOCUME~1\Gael\APPLIC~1\Atari
   [23/05/2008|15:24] C:\DOCUME~1\Gael\APPLIC~1\AVSMedia
   [30/07/2008|22:33] C:\DOCUME~1\Gael\APPLIC~1\Azureus
   [04/06/2008|14:15] C:\DOCUME~1\Gael\APPLIC~1\Blender Foundation
   [01/11/2006|16:15] C:\DOCUME~1\Gael\APPLIC~1\Camfrog
   [22/09/2007|16:39] C:\DOCUME~1\Gael\APPLIC~1\Corel
   [24/05/2005|19:45] C:\DOCUME~1\Gael\APPLIC~1\Cyberlink
   [23/03/2008|22:10] C:\DOCUME~1\Gael\APPLIC~1\DAEMON Tools
   [19/02/2008|16:59] C:\DOCUME~1\Gael\APPLIC~1\DeepBurner
   [12/03/2006|18:01] C:\DOCUME~1\Gael\APPLIC~1\Desktop Sidebar
   [21/05/2005|18:31] C:\DOCUME~1\Gael\APPLIC~1\desktop.ini
   [02/02/2008|19:29] C:\DOCUME~1\Gael\APPLIC~1\Dev-Cpp
   [05/12/2007|20:24] C:\DOCUME~1\Gael\APPLIC~1\Finder Bar
   [11/04/2006|21:08] C:\DOCUME~1\Gael\APPLIC~1\FotoWire
   [22/04/2008|19:51] C:\DOCUME~1\Gael\APPLIC~1\GDIPFONTCACHEV1.DAT
   [22/01/2008|21:57] C:\DOCUME~1\Gael\APPLIC~1\GetRightToGo
   [03/08/2008|16:25] C:\DOCUME~1\Gael\APPLIC~1\Google
   [22/09/2005|19:30] C:\DOCUME~1\Gael\APPLIC~1\Grisbi
   [07/02/2008|20:56] C:\DOCUME~1\Gael\APPLIC~1\gtk-2.0
   [03/07/2005|16:11] C:\DOCUME~1\Gael\APPLIC~1\Help
   [18/08/2007|18:34] C:\DOCUME~1\Gael\APPLIC~1\HP
   [09/04/2007|01:08] C:\DOCUME~1\Gael\APPLIC~1\Identities
   [19/04/2008|13:15] C:\DOCUME~1\Gael\APPLIC~1\JustWrite Office
   [08/05/2006|19:03] C:\DOCUME~1\Gael\APPLIC~1\Lavasoft
   [19/09/2006|20:43] C:\DOCUME~1\Gael\APPLIC~1\Leadertech
   [21/05/2005|20:46] C:\DOCUME~1\Gael\APPLIC~1\Macromedia
   [30/05/2005|13:10] C:\DOCUME~1\Gael\APPLIC~1\Media Player Classic
   [10/12/2007|21:42] C:\DOCUME~1\Gael\APPLIC~1\Microsoft
   [21/05/2005|20:43] C:\DOCUME~1\Gael\APPLIC~1\Mozilla
   [19/08/2005|00:21] C:\DOCUME~1\Gael\APPLIC~1\MSN6
   [23/01/2006|21:27] C:\DOCUME~1\Gael\APPLIC~1\Nvu
   [25/08/2008|18:38] C:\DOCUME~1\Gael\APPLIC~1\OpenOffice.org2
   [22/12/2007|16:58] C:\DOCUME~1\Gael\APPLIC~1\OtakuSoftware
   [03/06/2008|12:11] C:\DOCUME~1\Gael\APPLIC~1\PnkBstrK.sys
   [18/06/2005|22:09] C:\DOCUME~1\Gael\APPLIC~1\Real
   [08/05/2006|19:21] C:\DOCUME~1\Gael\APPLIC~1\Regs 16
   [10/11/2005|21:19] C:\DOCUME~1\Gael\APPLIC~1\River Past G4
   [09/10/2005|15:53] C:\DOCUME~1\Gael\APPLIC~1\RobotProgPrefs
   [15/03/2007|21:30] C:\DOCUME~1\Gael\APPLIC~1\Screenshot Sender
   [12/12/2005|18:32] C:\DOCUME~1\Gael\APPLIC~1\Seven Zip
   [06/06/2008|21:21] C:\DOCUME~1\Gael\APPLIC~1\Skype
   [09/10/2005|15:59] C:\DOCUME~1\Gael\APPLIC~1\Solve Elec Prefs
   [04/07/2005|15:55] C:\DOCUME~1\Gael\APPLIC~1\Sun
   [07/08/2005|13:25] C:\DOCUME~1\Gael\APPLIC~1\Talkback
   [02/06/2007|13:36] C:\DOCUME~1\Gael\APPLIC~1	eamspeak2
   [03/07/2008|14:25] C:\DOCUME~1\Gael\APPLIC~1\vlc
   [03/07/2008|22:37] C:\DOCUME~1\Gael\APPLIC~1\Vso
   [03/07/2008|22:36] C:\DOCUME~1\Gael\APPLIC~1\VSO_HWE
   [15/08/2007|01:27] C:\DOCUME~1\Gael\APPLIC~1\Wallpaper
   [27/08/2008|16:43] C:\DOCUME~1\Gael\APPLIC~1\WTablet

   [18/04/2007|16:34] C:\DOCUME~1\Laurent\APPLIC~1\$_hpcst$.hpc
   [25/06/2005|15:26] C:\DOCUME~1\Laurent\APPLIC~1\.bittorrent
   [29/08/2008|11:10] C:\DOCUME~1\Laurent\APPLIC~1\Adobe
   [16/01/2007|18:44] C:\DOCUME~1\Laurent\APPLIC~1\AdobeUM
   [03/01/2007|20:01] C:\DOCUME~1\Laurent\APPLIC~1\Ahead
   [22/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\Apple Computer
   [27/08/2008|13:52] C:\DOCUME~1\Laurent\APPLIC~1\Azureus
   [31/10/2007|20:59] C:\DOCUME~1\Laurent\APPLIC~1\Corel
   [26/09/2007|09:37] C:\DOCUME~1\Laurent\APPLIC~1\Cyberlink
   [21/05/2005|18:31] C:\DOCUME~1\Laurent\APPLIC~1\desktop.ini
   [05/12/2007|20:34] C:\DOCUME~1\Laurent\APPLIC~1\Finder Bar
   [26/07/2008|20:32] C:\DOCUME~1\Laurent\APPLIC~1\GDIPFONTCACHEV1.DAT
   [28/07/2007|14:04] C:\DOCUME~1\Laurent\APPLIC~1\Google
   [02/06/2005|18:58] C:\DOCUME~1\Laurent\APPLIC~1\Help
   [18/08/2007|17:44] C:\DOCUME~1\Laurent\APPLIC~1\HP
   [21/05/2005|17:44] C:\DOCUME~1\Laurent\APPLIC~1\Identities
   [21/05/2005|18:25] C:\DOCUME~1\Laurent\APPLIC~1\InterTrust
   [28/08/2008|23:23] C:\DOCUME~1\Laurent\APPLIC~1\JustWrite Office
   [08/03/2006|16:48] C:\DOCUME~1\Laurent\APPLIC~1\Lavasoft
   [16/04/2008|14:55] C:\DOCUME~1\Laurent\APPLIC~1\Leadertech
   [21/05/2005|19:43] C:\DOCUME~1\Laurent\APPLIC~1\Macromedia
   [28/08/2008|16:13] C:\DOCUME~1\Laurent\APPLIC~1\Malwarebytes
   [27/06/2005|19:31] C:\DOCUME~1\Laurent\APPLIC~1\Media Player Classic
   [18/08/2007|17:29] C:\DOCUME~1\Laurent\APPLIC~1\Microsoft
   [01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Mozilla
   [14/08/2005|13:19] C:\DOCUME~1\Laurent\APPLIC~1\MSN6
   [28/08/2008|15:52] C:\DOCUME~1\Laurent\APPLIC~1\OpenOffice.org2
   [17/03/2006|18:38] C:\DOCUME~1\Laurent\APPLIC~1\Real
   [08/05/2006|19:24] C:\DOCUME~1\Laurent\APPLIC~1\Regs 16
   [18/03/2007|15:23] C:\DOCUME~1\Laurent\APPLIC~1\Skype
   [01/08/2008|16:40] C:\DOCUME~1\Laurent\APPLIC~1\Songbird2
   [27/06/2005|20:57] C:\DOCUME~1\Laurent\APPLIC~1\Sun
   [25/09/2005|18:26] C:\DOCUME~1\Laurent\APPLIC~1\Talkback
   [01/04/2007|21:01] C:\DOCUME~1\Laurent\APPLIC~1\vlc
   [11/12/2007|22:09] C:\DOCUME~1\Laurent\APPLIC~1\WTablet
   [20/01/2006|17:36] C:\DOCUME~1\Laurent\APPLIC~1\Xfire

   [21/01/2007|15:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [12/12/2007|20:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
   [14/08/2005|16:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

   [01/07/2005|14:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [01/12/2007|00:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [14/04/2007|11:06] C:\DOCUME~1	iphaine\APPLIC~1\$_hpcst$.hpc
   [24/07/2008|20:41] C:\DOCUME~1	iphaine\APPLIC~1\Adobe
   [28/01/2006|18:00] C:\DOCUME~1	iphaine\APPLIC~1\AdobeUM
   [20/12/2005|13:28] C:\DOCUME~1	iphaine\APPLIC~1\Ahead
   [08/07/2008|22:50] C:\DOCUME~1	iphaine\APPLIC~1\Apple Computer
   [08/11/2007|20:44] C:\DOCUME~1	iphaine\APPLIC~1\Corel
   [21/05/2005|18:31] C:\DOCUME~1	iphaine\APPLIC~1\desktop.ini
   [13/04/2008|16:23] C:\DOCUME~1	iphaine\APPLIC~1\GDIPFONTCACHEV1.DAT
   [28/07/2007|14:04] C:\DOCUME~1	iphaine\APPLIC~1\Google
   [30/12/2007|22:06] C:\DOCUME~1	iphaine\APPLIC~1\gtk-2.0
   [19/08/2007|12:04] C:\DOCUME~1	iphaine\APPLIC~1\HP
   [14/08/2005|15:18] C:\DOCUME~1	iphaine\APPLIC~1\Identities
   [14/12/2007|19:42] C:\DOCUME~1	iphaine\APPLIC~1\JustWrite Office
   [18/09/2006|20:36] C:\DOCUME~1	iphaine\APPLIC~1\Leadertech
   [14/08/2005|15:26] C:\DOCUME~1	iphaine\APPLIC~1\Macromedia
   [16/08/2005|18:09] C:\DOCUME~1	iphaine\APPLIC~1\Media Player Classic
   [07/03/2008|20:16] C:\DOCUME~1	iphaine\APPLIC~1\Microsoft
   [14/08/2005|15:18] C:\DOCUME~1	iphaine\APPLIC~1\Mozilla
   [16/12/2007|19:23] C:\DOCUME~1	iphaine\APPLIC~1\NCH Swift Sound
   [27/08/2008|13:52] C:\DOCUME~1	iphaine\APPLIC~1\OpenOffice.org2
   [08/05/2006|19:26] C:\DOCUME~1	iphaine\APPLIC~1\Regs 16
   [23/02/2007|22:21] C:\DOCUME~1	iphaine\APPLIC~1\Skype
   [16/08/2005|13:37] C:\DOCUME~1	iphaine\APPLIC~1\Sun
   [14/08/2005|15:18] C:\DOCUME~1	iphaine\APPLIC~1\Talkback
   [02/04/2007|16:19] C:\DOCUME~1	iphaine\APPLIC~1\vlc
   [06/07/2008|15:54] C:\DOCUME~1	iphaine\APPLIC~1\Vso
   [06/07/2008|15:52] C:\DOCUME~1	iphaine\APPLIC~1\VSO_HWE
   [14/12/2007|19:40] C:\DOCUME~1	iphaine\APPLIC~1\WTablet
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [27/08/2008 16:38][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [29/08/2008 18:09][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/04/2003 14:00][-r-h-c---] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [09/07/2008|16:57] C:\Program Files\Adobe
   [09/10/2005|16:14] C:\Program Files\Agelong Tree
   [19/12/2005|16:46] C:\Program Files\Ahead
   [11/08/2008|17:23] C:\Program Files\Apple Software Update
   [23/05/2008|15:23] C:\Program Files\AVSMedia
   [02/04/2007|21:25] C:\Program Files\Axon Data
   [02/11/2007|13:30] C:\Program Files\Belkin
   [25/07/2008|11:41] C:\Program Files\Bonjour
   [29/08/2007|22:35] C:\Program Files\Boonty
   [21/05/2005|18:17] C:\Program Files\C-Media 3D Audio
   [16/12/2007|16:41] C:\Program Files\Common Files
   [22/09/2007|17:56] C:\Program Files\Corel
   [12/03/2006|12:56] C:\Program Files\Cyanide
   [21/05/2005|18:23] C:\Program Files\CyberLink
   [15/05/2006|10:49] C:\Program Files\DIFX
   [04/01/2006|11:48] C:\Program Files\directx
   [13/01/2008|14:55] C:\Program Files\DivX
   [31/10/2007|21:00] C:\Program Files\EasyStudio II 1.0
   [18/08/2005|19:03] C:\Program Files\e-Carte Bleue
   [20/03/2008|18:17] C:\Program Files\e-Carte Bleue La Banque Postale
   [04/11/2006|17:31] C:\Program Files\Eidos Interactive
   [28/08/2008|12:22] C:\Program Files\Enigma Software Group
   [16/12/2007|15:59] C:\Program Files\EuroSat
   [07/12/2007|14:59] C:\Program Files\Extrafilm FotoFacil
   [29/08/2008|16:54] C:\Program Files\Fichiers communs
   [21/09/2005|14:15] C:\Program Files\Firefox Setup 1.0.7.exe
   [30/08/2005|10:13] C:\Program Files\Foreignword
   [26/06/2008|10:19] C:\Program Files\Free
   [21/05/2005|18:48] C:\Program Files\Free.fr
   [03/07/2005|15:21] C:\Program Files\gomysoft
   [03/08/2008|16:24] C:\Program Files\Google
   [18/08/2007|17:38] C:\Program Files\Hewlett-Packard
   [21/05/2005|18:24] C:\Program Files\Home Cinema
   [18/08/2007|17:44] C:\Program Files\HP
   [18/08/2007|17:18] C:\Program Files\HP C5180
   [20/06/2005|09:38] C:\Program Files\Illustrate
   [17/09/2007|22:14] C:\Program Files\INFORAD
   [17/09/2007|22:14] C:\Program Files\INFORAD_DRIVERS
   [07/06/2008|17:03] C:\Program Files\InstallShield Installation Information
   [13/08/2008|22:45] C:\Program Files\Internet Explorer
   [03/08/2008|12:46] C:\Program Files\iPod
   [27/08/2008|18:48] C:\Program Files\Jargon Informatique
   [28/08/2005|15:58] C:\Program Files\Jasc Software Inc
   [09/08/2008|12:02] C:\Program Files\Java
   [10/12/2007|21:42] C:\Program Files\JustWrite Office
   [08/03/2006|16:48] C:\Program Files\Lavasoft
   [11/04/2006|21:08] C:\Program Files\Logitech
   [13/06/2005|16:05] C:\Program Files\Maxis
   [19/08/2007|19:37] C:\Program Files\Media Access
   [24/02/2007|19:09] C:\Program Files\MermozDB
   [21/05/2005|17:37] C:\Program Files\microsoft frontpage
   [11/06/2008|21:04] C:\Program Files\Microsoft Games
   [13/12/2007|19:56] C:\Program Files\Microsoft Office
   [05/12/2007|21:03] C:\Program Files\Movie Maker
   [28/08/2008|16:13] C:\Program Files\Mozilla Firefox
   [21/05/2005|17:35] C:\Program Files\MSN Gaming Zone
   [11/04/2008|18:20] C:\Program Files\MSN Messenger
   [18/11/2006|13:02] C:\Program Files\MSXML 4.0
   [04/01/2006|19:11] C:\Program Files\Musicmatch
   [03/04/2006|22:25] C:\Program Files\MySQL
   [16/12/2007|19:26] C:\Program Files\NCH Swift Sound
   [27/08/2008|19:25] C:\Program Files\NetMeeting
   [23/11/2006|21:16] C:\Program Files\Notepad2
   [17/08/2005|13:20] C:\Program Files\NovaLogic
   [23/11/2006|20:46] C:\Program Files\Olympus
   [27/03/2006|12:08] C:\Program Files\Ontrack
   [27/08/2008|19:26] C:\Program Files\OpenOffice.org 2.1
   [04/01/2006|12:19] C:\Program Files\ORB Networks
   [05/12/2007|20:56] C:\Program Files\Outlook Express
   [03/09/2006|18:02] C:\Program Files\PAN vision
   [01/06/2008|00:26] C:\Program Files\PestPatrol
   [27/08/2008|19:27] C:\Program Files\PhotoFiltre
   [03/06/2007|10:38] C:\Program Files\PrintMaster
   [28/11/2005|19:57] C:\Program Files\Prolific
   [18/03/2007|15:29] C:\Program Files\QuickTime
   [11/04/2006|21:08] C:\Program Files\Real
   [26/08/2006|15:45] C:\Program Files\Remote Task Manager
   [28/08/2008|23:34] C:\Program Files\RevoUninstaller
   [10/11/2005|21:18] C:\Program Files\River Past
   [28/08/2008|21:42] C:\Program Files\RogueRemover FREE
   [25/07/2008|11:27] C:\Program Files\Safari
   [10/12/2005|18:40] C:\Program Files\Satsuki Decoder Pack
   [27/11/2005|19:29] C:\Program Files\Serif
   [21/05/2005|17:36] C:\Program Files\Services en ligne
   [03/06/2007|10:35] C:\Program Files\SHARED
   [26/08/2006|00:01] C:\Program Files\SiSoftware
   [21/05/2005|18:55] C:\Program Files\Softwin
   [28/08/2008|12:23] C:\Program Files\songbird
   [26/08/2006|15:33] C:\Program Files\Synergy
   [11/12/2007|19:30] C:\Program Files\Tablet
   [29/08/2008|15:13] C:\Program Files\Trend Micro
   [10/12/2006|16:31] C:\Program Files\Ubisoft
   [11/02/2006|20:59] C:\Program Files\Uninstall Information
   [05/11/2001|10:30] C:\Program Files\UNWISE.EXE
   [28/08/2008|23:34] C:\Program Files\VS Revo Group
   [16/01/2007|19:00] C:\Program Files\vso
   [29/09/2006|17:13] C:\Program Files\VVSN
   [16/11/2006|20:27] C:\Program Files\Web Publish
   [28/06/2005|11:44] C:\Program Files\Windows Journal Viewer
   [01/03/2008|14:48] C:\Program Files\Windows Live
   [21/05/2005|18:35] C:\Program Files\Windows Media Components
   [21/01/2007|15:29] C:\Program Files\Windows Media Connect 2
   [06/12/2007|19:14] C:\Program Files\Windows Media Player
   [05/12/2007|20:49] C:\Program Files\Windows NT
   [05/12/2007|21:03] C:\Program Files\WinOSX
   [27/08/2008|19:30] C:\Program Files\WinRAR
   [26/08/2006|15:36] C:\Program Files\Winsos-Connect
   [21/05/2005|18:23] C:\Program Files\X10 Hardware
   [21/05/2005|17:37] C:\Program Files\xerox
   [21/05/2005|18:02] C:\Program Files\XviD
   [03/07/2005|19:25] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [19/09/2006|20:47] C:\Program Files\Fichiers communs\ACD Systems
   [23/06/2008|14:57] C:\Program Files\Fichiers communs\Adobe
   [19/12/2005|16:46] C:\Program Files\Fichiers communs\Ahead
   [01/07/2007|10:39] C:\Program Files\Fichiers communs\Apple
   [23/05/2008|15:24] C:\Program Files\Fichiers communs\AVSMedia
   [28/09/2006|21:03] C:\Program Files\Fichiers communs\click2learn
   [01/05/2008|13:56] C:\Program Files\Fichiers communs\Designer
   [20/08/2005|14:42] C:\Program Files\Fichiers communs\DirectX
   [11/04/2006|21:08] C:\Program Files\Fichiers communs\FotoWire
   [18/08/2007|17:37] C:\Program Files\Fichiers communs\Hewlett-Packard
   [18/08/2007|17:41] C:\Program Files\Fichiers communs\HP
   [28/08/2005|15:54] C:\Program Files\Fichiers communs\InstallShield
   [11/07/2005|22:53] C:\Program Files\Fichiers communs\Java
   [21/05/2005|18:37] C:\Program Files\Fichiers communs\Logitech
   [23/06/2008|14:40] C:\Program Files\Fichiers communs\Macrovision Shared
   [02/03/2008|17:03] C:\Program Files\Fichiers communs\Microsoft Shared
   [21/05/2005|17:35] C:\Program Files\Fichiers communs\MSSoap
   [14/12/2005|13:28] C:\Program Files\Fichiers communs\ODBC
   [11/04/2006|21:08] C:\Program Files\Fichiers communs\Real
   [10/11/2005|21:18] C:\Program Files\Fichiers communs\River Past
   [21/05/2005|17:36] C:\Program Files\Fichiers communs\Services
   [21/05/2005|18:54] C:\Program Files\Fichiers communs\Softwin
   [18/08/2007|17:42] C:\Program Files\Fichiers communs\Sonic Shared
   [21/05/2005|18:31] C:\Program Files\Fichiers communs\SpeechEngines
   [05/12/2007|20:55] C:\Program Files\Fichiers communs\System
   [16/03/2006|18:42] C:\Program Files\Fichiers communs\Vbox
   [01/03/2008|14:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 44 Processus )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-29 19:20:51
   Windows 5.1.2600 Service Pack 2 NTFS
   detected NTDLL code modification:
   ZwOpenFile
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\Laurent\Application Data\Azureus	orrents\Windows_XP_SP2_Keygen___Key_Changer___Windows_Genuine_Validation-Fenopy.com.torrent
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe
   C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe


   [F:2][D:3]-> C:\DOCUME~1\Laurent\LOCALS~1\Temp
   [F:1][D:0]-> C:\DOCUME~1\Laurent\Cookies
   [F:6][D:4]-> C:\DOCUME~1\Laurent\LOCALS~1\TEMPOR~1\content.IE5

   --------------------\  Fin du rapport a 19:24:02

Utilisateur anonyme · Answer

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\DOCUME~1\Laurent\Application Data\Azureus	orrents\Windows_XP_SP2_Keygen___Key_Changer___Windows_Genuine_Validation-Fenopy.com.torrent 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe 
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

gael31390 · Answer

Est - ce que ceci est le rapport ? car il été au format .log donc j'ai utilisé le bloc note pour l'ouvrir : 

File/Folder C:\DOCUME~1\Laurent\Application Data\Azureus	orrents\Windows_XP_SP2_Keygen___Key_Changer___­Windows_Genuine_Validation-Fenopy.com.torrent not found.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation moved successfully.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer moved successfully.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen moved successfully.
C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation moved successfully.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\info.txt not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\1) Keygen\keygen.exe not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\2) Key Changer\XPPID.exe not found.
File/Folder C:\DOCUME~1\Laurent\Mes documents\Azureus Downloads\Windows XP SP2 Keygen + Key Changer + Windows Genuine Validation\3) Windows Genuine Validation\WGA.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_193126

Utilisateur anonyme · Answer

oui c est cela 

on va faire un peux le menage des outils utilisé :

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

gael31390 · Answer

voilà : 

-->- Recherche: 

C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Utilisateur anonyme · Answer

toujours pas de connexion ??

Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

gael31390 · Answer

le rapport hijackthis : 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:27, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Gael\Avast\aswUpdSv.exe
D:\Gael\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Gael\Avast\ashDisp.exe
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Remote Task Manager\RTMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
D:\Gael\Avast\ashMaiSv.exe
D:\Gael\Avast\ashWebSv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tcljxzcrcdchtwqj.com/JKnJWJ0pGXmm9xCaSYkBIs5aZocM8hxewLc3zrOSsezohjvRhRLDXaK_HZ2vRg0P.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe"  /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [_Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Utilisateur anonyme · Answer

c est presque finit ...

apres on s occupe de la connection supprime tout les rapport combofix 

et on le repasse stp

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

gael31390 · Answer

et hop : ComboFix 08-08-29.01 - Laurent 2008-08-29 20:48:36.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.648 [GMT 2:00] Endroit: C:\Documents and Settings\Laurent\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))))))) . 2008-08-29 17:43 . 2008-08-29 17:43 d-------- C:\WINDOWS\ERUNT 2008-08-29 17:38 . 2008-08-29 18:23 d-------- C:\SDFix 2008-08-29 15:32 . 2008-08-29 15:42 d-------- C:\fixwareout 2008-08-28 23:34 . 2008-08-28 23:34 d-------- C:\Program Files\RevoUninstaller 2008-08-28 22:26 . 2008-08-28 22:26 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-28 21:43 . 2008-08-28 23:34 d-------- C:\Program Files\VS Revo Group 2008-08-28 21:42 . 2008-08-28 21:42 d-------- C:\Program Files\RogueRemover FREE 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 12:49 . 2008-08-29 20:27 d-------- C:\Program Files\Trend Micro 2008-08-28 11:53 . 2008-08-28 12:22 d-------- C:\Program Files\Enigma Software Group 2008-08-27 13:02 . 2008-08-27 13:52 d-------- C:\Documents and Settings\Laurent\Application Data\Azureus 2008-08-27 13:02 . 2008-08-27 13:02 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-03 16:24 . 2008-08-03 16:24 d-------- C:\Program Files\Google 2008-08-03 12:46 . 2008-08-03 12:46 d-------- C:\Program Files\iPod 2008-08-01 16:40 . 2008-08-01 16:40 d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2 2008-08-01 16:40 . 2008-08-01 16:41 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-08-01 16:35 . 2008-08-28 12:23 d-------- C:\Program Files\songbird . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office 2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2 2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre 2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique 2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet 2008-08-27 11:52 --------- d-----w C:\Documents and Settings iphaine\Application Data\OpenOffice.org2 2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2 2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer 2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-16 13:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 10:02 --------- d-----w C:\Program Files\Java 2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus 2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT 2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour 2008-07-25 09:27 --------- d-----w C:\Program Files\Safari 2008-07-08 20:50 --------- d-----w C:\Documents and Settings iphaine\Application Data\Apple Computer 2008-07-07 18:53 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\WTablet 2008-07-06 13:54 --------- d-----w C:\Documents and Settings iphaine\Application Data\Vso 2008-07-06 13:52 --------- d-----w C:\Documents and Settings iphaine\Application Data\VSO_HWE 2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso 2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE 2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-06 13:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys 2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT 2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings iphaine\Application Data\GDIPFONTCACHEV1.DAT 2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT 2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat 2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat 2006-05-18 15:02 31 ----a-w C:\Documents and Settings iphaine\getfile.dat 2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe 2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE 2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll 2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys 2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys 2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll 2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll 2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe 2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe 2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe 2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe 2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 18:10 67128] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080] "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248] "avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008] "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344] "SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888] "iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040] D:\Gael\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2007-07-28 13:57:51 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP40"= vp4vfw.dll "vidc.iv41"= ir41_32.dll "MSACM.CEGSM"= mobilev.acm "vidc.MJPG"= M3JPEG32.dll "vidc.dmb1"= M3JPEG32.dll "vidc.jpeg"= M3JPEG32.dll "vidc.mxmc"= MimicICM.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup [HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk] path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk backup=C:\WINDOWS\pss\Groom Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] --a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\CIMSVR.exe"= "C:\WINDOWS\system32\dplaysvr.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "D:\Gael\battlefield 2\BF2.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "D:\Gael\Mes Programmes\azureus\Azureus.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "D:\Gael\Mes Programmes\emule\eMule\emule.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "D:\Gael\Mes Programmes\skype\Phone\Skype.exe"= "D:\Gael\Mes Programmes\adsltv\adsltv.exe"= "D:\Gael\Mes Programmes\adsltv\vlc.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "D:\Gael\itunes\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10520:TCP"= 10520:TCP:BitComet 10520 TCP "10520:UDP"= 10520:UDP:BitComet 10520 UDP R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] S2 NVNVRZRJ;NVNVRZRJ;C:\WINDOWS\system32\drivers\NVNVRZRJ.sys [] S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll [] S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35] S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19] S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02] *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-_Windows - C:\WINDOWS\WinSecurity\services.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Laurent\Application Data\Mozilla\Firefox\Profiles\4stnty8e.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-29 20:55:02 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\Explorer.EXE -> C:\Program Files\WinRAR arext.dll -> C:\WINDOWS\system32\CmdLineExt03.dll -> C:\WINDOWS\system32 vshell.dll -> C:\WINDOWS\HKNTDLL.dll . Temps d'accomplissement: 2008-08-29 21:00:01 ComboFix-quarantined-files.txt 2008-08-29 18:59:29 Pre-Run: 27,456,647,168 octets libres Post-Run: 27,457,495,040 octets libres 246 --- E O F --- 2008-08-13 20:49:22

Utilisateur anonyme · Answer

je regarde tes rapports .......... dis moi as tu un cd d installation fourni par ton fournisseur d acces internet ??

gael31390 · Answer

Il me semble ui

gael31390 · Answer

Pourquoi le problème de connexion n'est pas lié au différents rapports ?

Utilisateur anonyme · Answer

as tu les mot de passe etc fourni par ton fournisseur internet si oui insere le cd et laisse toi guider, pour recuperer ta conexion et dis moi

gael31390 · Answer

Et pourquoi la connexion sur l'ordi infecté serait coupé et pas le wifi dans ma chambre que j'utilise actuellement ?
Et si je débranche et rebranche 4 fois la freebox pour la réinitialiser ?

Utilisateur anonyme · Answer

oui tu peux essayer le reste dans un premier temps si ça marche pas passe par le cd

c est du au detournement de dns

gael31390 · Answer

et j'ai remarqué aussi que lorsque je tape ipconfig dans l'invite de commande
avant    adresse ip : 192.168.0.1
            masque de sous réseau : 255.255.255.0
            passerelle par défaut : 192.168.0.254

alors que mtn :

Autoconfiguration d'adresse ip : 169.254.208.49
masque de sous réseau : idem
passerelle par défaut : 169.254.208.49

Utilisateur anonyme · Answer

je verifie l adresse .....

gael31390 · Answer

Alors cela vient des scans ?

Utilisateur anonyme · Answer

t as récupéré ta connection ??

gael31390 · Answer

Nan toujours pas. J'ai pas essayé enfaite d'utiliser le CD ... Jvais le faire.

Utilisateur anonyme · Answer

-;)

gael31390 · Answer

Ha oui aussi quand j'ouvre internet explorer, avast me détecte des virus jpeux pas les supprimer juste les mettre en quarantaine, alors c'est ce que je fais mais je peux plus ouvrir avast mtn ... il est ouvert en bas a droite mais c'est tout.

Utilisateur anonyme · Answer

ok on fera le point regarde pour ta connexion deja

gael31390 · Answer

j'ai pas retrouvé la connexion internet mm avec le CD d'installation, j'ai essayé de la reinitialiser mais ça n'a pas marché...

Utilisateur anonyme · Answer

Télécharge cet outil de SiRi: 

http://siri.urz.free.fr/Softs/RHosts.exe
http://siri.urz.free.fr/RHosts.php 

Double cliquer dessus pour l'exécuter 

et cliquer sur " Restore original Hosts " 

ps : c est normal que rien ne se passe 


click sur demarrer > executer > dans la boite de dialogue tape > cmd et valide 

dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree 

ensuite redémarre le pc et test

gael31390 · Answer

non ça  n'a pas marché ... j'ai remarqué aussi que le menu démarrer ne marche plus, je peux l'ouvrir j'ai accès a tout mais je ne peux ouvrir aucun programme qui s'y trouve, pour l'invite de commande elle est dans les prog souvent utilisés mais elle ne marche pas, a chaque fois je doit passer par executer. De plus quand j'ouvre mozilla ( jenfin je double clic ) l'icone devient légèrement transparent ... ( un détail ).

Utilisateur anonyme · Answer

on va tenter une restauration 

vas dans panneau de configuration 
affichage classique 
va sur centre de sauvegarde et de restauration 
en haut a gauche 
clic sur reparer windows en utilisant la restauration system 

coche choisir un point 

clic sur suivant 
choisi un point antérieur aux soucis et lance la restauration 

tuto xp : https://www.luanagames.com/index.fr.html

gael31390 · Answer

heu ^^ dans panneau de config. l'icone n'y est pas, et jpeux pas passer par par le menu démarrer ... Jfais comment ? ^^

Utilisateur anonyme · Answer

Tuto : https://www.luanagames.com/index.fr.html

gael31390 · Answer

heu ué mais j'y vais jusqu'a l'icone dans outil systeme seulement je clic dessus et ça ne fait rien  ... il ne s'ouvre pas.

Utilisateur anonyme · Answer

post un rapport hijackthis stp

gael31390 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:53, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Gael\Avast\aswUpdSv.exe
D:\Gael\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\Gael\Avast\ashDisp.exe
C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Remote Task Manager\RTMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe"  /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

The Hardcore Legend · Answer

Moi j utilise Mcaffe est no probleme il ma suppr des trojan , adware, spyware...........

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
J:\Player\cds300.dll 
C:\WINDOWS\system32\drivers\NVNVRZRJ.sys 

Folder:: 
C:\WINDOWS\ERUNT 
C:\SDFix 
C:\fixwareout 
C:\Program Files\RogueRemover FREE 

Driver::
NVNVRZRJ

DirLook:: 
C:\Documents and Settings	iphaine\Application Data\Vso 
C:\Documents and Settings	iphaine\Application Data\VSO_HWE 







Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

gael31390 · Answer

ComboFix 08-08-29.01 - Laurent 2008-08-31 16:50:36.7 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.652 [GMT 2:00] Endroit: C:\Documents and Settings\Laurent\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Laurent\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\WINDOWS\system32\drivers\NVNVRZRJ.sys J:\Player\cds300.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\fixwareout C:\fixwareout\dnsbak.reg C:\fixwareout\FindT\clsid.bak C:\fixwareout\FindT\dumphive.exe C:\fixwareout\FindT\FixWareOut.reg C:\fixwareout\FindT\nircmd.exe C:\fixwareout\FindT\patterns.txt C:\fixwareout\FindT\rbot.bat C:\fixwareout\FindT\RestartIt.exe C:\fixwareout\FindT\runback.txt C:\fixwareout\FindT\runs.vbs C:\fixwareout\FindT\swreg.exe C:\fixwareout\FindT\vfind.exe C:\fixwareout\FindT\XP-2K2.cmd C:\fixwareout\FixIt.BAT C:\fixwareout\report.txt C:\Program Files\RogueRemover FREE C:\Program Files\RogueRemover FREE\COMCTL32.OCX C:\Program Files\RogueRemover FREE\License.txt C:\Program Files\RogueRemover FREE\manual.chm C:\Program Files\RogueRemover FREE\RogueRemover.dll C:\Program Files\RogueRemover FREE\RogueRemover.exe C:\Program Files\RogueRemover FREE\rules.dat C:\Program Files\RogueRemover FREE\unins000.dat C:\Program Files\RogueRemover FREE\unins000.exe C:\Program Files\RogueRemover FREE\zlib.dll C:\SDFix C:\SDFix\apps\assosfix.reg C:\SDFix\apps\Cghtme.exe C:\SDFix\apps\cliptext.exe C:\SDFix\apps\Csweg.exe C:\SDFix\apps\download.exe C:\SDFix\apps\dummy.sys C:\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\apps\ERDNT.E_E C:\SDFix\apps\ERDNTDOS.LOC C:\SDFix\apps\ERDNTWIN.LOC C:\SDFix\apps\ERUNT.EXE C:\SDFix\apps\ERUNT.LOC C:\SDFix\apps\fix.reg C:\SDFix\apps\FixBeep.reg C:\SDFix\apps\FixBH.reg C:\SDFix\apps\FixComponents.reg C:\SDFix\apps\FIXCU.reg C:\SDFix\apps\FIXLM.reg C:\SDFix\apps\FixPath.exe C:\SDFix\apps\FixRedir.reg C:\SDFix\apps\FixSchedule.reg C:\SDFix\apps\FixWebCheck.reg C:\SDFix\apps\fixXP.reg C:\SDFix\apps\FixXPsp2.reg C:\SDFix\apps\grep.exe C:\SDFix\apps\HaxdFix.reg C:\SDFix\apps\HPFix.reg C:\SDFix\apps\HPFix2.reg C:\SDFix\apps\HPFix3.reg C:\SDFix\apps\HPFix4.reg C:\SDFix\apps\HPFix5.reg C:\SDFix\apps\HPFix6.reg C:\SDFix\apps\HPFix7.reg C:\SDFix\apps\HPFix8.reg C:\SDFix\apps\HPFix9.reg C:\SDFix\apps\isadmin.exe C:\SDFix\apps\leg2.txt C:\SDFix\apps\legacy.txt C:\SDFix\apps\legacybk.txt C:\SDFix\apps\locate.com C:\SDFix\apps\LS.exe C:\SDFix\apps\MD5File.exe C:\SDFix\apps\moveex.exe C:\SDFix\apps\MyGcpvFix.reg C:\SDFix\apps\MyGkFix2.reg C:\SDFix\apps\Process.exe C:\SDFix\apps\procs.exe C:\SDFix\apps\psservice.exe C:\SDFix\apps\Rem.txt C:\SDFix\apps\Rem2.txt C:\SDFix\apps\Replace\regedit.exe C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT C:\SDFix\apps\Replace\w2k\beep.sys C:\SDFix\apps\Replace\w2k\command.com C:\SDFix\apps\Replace\w2k\command.PIF C:\SDFix\apps\Replace\w2k\CONFIG.NT C:\SDFix\apps\Replace\w2k\null.sys C:\SDFix\apps\Replace\xp\AUTOEXEC.NT C:\SDFix\apps\Replace\xp\beep.sys C:\SDFix\apps\Replace\xp\command.com C:\SDFix\apps\Replace\xp\command.PIF C:\SDFix\apps\Replace\xp\CONFIG.NT C:\SDFix\apps\Replace\xp\null.sys C:\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\apps\RestartIt!.exe C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg C:\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\apps\sc.exe C:\SDFix\apps\sed.exe C:\SDFix\apps\SF.exe C:\SDFix\apps\shutdown.exe C:\SDFix\apps\srv2.txt C:\SDFix\apps\srv2bk.txt C:\SDFix\apps\svc.txt C:\SDFix\apps\svcbk.txt C:\SDFix\apps\swsc.exe C:\SDFix\apps\unzip.exe C:\SDFix\apps\vfind.exe C:\SDFix\apps\WINMSG.EXE C:\SDFix\apps\winsec.reg C:\SDFix\apps\zip.exe C:\SDFix\backups\backupreg.zip C:\SDFix\backups\backups.zip C:\SDFix\backups\catchme.log C:\SDFix\backups\HOSTS C:\SDFix\catchme.exe C:\SDFix\DBFix.bat C:\SDFix\DBFIX_Report.txt C:\SDFix\dummy.sys C:\SDFix\Report.txt C:\SDFix\RunThis.bat C:\SDFix\SDFIX_ReadMe_Online.url C:\SDFix\W2K_VirusAlert_Repair.inf C:\SDFix\XP_VirusAlert_Repair.inf C:\WINDOWS\ERUNT C:\WINDOWS\ERUNT\SDFIX\default C:\WINDOWS\ERUNT\SDFIX\ERDNT.CON C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE C:\WINDOWS\ERUNT\SDFIX\ERDNT.INF C:\WINDOWS\ERUNT\SDFIX\ERDNTDOS.LOC C:\WINDOWS\ERUNT\SDFIX\ERDNTWIN.LOC C:\WINDOWS\ERUNT\SDFIX\Find.txt C:\WINDOWS\ERUNT\SDFIX\report.txt C:\WINDOWS\ERUNT\SDFIX\SAM C:\WINDOWS\ERUNT\SDFIX\SECURITY C:\WINDOWS\ERUNT\SDFIX\software C:\WINDOWS\ERUNT\SDFIX\system C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat C:\WINDOWS\ERUNT\SDFIX_First_Run\default C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.CON C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.INF C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNTDOS.LOC C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNTWIN.LOC C:\WINDOWS\ERUNT\SDFIX_First_Run\SAM C:\WINDOWS\ERUNT\SDFIX_First_Run\SECURITY C:\WINDOWS\ERUNT\SDFIX_First_Run\software C:\WINDOWS\ERUNT\SDFIX_First_Run\system C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NVNVRZRJ -------\Service_NVNVRZRJ ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))))))) . 2008-08-31 15:11 . 2008-08-31 15:11 d--h----- C:\Program Files\Zero G Registry 2008-08-31 15:11 . 2008-08-31 15:11 d-------- C:\Program Files\SAGEM 2008-08-31 15:11 . 2008-08-31 15:11 32,768 --a------ C:\WINDOWS\system32\closebridgemon.exe 2008-08-28 23:34 . 2008-08-28 23:34 d-------- C:\Program Files\RevoUninstaller 2008-08-28 22:26 . 2008-08-28 22:26 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-28 21:43 . 2008-08-28 23:34 d-------- C:\Program Files\VS Revo Group 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes 2008-08-28 16:13 . 2008-08-28 16:13 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-28 12:49 . 2008-08-31 16:16 d-------- C:\Program Files\Trend Micro 2008-08-28 11:53 . 2008-08-28 12:22 d-------- C:\Program Files\Enigma Software Group 2008-08-27 13:02 . 2008-08-27 13:52 d-------- C:\Documents and Settings\Laurent\Application Data\Azureus 2008-08-27 13:02 . 2008-08-27 13:02 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2008-08-03 16:24 . 2008-08-03 16:24 d-------- C:\Program Files\Google 2008-08-03 12:46 . 2008-08-03 12:46 d-------- C:\Program Files\iPod 2008-08-01 16:40 . 2008-08-01 16:40 d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2 2008-08-01 16:40 . 2008-08-01 16:41 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2008-08-01 16:35 . 2008-08-28 12:23 d-------- C:\Program Files\songbird 2008-07-21 16:32 . 2008-07-21 16:32 d-------- C:\WTablet 2008-07-07 22:31 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-07-06 15:47 . 2008-07-06 15:52 d-------- C:\Documents and Settings\tiphaine\Application Data\VSO_HWE 2008-07-06 13:20 . 2008-07-06 15:54 d-------- C:\Documents and Settings\tiphaine\Application Data\Vso 2008-07-03 12:55 . 2004-08-04 07:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-07-03 12:55 . 2004-08-04 07:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office 2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2 2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre 2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique 2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet 2008-08-27 11:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\OpenOffice.org2 2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2 2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer 2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update 2008-08-09 10:02 --------- d-----w C:\Program Files\Java 2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus 2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT 2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour 2008-07-25 09:27 --------- d-----w C:\Program Files\Safari 2008-07-08 20:50 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Apple Computer 2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso 2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE 2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc 2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys 2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT 2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings\tiphaine\Application Data\GDIPFONTCACHEV1.DAT 2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT 2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat 2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat 2006-05-18 15:02 31 ----a-w C:\Documents and Settings\tiphaine\getfile.dat 2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe 2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE 2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll 2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys 2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys 2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Documents and Settings\tiphaine\Application Data\Vso ---- 2008-07-06 15:54 6688 --a------ C:\Documents and Settings\tiphaine\Application Data\Vso\ConvertXtoDvd.log ---- Directory of C:\Documents and Settings\tiphaine\Application Data\VSO_HWE ---- ------- Sigcheck ------- 2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll 2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll 2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll 2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe 2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe 2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe 2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe 2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe 2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 18:10 67128] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080] "PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248] "avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008] "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344] "SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888] "iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP40"= vp4vfw.dll "vidc.iv41"= ir41_32.dll "MSACM.CEGSM"= mobilev.acm "vidc.MJPG"= M3JPEG32.dll "vidc.dmb1"= M3JPEG32.dll "vidc.jpeg"= M3JPEG32.dll "vidc.mxmc"= MimicICM.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup [HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk] path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk backup=C:\WINDOWS\pss\Groom Agent.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol] --a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\CIMSVR.exe"= "C:\WINDOWS\system32\dplaysvr.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "D:\Gael\battlefield 2\BF2.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"= "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"= "D:\Gael\Mes Programmes\azureus\Azureus.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "D:\Gael\Mes Programmes\emule\eMule\emule.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "D:\Gael\Mes Programmes\skype\Phone\Skype.exe"= "D:\Gael\Mes Programmes\adsltv\adsltv.exe"= "D:\Gael\Mes Programmes\adsltv\vlc.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "D:\Gael\itunes\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10520:TCP"= 10520:TCP:BitComet 10520 TCP "10520:UDP"= 10520:UDP:BitComet 10520 UDP R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll [] S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35] S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19] S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 17:04:05 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Gael\Avast\aswUpdSv.exe D:\Gael\Avast\ashServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Remote Task Manager\rtmservice.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe D:\Gael\Avast\ashMaiSv.exe D:\Gael\Avast\ashWebSv.exe C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Restart.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-31 17:17:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-31 15:17:00 ComboFix2.txt 2008-08-29 19:00:02 Pre-Run: 26,328,801,280 octets libres Post-Run: 26,188,320,768 octets libres 411 --- E O F --- 2008-08-13 20:49:22

Utilisateur anonyme · Answer

ouvre une page internet explorer
clic sur outils
clci sur option internet
clci sur avancer
clic su réiniialiser
cofirme
puis réouvre internet et test

gael31390 · Answer

Jpeux pas ouvrir les options avancées, j'ouvre la page internet je fais outil / option internet et voila ça fait rien ... impossible de l'ouvrir et de plus je peux plus refermer IE, il faut que je fasse gestionnaire des taches / fin de l'application et a ce moment la avast arrive et dit qu'il a un virus/ver du nom de HTML:lframe-gen et la seule chose que je peux faire c'est le mettre en quarantaine, ce que je fais et enfin IE de ferme.

gael31390 · Answer

Jcroi que je vais le bruler ctordi,et si je formate, l'OS été déjà installé donc là il me faudra donc une nouvelle clé ? donc il faut racheter un CD a moins de la cracker ?
et la connexion internet, j'aurais juste a remettre mozilla et surfer sur internet ou il faudra que je réinstalle tout ?

Utilisateur anonyme · Answer

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo): 


http://download.piriform.com/ccsetup210.exe

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> Tuto : https://www.malekal.com/tutoriel-ccleaner/


ensuite réessai

gael31390 · Answer

bon bein j'ai utiliser ccleaner et ça a foutu une belle merde dans l'ordi et ça n'a rien resolu ... j'en peux plus ...
tout les icones sont en .lnk et il faut a chaque fois que je les ouvre que je cherche le programme dans uns liste ... donc impossible d'ouvrir un programme ...

et y avait environ 2500 ereurs .

gael31390 · Answer

" si je formate, l'OS été déjà installé donc là il me faudra donc une nouvelle clé ? donc il faut racheter un CD a moins de la cracker ? "
"et la connexion internet, j'aurais juste a remettre mozilla et surfer sur internet ou il faudra que je réinstalle tout ? "


Tu sais y répondre ou pas ? parce que je pense que je vais formater ...

Utilisateur anonyme · Answer

si tu formate tu utilse ton cd et la meme clé 

pour le reste faudra tout réinstaller , logiciels etc n oublie pas de sauvegarder photos documents etc

gael31390 · Answer

mais le CD je sais pas si je l'ai, puisque quand j'ai acheter l'ordi l'OS été déjà dedans donc je pense pas qu'ils aient mis un CD avec la clé. Pour le reste tkt je sauvegarde tout, trop de photos et musiques a garder ! ^^

Utilisateur anonyme · Answer

la clé est sur le pc

gael31390 · Answer

une autre question, je peux juste mettre comodo firewall et pas d'antivirus ? j'ai mis antivir mais a chaque démarage il plante ... ^^ sur mon ordi pas l'autre.

gael31390 · Answer

a ui c'est vrai pour la clé, et je peux la réutiliser y a pas de prob ?

Utilisateur anonyme · Answer

pas de soucis pour la clé

gael31390 · Answer

Sans indiscrétion, jpeux te demandé c'est quoi ton métier ?

gael31390 · Answer

Et pour comodo firewall, jpeux le mettre tout seul ou avec avast ou autre ?

gael31390 · Answer

et une autre question, pour mon problème de raccourci en .lnk, jsuis allé dans ms-dos et j'ai effectué l'opération suivante : 

- cd C:\
- cd windows\system32
- ren *.lnk *.exe

et là il me dit que " le fichier spécifié est introuvable " tu sais pourquoi ?

Virus/spyware ?

119 réponses

Discussions similaires